--------------- QuickDiag | g3n-h@ckm@n | 2_24.07.2016.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 27/07/2016 04:26:18

Updated 24/07/2016 | 08.15 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[jean- (Administrator)] - [DESKTOP-C5ODV86] (S-1-5-21-1818149683-622579324-567972293-1002)

System: Microsoft Windows 10 Famille -  - (10.0.10586) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Extended


---------- | SoundDevice

HD Webcam C310 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_081B&MI_02\8&4D0A220&0&0002
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001

---------- | Video

AMD Radeon HD 7310 Graphics - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184
Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27136 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25344 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34632 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 -  Manufacturer: Logitech Inc. - Status: OK

---------- | CPU

CPU #1 value:100 %
CPU #2 value:100 %
Total Overall CPU Usage value:100 %

---------- | Network

Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec
Connexion au réseau local* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:100 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status:  - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9
Microsoft Kernel Debug Network Adapter -  - Microsoft - Status:  - PnPID : ROOT\KDNIC\0000
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status:  - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status:  - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0

---------- | Memory

RAM = Total (MB) : 3748 | Free (MB) : 1883
Pagefile = Total (MB) : 5189 | Free (MB) : 3189
Virtual = Total (MB) : 4194 | Free (MB) : 3970

Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron        - PartNumber: 8JTF51264AZ-1G6E1  - S/N: DEA02E9

---------- | SID Users

Administrateur : [S-1-5-21-1818149683-622579324-567972293-500]
DefaultAccount : [S-1-5-21-1818149683-622579324-567972293-503]
Invité : [S-1-5-21-1818149683-622579324-567972293-501]
jean- : [S-1-5-21-1818149683-622579324-567972293-1002]
SophosSAUDESKTOP-C50 : [S-1-5-21-1818149683-622579324-567972293-1007]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
AMD FUEL : [S-1-5-21-1818149683-622579324-567972293-1001]
SophosAdministrator : [S-1-5-21-1818149683-622579324-567972293-1005]
SophosOnAccess : [S-1-5-21-1818149683-622579324-567972293-1006]
SophosPowerUser : [S-1-5-21-1818149683-622579324-567972293-1004]
SophosUser : [S-1-5-21-1818149683-622579324-567972293-1003]

---------- | Drives

T:\ -> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 913.56 Go -> NTFS [USB]
R:\ -> [Removable] | [FRAMAKEY SA] | Total : 1.86 Go | Free : 0.32 Go -> FAT [USB]
I:\ -> [Removable] | [sogetti] | Total : 57.66 Go | Free : 52.52 Go -> NTFS [USB]
E:\ -> [Fixed] | [barrow 2 & widen 100% sécurisé] | Total : 211.03 Go | Free : 114.39 Go -> NTFS [SATA]
D:\ -> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA]
C:\ -> [Fixed] | [OS] | Total : 110.46 Go | Free : 52.09 Go -> NTFS [SATA]

Disk Usage Information [6 total Physical Disks]

Physical Drive #0 [C:, E:, D:] : Read:0 bytes/sec, Written:145,693 bytes/sec Max Read:0 bytes/sec, Max Write:145,693 bytes/sec 
Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [T:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #3 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #5 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #4 [R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:145,693 bytes/sec

DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\070B559AA120B087&0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00\20071114173400000&0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 11 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000
DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_FIXMESTICK&REV_8.07\D2BF4C401E2763FP1289&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9451\7&1BF356A7&0

---------- | Windows updates

No detected update !!! 

Windows Is Activated

---------- | Browsers

IE : 11.0.10586.494     (© Microsoft Corporation. Tous droits réservés.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1

---------- | FlashPlayer

FlashPlayer ActiveX : 22.0.0.209

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : Emsisoft Internet Security Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

332 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe     [30/10/2015 09:18:03]    CPU Usage:0 %
596 | [Owner :  | Parent : 484(svchost.exe) | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.306) = C:\Windows\System32\wininit.exe     [25/07/2016 11:43:58]    CPU Usage:0 %
680 | [Owner :  | Parent : 596(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.71) = C:\Windows\System32\services.exe     [25/07/2016 11:41:53]    CPU Usage:0 %
688 | [Owner :  | Parent : 596(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.0) = C:\Windows\System32\lsass.exe     [30/10/2015 09:18:03]    CPU Usage:0 %
756 | [Owner :  | Parent : 588() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.306) = C:\Windows\System32\winlogon.exe     [25/07/2016 11:39:13]    CPU Usage:0 %
828 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
896 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
500 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
484 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
816 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
812 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1064 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1392 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2188 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2660 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2772 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2788 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
3604 | [Owner : jean- | Parent : 500(svchost.exe) | 23.57 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe     [30/10/2015 09:18:01]    CPU Usage:0 %
3192 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Emsisoft Ltd - Emsisoft Protection Service.) - (11.10.0.6563) = C:\Program Files\Emsisoft Internet Security\a2service.exe     [25/07/2016 19:14:01]    CPU Usage:0 %
5548 | [Owner : jean- | Parent : 5108() | 1.63 Mo] - (.Emsisoft Ltd - Emsisoft Real-Time Protection.) - (11.10.0.6563) = C:\Program Files\Emsisoft Internet Security\a2guard.exe     [25/07/2016 19:13:59]    CPU Usage:0 %
1324 | [Owner : jean- | Parent : 5548(a2guard.exe) | 1 Mo] - (.Emsisoft Ltd - Emsisoft Security Center.) - (11.10.0.6563) = C:\Program Files\Emsisoft Internet Security\a2start.exe     [25/07/2016 19:14:03]    CPU Usage:0 %
4536 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MsMpEng.exe     [25/07/2016 11:43:23]    CPU Usage:0 %
2992 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.9.10586.0) = C:\Program Files\Windows Defender\NisSrv.exe     [30/10/2015 09:17:37]    CPU Usage:0 %
5792 | [Owner : jean- | Parent : 2248() | 59.37 Mo] - (.-.) - (0.0.0.0) = C:\UsbFix\UsbFix.exe     [27/05/2016 08:57:22]    CPU Usage:8 %
6020 | [Owner : jean- | Parent : 828(svchost.exe) | 15.3 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.10586.0) = C:\Windows\System32\dllhost.exe     [30/10/2015 09:17:51]    CPU Usage:0 %
944 | [Owner : jean- | Parent : 756(winlogon.exe) | 85.81 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe     [25/07/2016 11:44:48]    CPU Usage:0 %
6796 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
6212 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.494) = C:\Windows\System32\SearchIndexer.exe     [25/07/2016 11:41:42]    CPU Usage:0 %
6928 | [Owner : jean- | Parent : 828(svchost.exe) | 68.42 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [25/07/2016 11:47:23]    CPU Usage:0 %
1076 | [Owner :  | Parent : 680(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe     [25/07/2016 11:51:52]    CPU Usage:0 %
1228 | [Owner : jean- | Parent : 828(svchost.exe) | 32.69 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe     [30/10/2015 09:17:51]    CPU Usage:0 %
1740 | [Owner : jean- | Parent : 828(svchost.exe) | 106.42 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [25/07/2016 11:37:27]    CPU Usage:0 %
4368 | [Owner : jean- | Parent : 680(services.exe) | 16.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1448 | [Owner : jean- | Parent : 828(svchost.exe) | 7.37 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10586.494) = C:\Windows\System32\SettingSyncHost.exe     [25/07/2016 11:41:22]    CPU Usage:0 %
984 | [Owner : jean- | Parent : 828(svchost.exe) | 6.31 Mo] - (.-.) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe     [26/07/2016 05:57:27]    CPU Usage:0 %
7148 | [Owner : jean- | Parent : 828(svchost.exe) | 26.69 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe     [30/10/2015 09:18:16]    CPU Usage:0 %
5396 | [Owner : jean- | Parent : 828(svchost.exe) | 35.64 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.10586.11) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe     [25/07/2016 11:43:02]    CPU Usage:0 %
1272 | [Owner : jean- | Parent : 828(svchost.exe) | 40.07 Mo] - (.Microsoft Corporation - Store.) - (11602.1.26.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe     [26/07/2016 06:15:04]    CPU Usage:0 %
6176 | [Owner :  | Parent : 6212(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.494) = C:\Windows\System32\SearchProtocolHost.exe     [25/07/2016 11:41:01]    CPU Usage:0 %
6644 | [Owner : Système | Parent : 6212(SearchIndexer.exe) | 8.84 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.494) = C:\Windows\System32\SearchFilterHost.exe     [25/07/2016 11:39:53]    CPU Usage:0 %
960 | [Owner :  | Parent : 816(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.218) = C:\Windows\System32\audiodg.exe     [25/07/2016 11:44:06]    CPU Usage:0 %
2212 | [Owner : jean- | Parent : 944(explorer.exe) | 27.71 Mo] - (.SosVirus - QuickDiag.) - (24.7.2016.1) = C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe     [27/07/2016 03:46:56]    CPU Usage:0 %

---------- | MD5

[MD5.E396258CFD8F84E8F2C24930E6D88C67] - [25/07/2016 11:44:48] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4409.43 Ko] - (10.0.10586.494) : C:\WINDOWS\Explorer.exe
[MD5.41E25E514D90E9C8BC570484DBAFF62B] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [228.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\cmd.exe
[MD5.3E7CCD0F507877C50078205667CE8133] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\csrss.exe
[MD5.9513834DAC717444F04169EA5D120885] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - COM Surrogate.) - [18.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.1C9C6933A94C594DE7366124B4DD6075] - [30/10/2015 09:17:46] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [689.05 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Kernel32.dll
[MD5.889459F1FDDC5EC58B437AA6C436F33F] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.55 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\lsass.exe
[MD5.B339861C6A2A86FBCA67C2006B461473] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [883.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rpcss.dll
[MD5.0DCB89B1F3689BC6262FF30BBD603171] - [30/10/2015 09:18:14] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [58 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.6FF8248F3A9D69A095C7F3F42BC29CB2] - [25/07/2016 11:41:53] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [429.84 Ko] - (10.0.10586.71) : C:\WINDOWS\System32\services.exe
[MD5.8497852ED44AFF902D502015792D315D] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [42.91 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\svchost.exe
[MD5.F5F7CE3E32536F1A37FB3972F27A814F] - [25/07/2016 11:52:04] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1366.43 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\user32.dll
[MD5.8F3ECCB5DC878FA14887B43CD148CBA9] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\userinit.exe
[MD5.C1C81AAF533552B3C4D9F11A5FF97700] - [25/07/2016 11:43:58] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [284.53 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Wininit.exe
[MD5.5C156EC4E44E30331BCC865A3B61D839] - [25/07/2016 11:39:13] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [572 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Winlogon.exe
[MD5.70148EFA9A562E7185B75BBE7D376BF7] - [25/07/2016 11:38:51] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [565.34 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.B6664965BF346322BBDF286174851476] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [188.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.7F9C7226D743B232907ED2537B8A574F] - [30/10/2015 09:18:09] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.82D97776BF982AA143BDC7DFB5054EA8] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.935823F79CBEDB91637B63D37E3A5A36] - [25/07/2016 11:36:33] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.84BC034B6BB763733C1949B7B9BAF976] - [30/10/2015 09:17:18] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [78 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.9E5E8F2A1996F23B7E9687846AA81B01] - [30/10/2015 09:17:43] - (.© Microsoft Corporation. - IP Network Address Translator.) - [140 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.0B3B0C1D86050355676640488FA897D3] - [25/07/2016 11:36:18] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [420.84 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.E582DA849A58524E645545FB68B6625D] - [25/07/2016 11:38:27] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1125.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.C03E926B0E7D66D68994067231DC3246] - [25/07/2016 11:41:23] - (.© Microsoft Corporation. - MBT Transport driver.) - [272 Ko] - (10.0.10586.420) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.19BD8A88AAC580592668B070AC0727D9] - [25/07/2016 11:45:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2101.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.E3C82823B22463BC38AA4F8ADA852624] - [25/07/2016 11:37:48] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - [30/10/2015 09:19:42] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [169 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.CF63BF6AAEDF721E37F9E216FD321B8E] - [25/07/2016 11:36:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2346.84 Ko] - (10.0.10586.494) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.91D3F2A6253EF83EFBD7903028F58C4D] - [25/07/2016 11:36:29] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [404.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.Emsisoft Ltd.-.Emsisoft Anti-Malware Behavior Blocker user mode hooks.) - (10.0.0.206) -- C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks64.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\System32\CoreUIComponents.dll
(..-..) - (1.2.502.0) -- C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
(.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll
(.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll
(.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll
(.Emsisoft Ltd.-.Emsisoft shell context menu library.) - (11.0.0.5838) -- C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\A2CONTMENU64.DLL
(..-..) - (0.0.0.0) -- C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.336) -- C:\WINDOWS\system32\RtkAPO64.dll
(.Emsisoft Ltd.-.Emsisoft Anti-Malware Behavior Blocker user mode hooks.) - (10.0.0.206) -- C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2hooks64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDrive - ("C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1818149683-622579324-567972293-1002\...\Run]) - User: DESKTOP-C5ODV86\jean-
emsisoft anti-malware - ("c:\program files\emsisoft internet security\a2guard.exe" /d=60 [HKLM\...\Run]) - User: Public

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"emsisoft anti-malware"="c:\program files\emsisoft internet security\a2guard.exe" /d=60   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun   
"BingDesktop"=C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
""=   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   


---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=24738bab-3ade-4e8a-b835-7e5f5b4   
"GlassSessionId"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"PendingFileRenameOperations"=\??\C:\Program Files (x86)\NCH Software\ExpressZip\zip32z64.dll
!\??\C:\Program Files (x86)\NCH Software\Components\infozip2\zip32z64.dll\zip32z64.dll
\??\C:\Program Files (x86)\NCH Software\ExpressZip\unzip32.dll
!\??\C:\Program Files (x86)\NCH Software\Components\infozip2\unzip32.dll\unzip32.dll
\??\C:\Program Files (x86)\NCH Software\ExpressZip\zipcloak2.exe
!\??\C:\Program Files (x86)\NCH Software\Components\zipcloak2\zipcloak2.exe\zipcloak2.exe
\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
!\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   
"DirtyShutdownCount"=1   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [25/07/2016 07:57:36]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"fullprivilegeauditing"=0xC0   
"LsaPid"=688   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   


---------- | .LNK

C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk        (shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk        (shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk        (shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk        (shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk        (/0) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk        (::{7007ACC7-3202-11D1-AAD2-00805FC1270E}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk        (/name Microsoft.DeviceManager) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk        (/name Microsoft.System) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk        (/name Microsoft.PowerOptions) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk        (/name Microsoft.ProgramsAndFeatures) 
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk        (page=SettingsPagePCSystemDevices) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk        (-sta {C90FB8CA-3295-4462-A721-2935E83694BA}) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk        (-SpeechUX) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk        (/prefetch:1) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk        (/res) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk        (Start Help -help) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk        (/name Microsoft.DefaultPrograms) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk        (/7) 

---------- | AppCertDlls | AppInit_DLLs


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"ScreenSaveActive"=1   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E1E078012000000   
"Wallpaper"=C:\Users\jean-\Documents\nouveau logo blini.jpg   [26/07/2016 18:30:15]
"ActiveWndTrkTimeout"=0   
"MaxVirtualDesktopDimension"=1280   
"MaxMonitorDimension"=1280   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC3010051520100E1020000E10200000086CD6DB7D6D10143003A005C00550073006500720073005C006A00650061006E002D005C0044006F00630075006D0065006E00740073005C006E006F007500760065006100750020006C006F0067006F00200062006C0069006E0069002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoColorization"=1   
"ImageColor"=2784090952   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"UserSignedIn"=1   
"AllowStartMenuToDefaultOn"=1   
"TelemetrySalt"=6   
"SlowContextMenuEntries"=0x10901EF8A46ECE11A7FF00AA003CA9F6550400005D6CAD3D6721AE4C9914F99E41C12CFA2E080000C71FF2E3656DE748B62BE9ED8200C764CC050000BD0E0C47735D584D9CEDE91E22E232829E0A00006024B221EA3A6910A2DC08002B30309D640C0000   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"GlobalAssocChangedCounter"=57   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"Browse For Folder Width"=347   
"Browse For Folder Height"=328   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"EnableStartMenu"=1   
"StoreAppsOnTaskbar"=1   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=11   
"ReindexedProfile"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"EnableSecureUIAPath"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=3   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"EnableSecureUIAPath"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=16   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=10586   
"FirstLogon"=0   
"PUUActive"=0x53A5712D02000000030004006C1300007F1300001A9A0000D0000000040007003383FB2EB29B0000B29B0000CE0600003D0600009500000000000000B31C00001E01000013000000D38541C1A6E7D101   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"ShutdownStartTime"=131140188250759703   
"UserSessionShutdownStopTime"=131140188251539783   
"ShutdownFlags"=2147483687   
"AutoAdminLogon"=0   
"DefaultUserName"=jean-marie.carribon@wanadoo.fr   
"DisableCAD"=1   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [25/07/2016 11:41:21]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [25/07/2016 11:41:21]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=1FC3C6 WD Drive Unlock.exe"=0x534143500100000000000000070000002800000058C31F008AC51F0001000000000000000000000A7122000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000062E70000000000000400000004000000
"F:\barrow 2 & widen 100% sécurisé\data copy tool for power2go 11 by portableapps\PortableApps\IObitUnlockerPortable\IObitUnlockerPortable.exe"=0x534143500100000000000000070000002800000050990200E9BC02000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000002B470000000000000100000001000000
"F:\data copy tool for power2go 11 & lfs ultra finalis gift by portableapps\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BEB70200000000000100000001000000
"F:\toilettes de gwen stefani - thématiques de portableapps\iobit apps\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000020000000000000000000000000000D4160000000000000100000001000000
"F:\toilettes de gwen stefani - thématiques de portableapps\uninstallers by revo & iobit\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000020000000000000000000000000000ED240000000000000200000002000000
"F:\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007D2F0300000000000100000001000000
"F:\PortableApps\WiseDiskCleanerPortable\WiseDiskCleanerPortable.exe"=0x5341435001000000000000000700000028000000A85C0300E33F04000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000E7670C00000000000200000002000000
"F:\LiberKey\Apps\CCleaner\CCleanerLKL.exe"=0x5341435001000000000000000700000028000000A8C1000011D500000100000000000000000001060021000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040041000000000000000000000000000002C4D0200000000000100000001000000
"F:\EmsisoftInternetSecuritySetup.exe"=0x5341435001000000000000000700000028000000D872870D0DCF870D01000000000000000000000A0021000019B4C529E312D1010000000000000000
"F:\BingDesktopSetup.exe"=0x5341435001000000000000000700000028000000D86AA00040A2A0000100000000000000000001057100000019B4C529E312D1010000000000000000020000002800000000000000800900400000000000000000000000000000000015B80000000000000100000001000000
"F:\PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x534143500100000000000000070000002800000068370300CC4103000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C8ADC501000000000200000002000000
"C:\Users\jean-\Desktop\UsbFix_2016_8.248.exe"=0x53414350010000000000000007000000280000002CAD2F00000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BC632400000000000100000001000000
"C:\Program Files\Emsisoft Internet Security\a2start.exe"=0x5341435001000000000000000700000028000000B89ACD00A553CE0001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000002D00000000000000100000001000000
"SIGN.MEDIA=6F0B9 Framakey\Virtualbox-install\VitrualBox-install.exe"=0x53414350010000000000000007000000280000001B600600000000000100000000000000000000067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008EB30700000000000200000002000000
"C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe"=0x5341435001000000000000000700000028000000C0342400BB6724000100000000000000000003067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004AC59A01000000000100000001000000
"C:\Users\jean-\Desktop\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000AFE20000000000000100000001000000
"C:\Users\jean-\Downloads\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=1FEFB5 VirtualBox\Virtualize_This_Key.exe"=0x534143500100000000000000070000002800000053E80B0091440A000100000000000000000001067122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000010000080000000000000000000000000E8040200000000000400000004000000
"SIGN.MEDIA=B0F33 VirtualBox\Portable-VirtualBox\Portable-VirtualBox.exe"=0x5341435001000000000000000700000028000000330F0B0091440A000100000000000000000001067122000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000001010000000000000000000000000000085180100000000000100000001000000
"SIGN.MEDIA=4335B1C boot\install-on-USB.cmd"=0x534143500100000000000000070000002800000000920300914704000100000000000000000001050010000059193B14E312D1010000000000000000
"SIGN.MEDIA=B83DFAE8 VirtualBoxPortable.exe"=0x5341435001000000000000000700000028000000CB980400000000000100000000000000000001067102000019B4C529E312D10100000000000000000200000028000000000000000000000000100000000000000000000000000000B6F50400000000000100000001000000
"SIGN.MEDIA=13764DC FUR-Tools\framaboot\framaboot.exe"=0x53414350010000000000000007000000280000003BFE0500000000000100000000000000000001067102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000100000000000000000000000000000449E0000000000000100000001000000
"SIGN.MEDIA=13764DC FUR-Tools\framaboot\makeboot.bat"=0x534143500100000000000000070000002800000000920300914704000100000000000000000001050010000059193B14E312D1010000000000000000
"SIGN.MEDIA=60C00 Apps\FramafoxPortable\FramafoxPortable.exe"=0x5341435001000000000000000700000028000000000C0600000000000100000000000000000002067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009E742200000000000100000001000000
"SIGN.MEDIA=20AC492 barrow 2 & widen 100% sécurisé\ultracopier-ultimate-cgminer-windows-x86_64-1.2.3.0-setup (1).exe"=0x5341435001000000000000000700000028000000EB9A7900000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000003E002100000000000100000001000000
"C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000541400449F140001000000010000000000000A0021000059193B14E312D1010000000000000000
"C:\Users\jean-\Downloads\ultracopier-ultimate-windows-x86_64-1.2.3.2-setup.exe"=0x5341435001000000000000000700000028000000DA7F6800000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000008EE50000000000000100000001000000
"C:\Users\jean-\Downloads\FolderSize.exe"=0x5341435001000000000000000700000028000000921D2300000000000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CB240400000000000100000001000000
"C:\Users\jean-\Downloads\pc-decrapifier-3.0.0.exe"=0x5341435001000000000000000700000028000000848A1E00000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006D5D0100000000000200000002000000
"T:\WD Apps for Windows\WDSecuritySetup.exe"=0x5341435001000000000000000700000028000000E83CBB00B84ABB000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000018F60000000000000100000001000000
"C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe"=0x534143500100000000000000070000002800000050DD040087C0050001000000000000000000000AF122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000EFE70000000000000100000001000000
"T:\LiberKey\LiberKey.exe"=0x534143500100000000000000070000002800000098B600005AF100000100000000000000000003067100000019B4C529E312D101000000000000000002000000280000000000000000000000001000000000000000000000000000000D1B0600000000000200000002000000
"T:\PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x534143500100000000000000070000002800000068370300CC4103000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000ADD2900000000000200000002000000
"C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe"=0x534143500100000000000000070000002800000020B61400B26215000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005B0D1100000000000200000002000000
"T:\startuplite-setup-1.07.exe"=0x5341435001000000000000000700000028000000D01E030030EC03000100000000000000000000067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D9510000000000000100000001000000
"C:\Users\jean-\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000882400EE1D250001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000773B0900000000000100000001000000
"C:\Users\jean-\Desktop\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000062200F7FF22000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000617C0400000000000100000001000000
"C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=0x5341435001000000000000000700000028000000A8E12000F13E210001000000000000000000000A0021000019B4C529E312D1010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131139365657033406

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallTime"=0xC3CCDB2C8EE6D101
"ManagedDefenderProductType"=0
"ProductStatus"=0
"OOBEInstallTime"=0xF213E81E90E6D101
"DisableAntiSpyware"=0
"DisableAntiVirus"=0





---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | @

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"OperationalData"=13
"EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160630-1736
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF240000002400000044030000A4020000
"ImageStoreRandomFolder"=t4kbqp8
"Start Page_TIMESTAMP"=0x4608345695E6D101
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000033000000B151C7BFD8D9E2D7897ABA7FC5072E0BA63B035E1B73BD360441B770E8184C0977633EBC571529533594EFCB8FFE237E9CB46602000000100000007663585725326233636639496F253364
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x187CD0378FE6D101
"IE10TourShown"=1
"IE10TourShownTime"=0x187CD0378FE6D101

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"CertificateRevocation"=1
"ZonesSecurityUpgrade"=0x2C0E55464DE7D101
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | SSODL | SEH | URLSH | STS


---------- | Toolbar

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | ElevationPolicy

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings


---------- | Ext\Stats

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx

---------- | Browser Helper Objects


---------- | Chrome



---------- | Opera


---------- | Firefox




---------- | Active Connections

  TCP    192.168.1.11:53204     msnbot-191-232-139-130.search.msn.com:https  ESTABLISHED     944
  TCP    192.168.1.11:53235     65.55.223.32:40006     CLOSE_WAIT      984
  TCP    192.168.1.11:53254     191.237.208.126:https  ESTABLISHED     5500
  TCP    192.168.1.11:53255     api1.emsisoft.com:https  TIME_WAIT       0
  TCP    192.168.1.11:53256     api1.emsisoft.com:https  ESTABLISHED     3192
  TCP    192.168.1.11:53259     map2.hwcdn.net:http    TIME_WAIT       0
  TCP    192.168.1.11:53262     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53270     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53271     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53272     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53273     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53274     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53275     map2.hwcdn.net:http    ESTABLISHED     3192
  TCP    192.168.1.11:53276     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53277     map2.hwcdn.net:http    CLOSE_WAIT      3192
  TCP    192.168.1.11:53278     map2.hwcdn.net:http    TIME_WAIT       0
  TCP    192.168.1.11:53279     93.184.221.133:http    ESTABLISHED     3192

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b6cd0984-cffe-457f-8ef1-78c30808d82e}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b6cd0984-cffe-457f-8ef1-78c30808d82e}]
"DhcpNameServer"=192.168.1.1 192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [10,0,10586,0] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,10011,16384] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [10,0,10586,494] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [11,71,10586,0] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,10586,0] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{583AC46A-4A6F-39BC-AEFD-1BC2759FFA51}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [10,0,10586,494] - @%SystemRoot%\system32\shell32.dll,-32969 -> U
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [11,71,10586,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,71,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,10586,71] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,10586,0] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{600AC0DF-B614-36F9-9E10-28896BD4ACCA}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\Classes\Applications\expresszip.exe] : "C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe" "%L"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\expresszip.exe] : "C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe" "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168}
Name: wpnservice - AppID: {077869D3-D0DE-4586-882B-359F80009D0C}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97}
Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B}
Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: RadioManagement Lib Class - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6}
Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: %SystemRoot%\System32\wsclient.dll - AppID: {5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Out of proc server to enable Insider Hub and Feedback App scenarios to be reached from inside of its appcontainer - AppID: {7006698d-2974-4091-a424-85dd0b909e23}
Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {8B8C2776-594E-41EA-90D0-8013CACBB9A7}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2}
Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A}
Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41}
Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755}
Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}
Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5}
Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
Name: LockScreen Application Notification Broker - AppID: {C89FC3EF-A0DC-4feb-BFBC-F13A9C334D4F}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: BingDesktopUpdater - AppID: {CE41EBCF-17C0-4307-971E-03FEBCBB7D39}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886}
Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {F7CDD0DF-887D-463F-AF57-0E442B5C233B}
Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544"

---------- | Svchost - Netsvcs (Whitelisted)

NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs
UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software







[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\AppDataLow]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\ATI]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Conduit]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Mozilla]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\NCH Software]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Policies]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\QtProject]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\RegisteredApplications]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\SyncEngines]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\sysinternals]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Ultracopier]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\UsbFix]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\uTorrentPlus]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Wow6432Node]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows NT\CurrentVersion]




[HKLM\Software\AMD]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Clients]
[HKLM\Software\Emsi Software GmbH]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice]

[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Conduit]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\NCH Software]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\SOSVirus]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]


---------- | FeatureControl

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"utorrentie.exe"="9000"
"pc-decrapifier.exe"="9999"
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION]
"utorrentie.exe"="0"
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"utorrentie.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"WiseDiskCleaner.exe"="11000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:23] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [23928840] - C:\Program Files (x86)\Common Files
[MD5.5B8A2BA3138573583FF9E0158096EC48] - [25/07/2016 18:38:56] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [2154939] - C:\Program Files (x86)\Internet Explorer
[MD5.00000000000000000000000000000000] - [25/07/2016 19:17:33] - |D| - [28382294] - C:\Program Files (x86)\Microsoft
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[MD5.00000000000000000000000000000000] - [26/07/2016 17:36:04] - |D| - [7674231] - C:\Program Files (x86)\NCH Software
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [1465856] - C:\Program Files (x86)\Windows Defender
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [3342927] - C:\Program Files (x86)\Windows Media Player
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [7575610] - C:\Program Files (x86)\Windows NT
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [5484224] - C:\Program Files (x86)\Windows Photo Viewer
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |SD| - [2685232] - C:\Program Files (x86)\WindowsPowerShell
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [802] - C:\WINDOWS\addins
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [1922600] - C:\WINDOWS\appcompat
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [12360910] - C:\WINDOWS\AppPatch
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\AppReadiness
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:48] - |RD| - [516185844] - C:\WINDOWS\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 18:06:57] - |A| - [0] - C:\WINDOWS\ativpsrm.bin
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [241412] - C:\WINDOWS\bcastdvr
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [32716961] - C:\WINDOWS\Boot
[MD5.CA4280ED137D666BD7A7A3A9B18B2134] - [25/07/2016 18:04:38] - |AS| - [67584] - C:\WINDOWS\bootstat.dat
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [2380376] - C:\WINDOWS\Branding
[MD5.00000000000000000000000000000000] - [25/07/2016 18:21:26] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [8970858] - C:\WINDOWS\Cursors
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [404217] - C:\WINDOWS\debug
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [20934] - C:\WINDOWS\DesktopTileResources
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [3032320] - C:\WINDOWS\DevicesFlow
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [4217368] - C:\WINDOWS\diagnostics
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:25] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |SD| - [0] - C:\WINDOWS\Downloaded Program Files
[MD5.28DB89668234230CF4FB3E1BDE903D89] - [26/07/2016 16:54:50] - |A| - [9520] - C:\WINDOWS\DPINST.LOG
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |HD| - [44568] - C:\WINDOWS\ELAMBKUP
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:25] - |D| - [0] - C:\WINDOWS\en-US
[MD5.00000000000000000000000000000000] - [26/07/2016 08:04:22] - |D| - [83004789] - C:\WINDOWS\ERUNT
[MD5.E396258CFD8F84E8F2C24930E6D88C67] - [25/07/2016 11:44:48] - |A| - [4515256] - C:\WINDOWS\explorer.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RSD| - [353586676] - C:\WINDOWS\Fonts
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:25] - |D| - [134144] - C:\WINDOWS\fr-FR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [20838848] - C:\WINDOWS\Globalization
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\Help
[MD5.430DE1635CE173440D34ABA1676113D7] - [25/07/2016 11:40:52] - |A| - [994816] - C:\WINDOWS\HelpPane.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [173194846] - C:\WINDOWS\IME
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [6840341] - C:\WINDOWS\ImmersiveControlPanel
[MD5.00000000000000000000000000000000] - [25/07/2016 18:34:38] - |D| - [42078735] - C:\WINDOWS\INF
[MD5.00000000000000000000000000000000] - [25/07/2016 19:00:20] - |D| - [931024796] - C:\WINDOWS\InfusedApps
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [36258450] - C:\WINDOWS\InputMethod
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |SHD| - [93394194] - C:\WINDOWS\Installer
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [89407] - C:\WINDOWS\L2Schemas
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [41877165] - C:\WINDOWS\Logs
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RSD| - [20145669] - C:\WINDOWS\Media
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:48] - |D| - [589031655] - C:\WINDOWS\Microsoft.NET
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [2371] - C:\WINDOWS\Migration
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [470257] - C:\WINDOWS\MiracastView
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.00000000000000000000000000000000] - [25/07/2016 18:50:34] - |D| - [199124] - C:\WINDOWS\OCR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[MD5.00000000000000000000000000000000] - [25/07/2016 19:00:19] - |DC| - [32036674] - C:\WINDOWS\Panther
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [28867244] - C:\WINDOWS\Performance
[MD5.800BA5E9AB4E88249D838003E0E58D3C] - [26/07/2016 15:26:31] - |A| - [7888] - C:\WINDOWS\PFRO.log
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [1136442] - C:\WINDOWS\PLA
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [2566565] - C:\WINDOWS\PolicyDefinitions
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [15451693] - C:\WINDOWS\prefetch
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [1963312] - C:\WINDOWS\PrintDialog
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [1297393] - C:\WINDOWS\Provisioning
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |RD| - [770223] - C:\WINDOWS\PurchaseDialog
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [22588] - C:\WINDOWS\Registration
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [3417523] - C:\WINDOWS\rescache
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [3728883] - C:\WINDOWS\Resources
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\SchCache
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [121229] - C:\WINDOWS\schemas
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [3637248] - C:\WINDOWS\security
[MD5.00000000000000000000000000000000] - [25/07/2016 18:56:13] - |D| - [37695615] - C:\WINDOWS\ServiceProfiles
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [69300443] - C:\WINDOWS\servicing
[MD5.00000000000000000000000000000000] - [25/07/2016 18:54:14] - |D| - [42] - C:\WINDOWS\Setup
[MD5.8C125C21AAB6794B1360D7584C9496D2] - [26/07/2016 13:04:44] - |A| - [10894] - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2016 13:04:44] - |A| - [0] - C:\WINDOWS\setuperr.log
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [4544] - C:\WINDOWS\ShellNew
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [3070736] - C:\WINDOWS\SKB
[MD5.00000000000000000000000000000000] - [25/07/2016 18:06:30] - |D| - [370658254] - C:\WINDOWS\SoftwareDistribution
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [103543755] - C:\WINDOWS\Speech
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [50814701] - C:\WINDOWS\Speech_OneCore
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:49] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [25/07/2016 18:38:57] - |A| - [219] - C:\WINDOWS\system.ini
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [3749116868] - C:\WINDOWS\System32
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [155460814] - C:\WINDOWS\SystemApps
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [18175861] - C:\WINDOWS\SystemResources
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [1321862758] - C:\WINDOWS\syswow64
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\TAPI
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [6] - C:\WINDOWS\Tasks
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [458208] - C:\WINDOWS\Temp
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\tracing
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [12420] - C:\WINDOWS\Vss
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [10685945] - C:\WINDOWS\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [25/07/2016 18:38:57] - |A| - [92] - C:\WINDOWS\win.ini
[MD5.038356387332650843BCB352BB89A101] - [25/07/2016 19:32:17] - |A| - [275] - C:\WINDOWS\WindowsUpdate.log
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [8356119728] - C:\WINDOWS\WinSxS
[MD5.79DFC1621D7F21677E4421F8A07DF6AE] - [25/07/2016 18:09:02] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.DF324B7659AAD2D60D470C9ED19D178B] - [25/07/2016 18:08:48] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.97A11217A908ADDAC1AFFC69178A885D] - [25/07/2016 18:08:42] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.35C15039310A3608BDE7ABD3871AD60D] - [25/07/2016 18:08:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.1C91C51A12CC6210AEBA734B1919FCDF] - [25/07/2016 18:08:31] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.4C123D40C505DB935E50FF884BC74C53] - [25/07/2016 18:08:40] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.F5F314C76B042705786122826943EA58] - [25/07/2016 18:08:43] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.8E8AA657A14C0C6599C4DD8D3C5E4076] - [25/07/2016 18:08:54] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.77872720F290D8BAD012F12FFAE94D12] - [25/07/2016 18:08:44] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.2C48329EF70F114095F3420693F24EAE] - [25/07/2016 18:08:06] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
[MD5.FA32B207001FB3D20A21EA65203185E9] - [25/07/2016 18:08:41] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.B99EE74F51CB4AC6E94F315395A00445] - [25/07/2016 18:08:59] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.4121352162AE5F623C197A23AE6F2B25] - [25/07/2016 18:08:22] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{64D5A142-BD50-726E-ED9E-D2508D2A17E2}
[MD5.E36A2CEEAE6D901CC0078DD4CD71E38B] - [25/07/2016 18:08:37] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.696B62C1AC161222DB21A71CC25B5181] - [25/07/2016 18:09:01] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.52471FFCCB37D7BFD63252BAE9ED206B] - [25/07/2016 19:17:31] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}
[MD5.CFEC49B908D19636703A0F85F5A64345] - [25/07/2016 18:08:46] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.EA180FB817CB617829983239035340EB] - [25/07/2016 18:08:58] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.446779CB28FB29D8B219DF3EFF466C72] - [25/07/2016 18:08:55] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.65D5A06E0C9D1332180DC5630338BB4B] - [25/07/2016 18:08:17] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
[MD5.81FAC37C073C09BB50E8D5FFEE9AC8B9] - [25/07/2016 18:08:50] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.70F94BAB4BF6C09618A4D0AB57F03A07] - [25/07/2016 18:08:56] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.537C66DE21BD2078631FDF522EC88A53] - [25/07/2016 18:08:18] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
[MD5.E11FE8015034C04BF4D9E36538997C87] - [25/07/2016 18:09:08] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.9EE6F858BE3054457F70679C9857C1B3] - [25/07/2016 18:08:52] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.B85BDFC27CDB78728F8A894C2018038C] - [25/07/2016 18:08:47] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.EC186E04DE6ED5054DCF5F02C7EEB62A] - [25/07/2016 18:08:34] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.18A2CC4551BD5EC321CC5EC08AC8C00E] - [25/07/2016 18:08:49] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.64F3D7EF2ED960D7DC48AA8B03702C2B] - [25/07/2016 18:09:03] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.8C0668A3D082E58A40281118404BC76D] - [25/07/2016 18:08:51] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.0FA905D50C3DF6CEE358AB9F68C634CA] - [25/07/2016 18:08:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.422AA51D9B8A45BAF57F51ECF0424215] - [25/07/2016 18:08:36] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.CE3FE3BA64139DEC9A90E9FEFE238BE9] - [25/07/2016 18:08:08] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:09:02] - |D| - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:48] - |D| - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:42] - |D| - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:29] - |D| - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:33] - |D| - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:40] - |D| - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:43] - |D| - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:54] - |D| - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:45] - |D| - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:41] - |D| - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:59] - |D| - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:23] - |D| - [88102] - C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:38] - |D| - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:09:01] - |D| - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.00000000000000000000000000000000] - [25/07/2016 19:36:07] - |D| - [123570] - C:\WINDOWS\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:46] - |D| - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:58] - |D| - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:55] - |D| - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:51] - |D| - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:56] - |D| - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:09:30] - |D| - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:53] - |D| - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:47] - |D| - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:35] - |D| - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:49] - |D| - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:09:05] - |D| - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:52] - |D| - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:39] - |D| - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:08:36] - |D| - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:26] - |D| - [0] - C:\WINDOWS\system32\0409
[MD5.9F0D0E63D6B10C2222B4FCC784AA3A4E] - [25/07/2016 11:46:44] - |A| - [315392] - C:\WINDOWS\system32\aadcloudap.dll
[MD5.17D3651E968F5E7712110FC70BFC973D] - [25/07/2016 11:52:27] - |A| - [853504] - C:\WINDOWS\system32\aadtb.dll
[MD5.D3406F98BD98633780820C5EDBA9A5B4] - [25/07/2016 11:43:50] - |A| - [166400] - C:\WINDOWS\system32\AboveLockAppHost.dll
[MD5.5CB565C1A0A30D76D7B099EEF9654297] - [25/07/2016 11:41:26] - |A| - [256000] - C:\WINDOWS\system32\accountaccessor.dll
[MD5.1F3D69B0AE210874DDC300C3EF1C9CCD] - [25/07/2016 11:41:55] - |A| - [438784] - C:\WINDOWS\system32\AccountsRt.dll
[MD5.F785587BCA673FB606BD3618EB767EEE] - [25/07/2016 11:37:18] - |A| - [92352] - C:\WINDOWS\system32\acmigration.dll
[MD5.827B2A2F64465D19DF9F655FE7F10384] - [25/07/2016 11:38:03] - |A| - [565760] - C:\WINDOWS\system32\ActionCenterCPL.dll
[MD5.8F533910E5D0A63500B17F486331259F] - [25/07/2016 11:41:40] - |A| - [356864] - C:\WINDOWS\system32\ActivationManager.dll
[MD5.C49E5A83F5454A06A1306A8B1589B928] - [25/07/2016 11:41:50] - |A| - [1996288] - C:\WINDOWS\system32\ActiveSyncProvider.dll
[MD5.A499B4A9A1F4989BD37F812BC6DC0298] - [25/07/2016 11:36:22] - |A| - [4775424] - C:\WINDOWS\system32\actxprxy.dll
[MD5.003A0EA097767462F3417B7857DCE1CC] - [25/07/2016 11:39:52] - |A| - [79360] - C:\WINDOWS\system32\adhsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [3307872] - C:\WINDOWS\system32\AdvancedInstallers
[MD5.63B9376F17E6DE7DE8B25BC6F3319A98] - [25/07/2016 11:41:34] - |A| - [671472] - C:\WINDOWS\system32\advapi32.dll
[MD5.EF6BD61D1F7B3E4C20EEC44F9B07E06D] - [25/07/2016 11:37:18] - |A| - [1223872] - C:\WINDOWS\system32\aeinv.dll
[MD5.83A5F89896E625650148CEFCABD8418D] - [25/07/2016 11:36:52] - |A| - [219136] - C:\WINDOWS\system32\aepic.dll
[MD5.C8C10002DF980C3830D103960957AA3C] - [25/07/2016 11:35:01] - |A| - [1582080] - C:\WINDOWS\system32\aitstatic.exe
[MD5.FDDC75FDB8F9B581E3D6513FB85256E8] - [25/07/2016 11:41:17] - |A| - [342016] - C:\WINDOWS\system32\APHostService.dll
[MD5.7B2FEC36A1166CBAB50135FCE044D9CE] - [25/07/2016 11:39:49] - |A| - [86528] - C:\WINDOWS\system32\AppCapture.dll
[MD5.D56E06BE971D9AE99400D435D28D56ED] - [25/07/2016 11:39:03] - |A| - [592896] - C:\WINDOWS\system32\AppContracts.dll
[MD5.177306E7F752A627A82D1F362A01FADE] - [25/07/2016 11:43:25] - |A| - [1159168] - C:\WINDOWS\system32\ApplicationFrame.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\AppLocker
[MD5.4C3A93515CA70A7017CBA3A6A95CF080] - [25/07/2016 11:47:24] - |A| - [121856] - C:\WINDOWS\system32\AppointmentActivation.dll
[MD5.3932940E0DB7A31B00A415F6B3D3E242] - [25/07/2016 11:52:26] - |A| - [700416] - C:\WINDOWS\system32\AppointmentApis.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [7955717] - C:\WINDOWS\system32\appraiser
[MD5.B6C299CDD0D76D3A8073D934E00C8400] - [25/07/2016 11:37:22] - |A| - [1505984] - C:\WINDOWS\system32\appraiser.dll
[MD5.682F73D86501D75B131A1D59539A475D] - [25/07/2016 11:36:33] - |A| - [504320] - C:\WINDOWS\system32\AppReadiness.dll
[MD5.ACF6FB6941AAF8EEBFF3C2B9C79C3F14] - [25/07/2016 11:40:58] - |A| - [287744] - C:\WINDOWS\system32\apprepapi.dll
[MD5.1F1C41F53373FCD4DA82C5A16E748E05] - [25/07/2016 11:39:48] - |A| - [381952] - C:\WINDOWS\system32\apprepsync.dll
[MD5.E7A27A6CD6CC6EA66342482FAAA8A2A7] - [25/07/2016 11:43:24] - |A| - [814080] - C:\WINDOWS\system32\appwiz.cpl
[MD5.37E893F5A0BB0DCF89D8464F4D5E0C3D] - [25/07/2016 11:41:37] - |A| - [217440] - C:\WINDOWS\system32\AppxAllUserStore.dll
[MD5.33931A5F8E8B4446C547B020409D66C4] - [25/07/2016 11:49:58] - |A| - [436736] - C:\WINDOWS\system32\AppXDeploymentClient.dll
[MD5.7B8C0E8D6B84BB841D50779D643C2A22] - [25/07/2016 11:42:05] - |A| - [2066432] - C:\WINDOWS\system32\AppXDeploymentExtensions.dll
[MD5.AA27A3DF5CDA714F0DD47A48FE7CA8C3] - [25/07/2016 11:42:10] - |A| - [2168320] - C:\WINDOWS\system32\AppXDeploymentServer.dll
[MD5.1A7C3451A5BD863F9FC4D7421D353374] - [25/07/2016 11:43:27] - |A| - [982016] - C:\WINDOWS\system32\AppxPackaging.dll
[MD5.9B034D049D1C6EC9BED55D2F27D86ED9] - [25/07/2016 11:39:40] - |A| - [2186] - C:\WINDOWS\system32\AppxProvisioning.xml
[MD5.AFAF7063071A1124985A63382B2BC34C] - [25/07/2016 11:35:15] - |A| - [161792] - C:\WINDOWS\system32\AppxSip.dll
[MD5.03416DA86664FF2141A5820868B0B9B1] - [25/07/2016 11:41:21] - |A| - [88576] - C:\WINDOWS\system32\AppxSysprep.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [275456] - C:\WINDOWS\system32\ar-SA
[MD5.77B2F9C522467B1FC8770028D09534DB] - [25/07/2016 11:47:18] - |A| - [91648] - C:\WINDOWS\system32\asycfilt.dll
[MD5.5CE34C981833706A0B6051572AC5B6CE] - [25/07/2016 11:51:54] - |A| - [379232] - C:\WINDOWS\system32\atmfd.dll
[MD5.7A654D6E586FDE14C8B805BED03D74B7] - [25/07/2016 11:46:18] - |A| - [45568] - C:\WINDOWS\system32\atmlib.dll
[MD5.834D1648124F0F2729462BF79DB0C2CD] - [25/07/2016 11:44:06] - |A| - [369912] - C:\WINDOWS\system32\audiodg.exe
[MD5.42BF7FA295F453618104B5A50BEE105B] - [25/07/2016 11:43:46] - |A| - [275456] - C:\WINDOWS\system32\AudioEndpointBuilder.dll
[MD5.EF94C4BB5DDCEB9F0A092122582CF4E5] - [25/07/2016 11:44:05] - |A| - [516544] - C:\WINDOWS\system32\AudioEng.dll
[MD5.468D29ECE0AD7700B790A20FA2765313] - [25/07/2016 11:43:29] - |A| - [408120] - C:\WINDOWS\system32\AUDIOKSE.dll
[MD5.FEBBA212353E4FA90C6164AA970B772F] - [25/07/2016 11:44:35] - |A| - [536256] - C:\WINDOWS\system32\AudioSes.dll
[MD5.5C6F3312EACE1409DC2C4C2AD5D2719D] - [25/07/2016 11:44:52] - |A| - [1054208] - C:\WINDOWS\system32\audiosrv.dll
[MD5.497EB340D13433E8FE53625103E0C2D0] - [25/07/2016 11:48:49] - |A| - [146432] - C:\WINDOWS\system32\AuthBroker.dll
[MD5.F66EEB5365413D4B968C5B51D25F88B8] - [25/07/2016 11:47:24] - |A| - [141560] - C:\WINDOWS\system32\AuthHost.exe
[MD5.B2FD8E42044B7A2C18AE54A60ACDDE6B] - [25/07/2016 11:49:35] - |A| - [2352128] - C:\WINDOWS\system32\authui.dll
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - [25/07/2016 18:39:04] - |A| - [389] - C:\WINDOWS\system32\AutoWorkplace.exe.config
[MD5.63E75187FFFA108A78C67E14122C45B0] - [25/07/2016 11:52:34] - |A| - [865792] - C:\WINDOWS\system32\AzureSettingSyncProvider.dll
[MD5.1CC123FE215B7FFBA4B7889FD13B32D5] - [25/07/2016 11:42:38] - |A| - [36864] - C:\WINDOWS\system32\BackgroundTransferHost.exe
[MD5.9FCC3D4817CCA5BCEF1FB4B14E523EBC] - [25/07/2016 11:46:20] - |A| - [78336] - C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
[MD5.82E25186617BA6C15010F0D47C705705] - [25/07/2016 11:43:04] - |A| - [65536] - C:\WINDOWS\system32\basesrv.dll
[MD5.7A809AC3187F404168EAD29FB96A7854] - [25/07/2016 11:40:05] - |A| - [414720] - C:\WINDOWS\system32\bcastdvr.exe
[MD5.E104F46B2E0C4F760382CF95E248E0AD] - [25/07/2016 11:39:44] - |A| - [43520] - C:\WINDOWS\system32\bcastdvr.proxy.dll
[MD5.BEE99FBB55E3BFFCF85D0C0A8D26261F] - [25/07/2016 11:43:34] - |A| - [431296] - C:\WINDOWS\system32\bcryptprimitives.dll
[MD5.CA24B0764C9DFE243D15A8708580673B] - [25/07/2016 11:39:48] - |A| - [107520] - C:\WINDOWS\system32\BdeHdCfgLib.dll
[MD5.F374C27099807E99A156953F8416D34A] - [25/07/2016 11:39:02] - |A| - [361472] - C:\WINDOWS\system32\bdesvc.dll
[MD5.37F5E2385CB4D10AB42186974B9C241A] - [25/07/2016 11:43:05] - |A| - [794112] - C:\WINDOWS\system32\BFE.DLL
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [249856] - C:\WINDOWS\system32\bg-BG
[MD5.20CD3B9C674909CCB1966F58A778DC68] - [25/07/2016 11:42:11] - |A| - [7200256] - C:\WINDOWS\system32\BingMaps.dll
[MD5.25086E02B6C3F34BC4646C134C3E1769] - [25/07/2016 11:41:56] - |A| - [1042432] - C:\WINDOWS\system32\BingOnlineServices.dll
[MD5.453207816AB95A0376887BE01FAE30E1] - [25/07/2016 11:43:41] - |A| - [587776] - C:\WINDOWS\system32\bisrv.dll
[MD5.E34A89A196F45473D61CCDAB193293D1] - [25/07/2016 11:49:08] - |A| - [119808] - C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
[MD5.C417C35D0B714320708A1C18673ACE6C] - [25/07/2016 11:38:15] - |A| - [104448] - C:\WINDOWS\system32\BluetoothApis.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [4473448] - C:\WINDOWS\system32\Boot
[MD5.861DE49C2ACE112CE1A83DF5E6A7AB97] - [25/07/2016 11:41:25] - |A| - [239104] - C:\WINDOWS\system32\BrokerLib.dll
[MD5.F0BBBF8807D5725102A9EB06AEB9C1C5] - [25/07/2016 11:43:00] - |A| - [58368] - C:\WINDOWS\system32\browcli.dll
[MD5.A617BE5E429A035A1CA8217C1B16F0BB] - [25/07/2016 11:47:07] - |A| - [134656] - C:\WINDOWS\system32\browser.dll
[MD5.C063C35A67FBECF53E4F31D44D253170] - [25/07/2016 11:35:15] - |A| - [91136] - C:\WINDOWS\system32\browserbroker.dll
[MD5.C1FCA0AED814F1E814700833EF8E0616] - [25/07/2016 11:41:24] - |A| - [179712] - C:\WINDOWS\system32\BrowserSettingSync.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [952] - C:\WINDOWS\system32\Bthprops
[MD5.ED309332DA910BE791F40F09F6FC50B5] - [25/07/2016 11:42:58] - |A| - [38400] - C:\WINDOWS\system32\ByteCodeGenerator.exe
[MD5.CD8C4364BC6040C0226638EF37E13CBB] - [25/07/2016 11:49:22] - |A| - [161280] - C:\WINDOWS\system32\CallHistoryClient.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [49818819] - C:\WINDOWS\system32\CatRoot
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [35070982] - C:\WINDOWS\system32\catroot2
[MD5.2B91178DE30EF92DD383486485B0C97D] - [25/07/2016 11:47:56] - |A| - [523776] - C:\WINDOWS\system32\catsrvut.dll
[MD5.04F404D7F9CAC583ED45DCA0C496E893] - [25/07/2016 11:47:16] - |A| - [218624] - C:\WINDOWS\system32\cdd.dll
[MD5.0DC4BEB16161362B4E46D117204D8566] - [25/07/2016 11:45:52] - |A| - [2843136] - C:\WINDOWS\system32\cdp.dll
[MD5.E8720AD5391738C5EBCCCF696B46C000] - [25/07/2016 11:42:44] - |A| - [59392] - C:\WINDOWS\system32\cdpreference.exe
[MD5.88E3BA684A7B1247762E1D401076D4C2] - [25/07/2016 11:43:24] - |A| - [287744] - C:\WINDOWS\system32\cdpsvc.dll
[MD5.6D7BC576DEC9750D5F8AED361E687384] - [25/07/2016 11:43:03] - |A| - [704000] - C:\WINDOWS\system32\CellularAPI.dll
[MD5.907B65AD953EA159B573A0BCC82F6DB0] - [25/07/2016 11:47:32] - |A| - [243712] - C:\WINDOWS\system32\cemapi.dll
[MD5.150EB8C1C9AE50F354A4CB5778E5951E] - [25/07/2016 11:38:20] - |A| - [459776] - C:\WINDOWS\system32\certcli.dll
[MD5.F432A642F2C6266788080704C63C7427] - [25/07/2016 11:41:59] - |A| - [2912256] - C:\WINDOWS\system32\CertEnroll.dll
[MD5.BAAB5AE1EC2A970C16FDA670882EEE39] - [25/07/2016 11:38:02] - |A| - [79360] - C:\WINDOWS\system32\cfgbkend.dll
[MD5.1F4AB277DB73A3C731B669D33C560405] - [25/07/2016 11:54:52] - |A| - [7832576] - C:\WINDOWS\system32\Chakra.dll
[MD5.C7ACF177D1EB5C3F00D4FC728BBF9DFD] - [25/07/2016 11:46:35] - |A| - [764928] - C:\WINDOWS\system32\Chakradiag.dll
[MD5.61C99C1A4BB5EE14563ED321A859ACB6] - [25/07/2016 11:49:14] - |A| - [726528] - C:\WINDOWS\system32\ChatApis.dll
[MD5.DF85A7B895A73421A50E955B94719F2F] - [25/07/2016 11:38:10] - |A| - [78040] - C:\WINDOWS\system32\Clipc.dll
[MD5.E72BB94A4010EBA7074DFEB25D67BDC3] - [25/07/2016 11:39:05] - |A| - [625000] - C:\WINDOWS\system32\ClipSVC.dll
[MD5.20688A78EC7B410B2C099C80C5F758D8] - [25/07/2016 11:41:07] - |A| - [1128104] - C:\WINDOWS\system32\ClipUp.exe
[MD5.B985F4CC9D63594D8D3DCADAC07F257E] - [25/07/2016 11:43:43] - |A| - [130560] - C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1908875] - C:\WINDOWS\system32\CodeIntegrity
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [375296] - C:\WINDOWS\system32\Com
[MD5.C402B84B789382748EEEC04284781732] - [25/07/2016 11:54:14] - |A| - [2606824] - C:\WINDOWS\system32\combase.dll
[MD5.603A69A513DCDDBF0DA209395071BA0C] - [25/07/2016 11:48:37] - |A| - [1063936] - C:\WINDOWS\system32\comdlg32.dll
[MD5.65952E564FABBE1348E8DDBC9E85A5BC] - [25/07/2016 11:37:22] - |A| - [50368] - C:\WINDOWS\system32\CompatTelRunner.exe
[MD5.CD2CC65DDF46F065BCC975C2BC89DD11] - [25/07/2016 11:53:50] - |A| - [1648640] - C:\WINDOWS\system32\comsvcs.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [239068182] - C:\WINDOWS\system32\config
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |SD| - [49954] - C:\WINDOWS\system32\Configuration
[MD5.BE8C62B0B7BBA8F1152A6A7FCF248404] - [25/07/2016 11:41:24] - |A| - [915456] - C:\WINDOWS\system32\configurationclient.dll
[MD5.21098276051C6BEBBA7C8EB79AAF4E22] - [25/07/2016 11:52:39] - |A| - [938496] - C:\WINDOWS\system32\ContactApis.dll
[MD5.0A9C90159378EAF0F45AF2275156EF0D] - [25/07/2016 11:38:50] - |A| - [264544] - C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
[MD5.86BE19C6A177AEB93302EA5C4FBE2D11] - [25/07/2016 11:37:15] - |A| - [754664] - C:\WINDOWS\system32\CoreMessaging.dll
[MD5.A71D446195E2B8090621C884D5DC3532] - [25/07/2016 11:37:14] - |A| - [2656408] - C:\WINDOWS\system32\CoreUIComponents.dll
[MD5.B0296912EC10003945B68D19E9F4BC53] - [25/07/2016 11:36:42] - |A| - [440320] - C:\WINDOWS\system32\CredProvDataModel.dll
[MD5.E5E09ABD5171EB8622821059D8757F43] - [25/07/2016 11:36:22] - |A| - [239616] - C:\WINDOWS\system32\credprovhost.dll
[MD5.BF224299C98EA48FC9E4D3607C3148FB] - [25/07/2016 11:42:59] - |A| - [258560] - C:\WINDOWS\system32\credprovs.dll
[MD5.244116AB9BC360772163F995CAF7FB8D] - [25/07/2016 11:43:59] - |A| - [1848584] - C:\WINDOWS\system32\crypt32.dll
[MD5.D0F9C288251907FD44B96837DBDF0A50] - [25/07/2016 11:49:46] - |A| - [320000] - C:\WINDOWS\system32\cryptngc.dll
[MD5.9E79A2208A9ED205A7383CBC92C28053] - [25/07/2016 11:43:16] - |A| - [79872] - C:\WINDOWS\system32\cryptsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [296960] - C:\WINDOWS\system32\cs-CZ
[MD5.FD8FBE19342CF2032F32C303B7D93A05] - [25/07/2016 11:54:04] - |A| - [5503488] - C:\WINDOWS\system32\d2d1.dll
[MD5.957FA4FB89B1BE9D699C9927B0F3C384] - [25/07/2016 11:47:04] - |A| - [1240064] - C:\WINDOWS\system32\d3d10.dll
[MD5.5470B002C5E5D4DC8C4C330EAE8A685D] - [25/07/2016 11:51:22] - |A| - [619296] - C:\WINDOWS\system32\d3d10level9.dll
[MD5.186F9035AEF7E15C4D3F15C3536AB24C] - [25/07/2016 11:51:57] - |A| - [2548944] - C:\WINDOWS\system32\d3d10warp.dll
[MD5.780B8E002BC11116E3C28DBEC6A3847D] - [25/07/2016 11:46:34] - |A| - [185856] - C:\WINDOWS\system32\d3d10_1.dll
[MD5.584B28F7DA74E26FF45B83CFABABB599] - [25/07/2016 11:53:38] - |A| - [2773096] - C:\WINDOWS\system32\d3d11.dll
[MD5.556E7C9734B9D2581022C56A23C96B78] - [25/07/2016 11:52:02] - |A| - [2145032] - C:\WINDOWS\system32\d3d9.dll
[MD5.7FD5DC5E567910FD3B8F6FEA9A80DD4E] - [25/07/2016 11:49:22] - |A| - [4456448] - C:\WINDOWS\system32\D3DCompiler_47.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [292864] - C:\WINDOWS\system32\da-DK
[MD5.2F0FA6F60BC9A971BFBF31D1D2C8AF08] - [25/07/2016 11:38:51] - |A| - [167936] - C:\WINDOWS\system32\dafBth.dll
[MD5.4BE54893EC2A3B26140DF44E7B6D4E99] - [25/07/2016 11:49:56] - |A| - [230400] - C:\WINDOWS\system32\DAFWSD.dll
[MD5.5CD61D0822FCAC328DE501357445577D] - [25/07/2016 11:43:51] - |A| - [484352] - C:\WINDOWS\system32\DataSenseHandlers.dll
[MD5.2AE0CAA966E0FA3ED4DC193A3DD71D3A] - [25/07/2016 11:36:56] - |A| - [5123072] - C:\WINDOWS\system32\dbgeng.dll
[MD5.B8F17AB618578B9024D949DE8308B95A] - [25/07/2016 11:46:22] - |A| - [14336] - C:\WINDOWS\system32\dciman32.dll
[MD5.63EA8167E8F4FC8388E6F95D4D724917] - [25/07/2016 11:44:00] - |A| - [911648] - C:\WINDOWS\system32\dcomp.dll
[MD5.4BCE40BC42A874A57B0E1B3E0FED0ABA] - [25/07/2016 11:43:24] - |A| - [475648] - C:\WINDOWS\system32\DDDS.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [328704] - C:\WINDOWS\system32\de-DE
[MD5.664AA698FC0106A2B075A641E8DC6302] - [25/07/2016 18:39:05] - |A| - [858] - C:\WINDOWS\system32\DefaultQuestions.json
[MD5.B5FF07AFF96EFB80B930985B5B1A7CAB] - [25/07/2016 11:36:17] - |A| - [286720] - C:\WINDOWS\system32\deviceaccess.dll
[MD5.283269F7F32FDF5835B1FB2233013735] - [25/07/2016 11:53:25] - |A| - [284352] - C:\WINDOWS\system32\DeviceCensus.exe
[MD5.F818A7A8BA20F9E20087248FFF1717C8] - [25/07/2016 11:43:42] - |A| - [90624] - C:\WINDOWS\system32\DeviceEnroller.exe
[MD5.A3024762D19A31B0CDC361097E73294D] - [25/07/2016 11:43:11] - |A| - [564224] - C:\WINDOWS\system32\DevicePairing.dll
[MD5.A2BE69243B678C4FD05DFD4AEC83A725] - [25/07/2016 11:37:15] - |A| - [559808] - C:\WINDOWS\system32\devinv.dll
[MD5.D461D2BECEFA661291EB1B748A8D2CCB] - [25/07/2016 11:40:53] - |A| - [355840] - C:\WINDOWS\system32\dhcpcore.dll
[MD5.26E9FC9FFDEF863021D3C18A30B4373F] - [25/07/2016 11:40:57] - |A| - [267264] - C:\WINDOWS\system32\dhcpcore6.dll
[MD5.163A6E3A267DBE416679A76D1FA57C4B] - [25/07/2016 11:39:56] - |A| - [86016] - C:\WINDOWS\system32\dhcpcsvc.dll
[MD5.FA0CCA622E2046BC47A81D9A2630F5E9] - [25/07/2016 11:40:35] - |A| - [67072] - C:\WINDOWS\system32\dhcpcsvc6.dll
[MD5.6D63B50C49E869AF2F5B189FDD6CE784] - [25/07/2016 11:41:44] - |A| - [1443840] - C:\WINDOWS\system32\diagperf.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |SD| - [583168] - C:\WINDOWS\system32\DiagSvcs
[MD5.5F1CAF0E823BADD5576555CC876F1067] - [25/07/2016 11:39:02] - |A| - [1613664] - C:\WINDOWS\system32\diagtrack.dll
[MD5.B40875B8854291BD6919527ABB8DD8AE] - [25/07/2016 11:39:49] - |A| - [368640] - C:\WINDOWS\system32\diagtrack_win.dll
[MD5.95B9A9F4D41A54FD421CF6F7323B87FF] - [25/07/2016 11:43:42] - |A| - [126464] - C:\WINDOWS\system32\dialserver.dll
[MD5.EED30CDEAB6E4B45CBF1BD5298952049] - [25/07/2016 11:51:11] - |A| - [550656] - C:\WINDOWS\system32\directmanipulation.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [7780088] - C:\WINDOWS\system32\Dism
[MD5.F78D7C2D5139D658817A2823FCD6037A] - [25/07/2016 11:43:04] - |A| - [775168] - C:\WINDOWS\system32\Display.dll
[MD5.3EEB5260D4321F7F124955E1D228FDF2] - [25/07/2016 11:38:49] - |A| - [274944] - C:\WINDOWS\system32\DisplayManager.dll
[MD5.E995CBD7C59AB97414489C7CC3B7E09C] - [25/07/2016 11:35:57] - |A| - [504832] - C:\WINDOWS\system32\dlnashext.dll
[MD5.519E5DB2F227B7293EF94D18D5753738] - [25/07/2016 11:42:59] - |A| - [157184] - C:\WINDOWS\system32\dmcertinst.exe
[MD5.16455536238D9F0920E0AF07037D9434] - [25/07/2016 11:43:28] - |A| - [128000] - C:\WINDOWS\system32\dmcsps.dll
[MD5.6A9D3DD35E13B1009E7A712E6D164B8A] - [25/07/2016 11:38:04] - |A| - [274432] - C:\WINDOWS\system32\dmdskmgr.dll
[MD5.2E6EBC6F331900D943EB5F58C1835AFB] - [25/07/2016 11:43:42] - |A| - [417792] - C:\WINDOWS\system32\dmenrollengine.dll
[MD5.91F08041D932816D0D9607F68578A87E] - [25/07/2016 11:42:49] - |A| - [34816] - C:\WINDOWS\system32\dmenterprisediagnostics.dll
[MD5.D9B2EDDCC1EE10A31389EE62B4CDDEC2] - [25/07/2016 11:43:32] - |A| - [503600] - C:\WINDOWS\system32\DMRServer.dll
[MD5.9A3E17CDB177913C2A111C80F3D0DBB4] - [25/07/2016 11:41:25] - |A| - [686976] - C:\WINDOWS\system32\dnsapi.dll
[MD5.5839A317C25F70979433E0905DFABB1B] - [25/07/2016 11:41:28] - |A| - [284672] - C:\WINDOWS\system32\dnsrslvr.dll
[MD5.6FFA21CD6166BB456262BDEFC2C5E3DE] - [25/07/2016 11:41:14] - |A| - [318976] - C:\WINDOWS\system32\domgmt.dll
[MD5.13F1408690E108A987CA77141C4358E5] - [25/07/2016 11:42:01] - |A| - [1097216] - C:\WINDOWS\system32\dosvc.dll
[MD5.C8E72A76B943CEF7A6C830BDB51E7B50] - [25/07/2016 11:35:16] - |A| - [319488] - C:\WINDOWS\system32\dot3ui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1147376] - C:\WINDOWS\system32\downlevel
[MD5.00000000000000000000000000000000] - [25/07/2016 18:37:44] - |D| - [96891348] - C:\WINDOWS\system32\drivers
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [917004917] - C:\WINDOWS\system32\DriverStore
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |SD| - [152064] - C:\WINDOWS\system32\dsc
[MD5.E95EA71BD560BF02276DF339FA412FCB] - [25/07/2016 11:40:30] - |A| - [472576] - C:\WINDOWS\system32\DscCore.dll
[MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - [25/07/2016 18:39:05] - |A| - [215943] - C:\WINDOWS\system32\dssec.dat
[MD5.FBC8C56814642A7CA88ACBCA8DD1121F] - [25/07/2016 11:38:02] - |A| - [145408] - C:\WINDOWS\system32\dssvc.dll
[MD5.CE12FF056FBB4D78970A5D695D8C00BB] - [25/07/2016 11:49:27] - |A| - [1755648] - C:\WINDOWS\system32\dui70.dll
[MD5.EFFFC67D0F0D2608BC294E01700FB4A3] - [25/07/2016 11:47:06] - |A| - [599040] - C:\WINDOWS\system32\duser.dll
[MD5.ED922E0D9B4F1E4821B680EDEEE147EC] - [25/07/2016 11:43:57] - |A| - [1946112] - C:\WINDOWS\system32\dwmcore.dll
[MD5.EDF39F56DDF4116DCC8779A65EF8D6C5] - [25/07/2016 11:35:31] - |A| - [58208] - C:\WINDOWS\system32\dwminit.dll
[MD5.402CA5304470A5034EAA1FEDBB7564A7] - [25/07/2016 11:36:52] - |A| - [2445312] - C:\WINDOWS\system32\DWrite.dll
[MD5.BD7E2F50A8C984500358E1AE1D1B89FC] - [25/07/2016 11:52:11] - |A| - [648256] - C:\WINDOWS\system32\dxgi.dll
[MD5.55A6448A7AC0ACB238D56DFF7C280ABE] - [25/07/2016 11:47:20] - |A| - [290816] - C:\WINDOWS\system32\dxtrans.dll
[MD5.D9D652506DD07CD49F3D20A3BBDD613B] - [25/07/2016 11:38:14] - |A| - [333312] - C:\WINDOWS\system32\eapp3hst.dll
[MD5.AE4655837703FFA4AB079B22B66BB3C2] - [25/07/2016 11:38:47] - |A| - [352256] - C:\WINDOWS\system32\eappcfg.dll
[MD5.FE87844A9D75F2D6D0752DF25EBF776B] - [25/07/2016 11:38:02] - |A| - [113152] - C:\WINDOWS\system32\eappgnui.dll
[MD5.EB7C132D02CC40FB6538D53447447B2A] - [25/07/2016 11:37:52] - |A| - [308736] - C:\WINDOWS\system32\eapphost.dll
[MD5.ACEDA3F655270B39586A7E8D37F1ADC2] - [25/07/2016 11:37:52] - |A| - [72192] - C:\WINDOWS\system32\eappprxy.dll
[MD5.AEBD5FCFBFF0294A2D87048D4F5417CB] - [25/07/2016 11:40:59] - |A| - [74424] - C:\WINDOWS\system32\easinvoker.exe
[MD5.40A9F59FD6B24C045F1D6076E6489CE6] - [25/07/2016 11:40:53] - |A| - [174592] - C:\WINDOWS\system32\easwrt.dll
[MD5.F823DAB5F96CC6A966DF0F1B487C51A0] - [25/07/2016 11:55:39] - |A| - [22379520] - C:\WINDOWS\system32\edgehtml.dll
[MD5.BF1A001A4EBD005CB412E322F20DB0D7] - [25/07/2016 11:34:49] - |A| - [75264] - C:\WINDOWS\system32\EditBufferTestHook.dll
[MD5.97AF27209BA7058F21C8879E773CED86] - [25/07/2016 11:40:57] - |A| - [305152] - C:\WINDOWS\system32\edputil.dll
[MD5.F8E7D71D4E1E57EF304805D2D770ED0A] - [25/07/2016 11:43:03] - |A| - [619520] - C:\WINDOWS\system32\efswrt.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [324096] - C:\WINDOWS\system32\el-GR
[MD5.2BCCAEB08EAF8C5D6BD024B3F020D0EA] - [25/07/2016 11:49:16] - |A| - [790528] - C:\WINDOWS\system32\EmailApis.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:28] - |D| - [5120] - C:\WINDOWS\system32\en
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [239104] - C:\WINDOWS\system32\en-GB
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [2302464] - C:\WINDOWS\system32\en-US
[MD5.36208F250EE9B93B87AD6384237373A9] - [25/07/2016 11:43:09] - |A| - [110032] - C:\WINDOWS\system32\EncDump.dll
[MD5.F605380B537201BD3BC0CDFB5AD53530] - [25/07/2016 11:43:22] - |A| - [162816] - C:\WINDOWS\system32\enrollmentapi.dll
[MD5.3182FCAF6AAF478791DE5B430C912D4D] - [25/07/2016 11:36:12] - |A| - [314368] - C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
[MD5.DFCC151C6AC8E5D50D27ACB34286835C] - [25/07/2016 11:43:56] - |A| - [642048] - C:\WINDOWS\system32\enterprisecsps.dll
[MD5.981F6C7FB2338CC7889BA4D37C1A9DCE] - [25/07/2016 11:43:35] - |A| - [69632] - C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [318464] - C:\WINDOWS\system32\es-ES
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [260096] - C:\WINDOWS\system32\es-MX
[MD5.DB0C2721BE0E21EAA0C4C70B07F481DE] - [25/07/2016 11:39:27] - |A| - [3078144] - C:\WINDOWS\system32\esent.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [233472] - C:\WINDOWS\system32\et-EE
[MD5.F5AF729AD65041D74FED75E02DA4A4DC] - [25/07/2016 11:37:14] - |A| - [138240] - C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
[MD5.3FAD094B789D7D8C130D474A8FD479D6] - [25/07/2016 11:41:55] - |A| - [785088] - C:\WINDOWS\system32\evr.dll
[MD5.3E9CD04F3FB54D4C3CEF3393ABF743BC] - [25/07/2016 11:38:11] - |A| - [254464] - C:\WINDOWS\system32\ExecModelClient.dll
[MD5.D29BE449B728CD126D5ACA3E823C8907] - [25/07/2016 11:36:51] - |A| - [4827136] - C:\WINDOWS\system32\ExplorerFrame.dll
[MD5.DEFF4C7B937F60923980D4BB7D1724B8] - [25/07/2016 11:47:08] - |A| - [274944] - C:\WINDOWS\system32\ExSMime.dll
[MD5.70BA4CAAC5D621DCE88082DA0B1FF014] - [25/07/2016 11:46:42] - |A| - [23552] - C:\WINDOWS\system32\ExtrasXmlParser.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |SD| - [25446735] - C:\WINDOWS\system32\F12
[MD5.93373D10F0F00D1DEE2EB822654735A5] - [25/07/2016 11:36:54] - |A| - [275968] - C:\WINDOWS\system32\facecredentialprovider.dll
[MD5.4176712BADB6903C8419B66E678CE816] - [25/07/2016 11:41:05] - |A| - [440320] - C:\WINDOWS\system32\fhcfg.dll
[MD5.89C78489A7F929362858F4DFD86746E7] - [25/07/2016 11:40:44] - |A| - [252928] - C:\WINDOWS\system32\fhengine.dll
[MD5.45521E32AB1D383F9E85674D0F035543] - [25/07/2016 11:40:50] - |A| - [469504] - C:\WINDOWS\system32\fhsettingsprovider.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [296448] - C:\WINDOWS\system32\fi-FI
[MD5.54C5C6E962A873A1D05394DFF553FD18] - [25/07/2016 11:43:02] - |A| - [149504] - C:\WINDOWS\system32\FilterDS.dll
[MD5.E3D83E92FB3FAFD2E89A89850A0D9355] - [25/07/2016 11:42:49] - |A| - [90624] - C:\WINDOWS\system32\FingerprintEnrollment.dll
[MD5.6A5290128257BC733107E7819648CA76] - [25/07/2016 11:38:01] - |A| - [526336] - C:\WINDOWS\system32\FirewallAPI.dll
[MD5.E0932D924DA7C363F40E5B90DC9D2669] - [25/07/2016 11:43:39] - |A| - [129536] - C:\WINDOWS\system32\flvprophandler.dll
[MD5.2EE93E4D4AA57ED4793C7F0B3404799E] - [26/07/2016 15:26:39] - |A| - [194232] - C:\WINDOWS\system32\FNTCACHE.DAT
[MD5.F1BA85CF2AEE08860C8D5BF82C342F44] - [25/07/2016 11:46:52] - |A| - [1671168] - C:\WINDOWS\system32\FntCache.dll
[MD5.F0DF375130CF8A135D9BF5459BD7691D] - [25/07/2016 11:50:02] - |A| - [636304] - C:\WINDOWS\system32\fontdrvhost.exe
[MD5.0D9E0BDCCCE10F07A7B66A61B27C1F71] - [25/07/2016 11:46:44] - |A| - [116224] - C:\WINDOWS\system32\FontProvider.dll
[MD5.AA2D40D4C045D014FD481BC17308A09A] - [25/07/2016 11:46:33] - |A| - [118272] - C:\WINDOWS\system32\fontsub.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:28] - |D| - [3474944] - C:\WINDOWS\system32\fr
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [266240] - C:\WINDOWS\system32\fr-CA
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [44784012] - C:\WINDOWS\system32\fr-FR
[MD5.728146F5877FD08DE65B21817ABB19A8] - [25/07/2016 11:41:46] - |A| - [765952] - C:\WINDOWS\system32\fveapi.dll
[MD5.5118193C56A2F8D07554395B78A6FDCC] - [25/07/2016 11:40:46] - |A| - [223232] - C:\WINDOWS\system32\fveapibase.dll
[MD5.A15D9F32A84660FA62F9D27577B0F105] - [25/07/2016 11:40:53] - |A| - [324608] - C:\WINDOWS\system32\fvecpl.dll
[MD5.091D5AE5E663A66EE73B539AF7C32EC5] - [25/07/2016 11:47:08] - |A| - [69632] - C:\WINDOWS\system32\fveskybackup.dll
[MD5.FDBDA93BA9CD3B78060705B41BFCF92D] - [25/07/2016 11:38:50] - |A| - [288256] - C:\WINDOWS\system32\fveui.dll
[MD5.712AE16ED8FC7F2363F7EA1D8F6D546A] - [25/07/2016 11:40:52] - |A| - [821248] - C:\WINDOWS\system32\fvewiz.dll
[MD5.9AE80C03EA83537F17B286ECBBA13D43] - [25/07/2016 11:37:58] - |A| - [184320] - C:\WINDOWS\system32\fwbase.dll
[MD5.F6B9E6CB351D86A0C318B37E14B97656] - [25/07/2016 11:37:46] - |A| - [196608] - C:\WINDOWS\system32\fwpolicyiomgr.dll
[MD5.F72F137EEFF89D0B5A2FB8867B4ACEED] - [25/07/2016 11:43:25] - |A| - [402432] - C:\WINDOWS\system32\FWPUCLNT.DLL
[MD5.0F98F18445707A9141F74B3C48F919A6] - [25/07/2016 11:37:44] - |A| - [90112] - C:\WINDOWS\system32\FwRemoteSvr.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\FxsTmp
[MD5.81F9278A83AD6F42C5DE6FEAAFBEA8AB] - [25/07/2016 11:40:44] - |A| - [715776] - C:\WINDOWS\system32\GamePanel.exe
[MD5.79E567E98D8F2BA20E52EBFAD92C20ED] - [25/07/2016 11:43:26] - |A| - [2731008] - C:\WINDOWS\system32\gameux.dll
[MD5.E7522EFA8A09808046F88BCF3F1B8827] - [25/07/2016 11:50:22] - |A| - [1594416] - C:\WINDOWS\system32\gdi32.dll
[MD5.E54FA914CF17AE4AFB18291F31BA3063] - [25/07/2016 11:49:30] - |A| - [1717248] - C:\WINDOWS\system32\GdiPlus.dll
[MD5.08EF12456EDFB557DC424AFD9CF4AAE1] - [25/07/2016 11:42:02] - |A| - [587456] - C:\WINDOWS\system32\generaltel.dll
[MD5.531662DC0764C1A1E333BD05D4485333] - [25/07/2016 11:37:47] - |A| - [321536] - C:\WINDOWS\system32\GlobCollationHost.dll
[MD5.672694F7708B6531F7B3219D9FAE2845] - [25/07/2016 11:38:11] - |A| - [199168] - C:\WINDOWS\system32\GnssAdapter.dll
[MD5.FEAFB991662BF0AD233CC090E83E4FD3] - [25/07/2016 11:38:14] - |A| - [131248] - C:\WINDOWS\system32\gpapi.dll
[MD5.B89C353AFC8F56D961D07FF1FE7B4BCD] - [25/07/2016 11:39:15] - |A| - [1339904] - C:\WINDOWS\system32\gpsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\GroupPolicy
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\GroupPolicyUsers
[MD5.39231A451D553196A909D02C05945CED] - [25/07/2016 11:48:46] - |A| - [428896] - C:\WINDOWS\system32\hal.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [263168] - C:\WINDOWS\system32\he-IL
[MD5.511198CBBA38AE0D733553B0F31C770C] - [25/07/2016 11:43:21] - |A| - [636928] - C:\WINDOWS\system32\hgcpl.dll
[MD5.D974EACE921C3B1C78DD29334CC7F861] - [25/07/2016 11:35:22] - |A| - [109056] - C:\WINDOWS\system32\hlink.dll
[MD5.5DBA65D48CB7B17E241BB7430745C2E0] - [25/07/2016 11:35:31] - |A| - [59392] - C:\WINDOWS\system32\hmkd.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [242688] - C:\WINDOWS\system32\hr-HR
[MD5.E37D5E1BB9F53BD499125B3F0F27E94E] - [25/07/2016 11:39:49] - |A| - [128512] - C:\WINDOWS\system32\httpprxm.dll
[MD5.3CFDA42F5C7914509CD660D1062A8E55] - [25/07/2016 11:39:55] - |A| - [19456] - C:\WINDOWS\system32\httpprxp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [300544] - C:\WINDOWS\system32\hu-HU
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [5489] - C:\WINDOWS\system32\ias
[MD5.C177128E60700E43109584F33D0430F9] - [25/07/2016 11:38:36] - |A| - [258048] - C:\WINDOWS\system32\iassam.dll
[MD5.632C3792D2BFC67E2F8B2A2CFC09CEEF] - [25/07/2016 11:37:51] - |A| - [14848] - C:\WINDOWS\system32\IconCodecService.dll
[MD5.ECD81B99477AB4A93D7838EB40B870D0] - [25/07/2016 18:39:06] - |A| - [8798] - C:\WINDOWS\system32\icrav03.rat
[MD5.25C9F417FA6FE9073392BD34630A89B4] - [25/07/2016 11:34:47] - |A| - [17408] - C:\WINDOWS\system32\IcsEntitlementHost.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [37145] - C:\WINDOWS\system32\icsxml
[MD5.771BC991BEB5DFD93B9347B18F62F216] - [25/07/2016 11:42:57] - |A| - [110080] - C:\WINDOWS\system32\IdCtrls.dll
[MD5.85EB31A46D618AC52726253A32539082] - [25/07/2016 11:49:20] - |A| - [221696] - C:\WINDOWS\system32\ie4uinit.exe
[MD5.69FB22CE0A11E8D55B0BA43D515B854B] - [25/07/2016 11:47:04] - |A| - [1752576] - C:\WINDOWS\system32\ieapfltr.dll
[MD5.A84812FE1FC4EAE9BBD816A2AEE4830D] - [25/07/2016 11:49:28] - |A| - [383488] - C:\WINDOWS\system32\iedkcs32.dll
[MD5.B4EF28C61CE2755D7F1842BFA122B60E] - [25/07/2016 11:54:29] - |A| - [13385728] - C:\WINDOWS\system32\ieframe.dll
[MD5.1D7F891D7ADCE1A6824FCB57D6768E14] - [25/07/2016 11:52:14] - |A| - [689152] - C:\WINDOWS\system32\ieproxy.dll
[MD5.B83CCF1BEECF4BCDE71FC431BAB9A790] - [25/07/2016 11:46:29] - |A| - [34304] - C:\WINDOWS\system32\iernonce.dll
[MD5.FD93D230DAF156F0EAF41C7C039C8D71] - [25/07/2016 11:45:07] - |A| - [3675512] - C:\WINDOWS\system32\iertutil.dll
[MD5.5F8178A9C45D9C69819C63AFC5988C33] - [25/07/2016 11:46:32] - |A| - [66560] - C:\WINDOWS\system32\iesetup.dll
[MD5.416CB546F36D3E5A5B5286E0066ED285] - [25/07/2016 11:37:51] - |A| - [585728] - C:\WINDOWS\system32\ieui.dll
[MD5.46BF56CC45F3EBE9DCF04EA702F79FF7] - [25/07/2016 11:42:39] - |A| - [64000] - C:\WINDOWS\system32\ihvrilproxy.dll
[MD5.5E5BEC886CC2503C4F18AF2153B169AF] - [25/07/2016 11:43:03] - |A| - [957952] - C:\WINDOWS\system32\IKEEXT.DLL
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [24563379] - C:\WINDOWS\system32\IME
[MD5.4C21A65A6ACDF10B181D45E08DC15D24] - [25/07/2016 11:48:42] - |A| - [2127360] - C:\WINDOWS\system32\inetcpl.cpl
[MD5.5B646920CE059478EED19BC7EFF72C7E] - [25/07/2016 11:47:13] - |A| - [167936] - C:\WINDOWS\system32\inetpp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\inetsrv
[MD5.77981E6F98F4A8743D3AEB1A8AF4DE09] - [25/07/2016 11:34:57] - |A| - [108544] - C:\WINDOWS\system32\InputLocaleManager.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [3306496] - C:\WINDOWS\system32\InputMethod
[MD5.99D5C132D5085DACBFF909C3AAF832AC] - [25/07/2016 11:37:16] - |A| - [2624512] - C:\WINDOWS\system32\InputService.dll
[MD5.A1E25DFE54E3D41CB528ACA5CE9480F7] - [25/07/2016 11:38:22] - |A| - [199168] - C:\WINDOWS\system32\InstallAgent.exe
[MD5.6B585B45402B04EF80CB81969682DBE6] - [25/07/2016 11:41:01] - |A| - [693760] - C:\WINDOWS\system32\internetmail.dll
[MD5.5CB0052CBF1DBF36071AD520245F32D6] - [25/07/2016 11:37:01] - |A| - [310464] - C:\WINDOWS\system32\invagent.dll
[MD5.5AAB28A6AC2AAC9F66D4EAB6695D0474] - [25/07/2016 11:41:43] - |A| - [963072] - C:\WINDOWS\system32\iphlpsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\Ipmi
[MD5.F8083C536BEDE61AFB4069D8A8C16DA7] - [25/07/2016 11:38:52] - |A| - [456704] - C:\WINDOWS\system32\ipnathlp.dll
[MD5.D67052BD0DA9C17BCBBF8AB5B6D354EE] - [25/07/2016 11:38:15] - |A| - [392192] - C:\WINDOWS\system32\IPSECSVC.DLL
[MD5.9822B613AEB1CF24E05EFEE748160637] - [25/07/2016 11:42:55] - |A| - [25088] - C:\WINDOWS\system32\irmon.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [323584] - C:\WINDOWS\system32\it-IT
[MD5.CFF415024C353DA284731CB72FE3F8FF] - [25/07/2016 11:35:22] - |A| - [770640] - C:\WINDOWS\system32\iuilp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [237056] - C:\WINDOWS\system32\ja-JP
[MD5.3AFCB780F17144A42F99128AD7E55A02] - [25/07/2016 11:41:30] - |A| - [1056256] - C:\WINDOWS\system32\JpMapControl.dll
[MD5.85A676350B7A349B1DFB47654FBF8C71] - [25/07/2016 11:52:26] - |A| - [804352] - C:\WINDOWS\system32\jscript.dll
[MD5.3CC983011177A815A94218EB38E13241] - [25/07/2016 11:53:50] - |A| - [4895232] - C:\WINDOWS\system32\jscript9.dll
[MD5.7A0E065E46156F9288AE32B1E0399247] - [25/07/2016 11:42:57] - |A| - [52224] - C:\WINDOWS\system32\jsproxy.dll
[MD5.A1144CA95D4C30449331D3DF39F295F9] - [25/07/2016 11:39:17] - |A| - [970752] - C:\WINDOWS\system32\kerberos.dll
[MD5.9B2BFADCB00CF39F0EBD3D690FC56220] - [25/07/2016 11:39:00] - |A| - [1997328] - C:\WINDOWS\system32\KernelBase.dll
[MD5.54051585F9E1A644C3ED024B639C0E32] - [25/07/2016 11:47:16] - |A| - [231936] - C:\WINDOWS\system32\KnobsCore.dll
[MD5.87A8DD15B7DEAC51916358250E5BC7C5] - [25/07/2016 11:46:20] - |A| - [122368] - C:\WINDOWS\system32\KnobsCsp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [234496] - C:\WINDOWS\system32\ko-KR
[MD5.503FFDCC4319F7419DE2B201B03BDB54] - [25/07/2016 11:43:25] - |A| - [305664] - C:\WINDOWS\system32\ksproxy.ax
[MD5.0D7BB44BFFFA4E153F4EA1E05522D2C3] - [25/07/2016 11:42:48] - |A| - [37376] - C:\WINDOWS\system32\LaunchWinApp.exe
[MD5.2F022C0682885EFF4CFB0B62143482B5] - [25/07/2016 11:35:13] - |A| - [71168] - C:\WINDOWS\system32\LegacyNetUX.dll
[MD5.1AD6967BB8F7D4495271715DC3E38CEB] - [25/07/2016 11:35:12] - |A| - [206848] - C:\WINDOWS\system32\LegacyNetUXHost.exe
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - [25/07/2016 19:01:04] - |A| - [50650] - C:\WINDOWS\system32\license.rtf
[MD5.D0CCDC8D0D00DA363F9D87C2E9A803EF] - [25/07/2016 11:39:23] - |A| - [1297752] - C:\WINDOWS\system32\LicenseManager.dll
[MD5.8FFFDB163436D790369E39700B8A7DC1] - [25/07/2016 11:38:05] - |A| - [27648] - C:\WINDOWS\system32\LicenseManagerShellext.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [74981] - C:\WINDOWS\system32\Licenses
[MD5.196E3B5FB1D1A76D41A0C9A9A0B2F698] - [25/07/2016 11:38:03] - |A| - [236032] - C:\WINDOWS\system32\licensingdiag.exe
[MD5.EDE31817FC0A574E7CC3AF7E544C8951] - [25/07/2016 11:43:20] - |A| - [279040] - C:\WINDOWS\system32\ListSvc.dll
[MD5.28B5AB1D9C97737A3801658F12BDBCB6] - [25/07/2016 11:50:00] - |A| - [1121792] - C:\WINDOWS\system32\localspl.dll
[MD5.87E1EE471F559E5F9C4519B46382CDEB] - [25/07/2016 11:39:17] - |A| - [1534464] - C:\WINDOWS\system32\LocationFramework.dll
[MD5.6FDD8828032595D90AEB946A809089D8] - [25/07/2016 11:43:36] - |A| - [480768] - C:\WINDOWS\system32\LockAppBroker.dll
[MD5.3AE63804B34BC99FFD101DFD54012EB8] - [25/07/2016 11:44:02] - |A| - [303216] - C:\WINDOWS\system32\LockAppHost.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [15024128] - C:\WINDOWS\system32\LogFiles
[MD5.72BE361C64D50557765CB9C8E56BB9B6] - [25/07/2016 11:43:57] - |A| - [529920] - C:\WINDOWS\system32\LogonController.dll
[MD5.6ABAC83AD594B0390C470F9C1C017382] - [25/07/2016 11:46:18] - |A| - [3072] - C:\WINDOWS\system32\lpk.dll
[MD5.C8B840675B83DC8A257B075BFE5F9357] - [25/07/2016 11:38:44] - |A| - [261376] - C:\WINDOWS\system32\LsaIso.exe
[MD5.92FB4032354D2074DA0DC9E70D8305B1] - [25/07/2016 11:45:03] - |A| - [1388032] - C:\WINDOWS\system32\lsasrv.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [239616] - C:\WINDOWS\system32\lt-LT
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [240640] - C:\WINDOWS\system32\lv-LV
[MD5.0D0B7EF3E52F5F39BC6A4A882BF7A2F4] - [25/07/2016 18:07:42] - |A| - [9728] - C:\WINDOWS\system32\lvcoinst.log
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [29795054] - C:\WINDOWS\system32\Macromed
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [33460] - C:\WINDOWS\system32\MailContactsCalendarSync
[MD5.05A027F27937EB29B89743A51B1313EA] - [25/07/2016 11:41:41] - |A| - [460800] - C:\WINDOWS\system32\MapConfiguration.dll
[MD5.76BA7FDD3EA3764C0CADB522FF3F4715] - [25/07/2016 11:41:48] - |A| - [939520] - C:\WINDOWS\system32\MapControlCore.dll
[MD5.79EE5C9F9DF073C315D035A1785B502F] - [25/07/2016 11:39:41] - |A| - [3072] - C:\WINDOWS\system32\MapControlStringsRes.dll
[MD5.923EC7EA1E8BE1C7706A2AC5DD28FF5B] - [25/07/2016 11:41:17] - |A| - [120320] - C:\WINDOWS\system32\MapsBtSvc.dll
[MD5.9F171CF4EDEB38DB4CA906ABD535DC44] - [25/07/2016 11:39:44] - |A| - [13312] - C:\WINDOWS\system32\MapsBtSvcProxy.dll
[MD5.5BDBA05692A03279E2EB9F26DB53E148] - [25/07/2016 11:39:48] - |A| - [89088] - C:\WINDOWS\system32\MapsCSP.dll
[MD5.1D077E04EA82EF6D2E389182FF8C9A31] - [25/07/2016 11:41:52] - |A| - [853504] - C:\WINDOWS\system32\MapsStore.dll
[MD5.4AAD96366A51B26F50113A6393CB5587] - [25/07/2016 11:39:45] - |A| - [42496] - C:\WINDOWS\system32\mapstoasttask.dll
[MD5.DA3572238188A1145DC11800F581A30E] - [25/07/2016 11:39:49] - |A| - [28672] - C:\WINDOWS\system32\mapsupdatetask.dll
[MD5.839F7EC52C8E6888C4E9120E68652438] - [25/07/2016 11:41:49] - |A| - [589312] - C:\WINDOWS\system32\MbaeApi.dll
[MD5.65A7997831D78845FDA12E2C87491670] - [25/07/2016 11:41:36] - |A| - [896512] - C:\WINDOWS\system32\MbaeApiPublic.dll
[MD5.C9CF27CF340A5909B1C1953776957C87] - [25/07/2016 11:38:54] - |A| - [567808] - C:\WINDOWS\system32\MBMediaManager.dll
[MD5.4EAE9C70DAB294850557E0A2B13DC3C2] - [25/07/2016 11:40:54] - |A| - [674304] - C:\WINDOWS\system32\mbsmsapi.dll
[MD5.BC767AD01E4DAFD08C21D5D07CC290C9] - [25/07/2016 11:41:52] - |A| - [567808] - C:\WINDOWS\system32\MCRecvSrc.dll
[MD5.C3F15E167CB84E2E6027AF17D49D5904] - [25/07/2016 11:39:01] - |A| - [372224] - C:\WINDOWS\system32\MDEServer.exe
[MD5.3655A59A1E16307F2F6475AC037C1EE4] - [25/07/2016 11:43:41] - |A| - [87040] - C:\WINDOWS\system32\MDMAppInstaller.exe
[MD5.F3E636B2A747493206336114208918FB] - [25/07/2016 11:43:37] - |A| - [173056] - C:\WINDOWS\system32\mdmmigrator.dll
[MD5.1F933CB5AECF7484A0589633A75132A2] - [25/07/2016 11:43:25] - |A| - [176640] - C:\WINDOWS\system32\mdmregistration.dll
[MD5.CAB0FCF4F680E552329366614C83A808] - [25/07/2016 11:49:19] - |A| - [630784] - C:\WINDOWS\system32\MessagingDataModel2.dll
[MD5.EBF31825A4C505188DC598F28C4E25F5] - [25/07/2016 11:41:59] - |A| - [586208] - C:\WINDOWS\system32\mf.dll
[MD5.D79FFE2219AE3BA3B871BA2D39B16519] - [25/07/2016 11:53:40] - |A| - [1152328] - C:\WINDOWS\system32\mfasfsrcsnk.dll
[MD5.510702AC9FD86E3A5CDB68AC3DC14928] - [25/07/2016 11:49:45] - |A| - [498960] - C:\WINDOWS\system32\MFCaptureEngine.dll
[MD5.BD70B866034C1366D74CCBB5CA97395E] - [25/07/2016 11:54:59] - |A| - [2544264] - C:\WINDOWS\system32\mfcore.dll
[MD5.751F5B6AF16546162E06211AF1FC2979] - [25/07/2016 11:52:42] - |A| - [794888] - C:\WINDOWS\system32\mfds.dll
[MD5.64168D292D236456C6F5E6D48DE90528] - [25/07/2016 11:53:44] - |A| - [2582016] - C:\WINDOWS\system32\MFMediaEngine.dll
[MD5.48E90F12346EE70764CEE435826ABD31] - [25/07/2016 11:52:10] - |A| - [493568] - C:\WINDOWS\system32\mfmkvsrcsnk.dll
[MD5.669F733F85FEBE6F7438C66CBF7FD3FD] - [25/07/2016 11:54:05] - |A| - [1062480] - C:\WINDOWS\system32\mfmp4srcsnk.dll
[MD5.218CEC10714AF029BF4D8BCE600AD1DA] - [25/07/2016 11:53:48] - |A| - [819648] - C:\WINDOWS\system32\mfmpeg2srcsnk.dll
[MD5.D1824F779289CA26635A186FF30C0F92] - [25/07/2016 11:51:58] - |A| - [858952] - C:\WINDOWS\system32\mfnetcore.dll
[MD5.C64FA0D0AAF5EEE0E65EFB34DDDD2918] - [25/07/2016 11:54:08] - |A| - [1299504] - C:\WINDOWS\system32\mfnetsrc.dll
[MD5.E3BF6CDE2DDE478E88667F1C9F33DBBC] - [25/07/2016 11:50:08] - |A| - [1092464] - C:\WINDOWS\system32\mfplat.dll
[MD5.7014B74B0F62698EC891A19A781689D5] - [25/07/2016 11:41:47] - |A| - [337840] - C:\WINDOWS\system32\MFPlay.dll
[MD5.3801440364B05BDFA96CF6071D45CD7C] - [25/07/2016 11:40:59] - |A| - [35656] - C:\WINDOWS\system32\mfpmp.exe
[MD5.CCFE330C465256D5D835E9248C676E9E] - [25/07/2016 11:48:52] - |A| - [245840] - C:\WINDOWS\system32\mfps.dll
[MD5.F3B1BFB19C6A47DE7706A9CF1A177028] - [25/07/2016 11:51:54] - |A| - [526856] - C:\WINDOWS\system32\mfreadwrite.dll
[MD5.350CFCC870E30BEE151F3DFB83BD0178] - [25/07/2016 11:53:46] - |A| - [1017032] - C:\WINDOWS\system32\mfsrcsnk.dll
[MD5.409A46FE4B2A6133400572D2B26C6152] - [25/07/2016 11:50:13] - |A| - [847656] - C:\WINDOWS\system32\mfsvr.dll
[MD5.29A61BF9EAB31507C36060CFAFEBE154] - [25/07/2016 11:50:01] - |A| - [234504] - C:\WINDOWS\system32\mftranscode.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:56:13] - |D| - [1920] - C:\WINDOWS\system32\Microsoft
[MD5.ABC346A1CD915DEE6231BB4A7F0B96EC] - [25/07/2016 11:47:07] - |A| - [204800] - C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
[MD5.EBDDBFCAA0E8BF346F5DC13BC364B39E] - [25/07/2016 11:39:41] - |A| - [110592] - C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
[MD5.08F0E6B466F44EA24CA1601F3196E43E] - [25/07/2016 11:39:41] - |A| - [9728] - C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
[MD5.33F4AE1E913D7F865D0CFA716BDC9032] - [25/07/2016 11:39:41] - |A| - [10240] - C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
[MD5.0319FFA35F366D2FD1C9776DAA98FE96] - [25/07/2016 11:49:17] - |A| - [299008] - C:\WINDOWS\system32\microsoft-windows-system-events.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [5631689] - C:\WINDOWS\system32\migration
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [43724994] - C:\WINDOWS\system32\migwiz
[MD5.980258BAC6A086976DADB45D2A2233BC] - [25/07/2016 11:43:23] - |A| - [941568] - C:\WINDOWS\system32\MiracastReceiver.dll
[MD5.9516AE004E3A945BA090B2CD7754B8AE] - [25/07/2016 11:39:07] - |A| - [870400] - C:\WINDOWS\system32\modernexecserver.dll
[MD5.1FD91D9B6FA03C97DC8C1DD29775BBA5] - [25/07/2016 11:42:18] - |A| - [7977472] - C:\WINDOWS\system32\mos.dll
[MD5.98E3D2BB421424B0457F8B7C46113110] - [25/07/2016 11:41:19] - |A| - [72704] - C:\WINDOWS\system32\moshost.dll
[MD5.8EC8ECAB9AF9A5F23872031391AE6BB3] - [25/07/2016 11:41:20] - |A| - [66560] - C:\WINDOWS\system32\MosHostClient.dll
[MD5.C0ADEBE6980D501C0D5B2FD321F78D19] - [25/07/2016 11:41:24] - |A| - [270848] - C:\WINDOWS\system32\moshostcore.dll
[MD5.2031A1DA09AFF8A8BADFFF73511AF306] - [25/07/2016 11:39:41] - |A| - [58368] - C:\WINDOWS\system32\MosResource.dll
[MD5.B3880D0DB160EDC7903B9F32C833812F] - [25/07/2016 11:41:13] - |A| - [74752] - C:\WINDOWS\system32\MosStorage.dll
[MD5.815D17429CBDA7DD5D11AA57B379E94B] - [25/07/2016 11:43:26] - |A| - [119320] - C:\WINDOWS\system32\MP3DMOD.DLL
[MD5.BBA7BF185DD39318487299720C7859E7] - [26/07/2016 18:12:25] - |N| - [485032] - C:\WINDOWS\system32\MpSigStub.exe
[MD5.0B28F2ACE5103586D322AD98FAA01309] - [25/07/2016 11:39:12] - |A| - [870912] - C:\WINDOWS\system32\MPSSVC.dll
[MD5.00000000000000000000000000000000] - [26/07/2016 16:16:03] - |D| - [0] - C:\WINDOWS\system32\MRT
[MD5.B0D02EB2EA0DBF7E5B6E04484D887335] - [26/07/2016 16:15:50] - |A| - [144749672] - C:\WINDOWS\system32\MRT.exe
[MD5.869329345CED8F762DF9E2E21629A930] - [25/07/2016 18:39:07] - |A| - [230912] - C:\WINDOWS\system32\msclmd.dll
[MD5.F232BE986A85BA857E7C5FDBEFC71653] - [25/07/2016 11:52:50] - |A| - [1415200] - C:\WINDOWS\system32\msctf.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [46592] - C:\WINDOWS\system32\MSDRM
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [4247842] - C:\WINDOWS\system32\MsDtc
[MD5.02122FD1A32C205DAA2EEC6462E60226] - [25/07/2016 11:49:06] - |A| - [784384] - C:\WINDOWS\system32\msfeeds.dll
[MD5.6E76BB89EED6C2BD7B1E7B5F9A1C41F0] - [25/07/2016 11:43:49] - |A| - [320000] - C:\WINDOWS\system32\MSFlacDecoder.dll
[MD5.4EB384E80857EC28F54766042D3BAB1E] - [25/07/2016 11:50:44] - |A| - [3355136] - C:\WINDOWS\system32\msftedit.dll
[MD5.D5BDFD4F497EE8A2859E72809046CE89] - [25/07/2016 11:55:50] - |A| - [24610304] - C:\WINDOWS\system32\mshtml.dll
[MD5.7950D23F5542F6F8A9D41F046C01067F] - [25/07/2016 11:46:24] - |A| - [2756096] - C:\WINDOWS\system32\mshtml.tlb
[MD5.B82C04128A96A05139F9F58ED07D0DB2] - [25/07/2016 11:37:17] - |A| - [3351040] - C:\WINDOWS\system32\msi.dll
[MD5.8B46C06B69A8AB4636539783FEACE54F] - [25/07/2016 11:42:57] - |A| - [316928] - C:\WINDOWS\system32\msieftp.dll
[MD5.18CE63A5B5EB84FF7F9F575C8FE53F44] - [25/07/2016 11:38:49] - |A| - [931328] - C:\WINDOWS\system32\MSMPEG2ENC.DLL
[MD5.EA4B8BDD3CFFA0B5C7A605189D79184A] - [25/07/2016 11:42:50] - |A| - [6675968] - C:\WINDOWS\system32\mspaint.exe
[MD5.7B5D06BDED5DFDF28597A9C5F72E85CE] - [25/07/2016 11:39:51] - |A| - [40960] - C:\WINDOWS\system32\msscntrs.dll
[MD5.2DA8708EB1FCB83375A450D401A1ED09] - [25/07/2016 11:38:10] - |A| - [74240] - C:\WINDOWS\system32\mssign32.dll
[MD5.B9A5A35B9EB23AD507A3BABB35C5B67D] - [25/07/2016 11:41:37] - |A| - [1051648] - C:\WINDOWS\system32\MsSpellCheckingFacility.dll
[MD5.D627ED29A07745EB1A5A7405FBFA2381] - [25/07/2016 11:40:33] - |A| - [147456] - C:\WINDOWS\system32\mssph.dll
[MD5.5EE16195544A95C09FB12B5594D229FE] - [25/07/2016 11:41:14] - |A| - [247296] - C:\WINDOWS\system32\mssphtb.dll
[MD5.028CE336DC0BD5D258716403C277674E] - [25/07/2016 11:41:57] - |A| - [2597888] - C:\WINDOWS\system32\mssrch.dll
[MD5.749BEA2C23422B51F5340F42784F817D] - [25/07/2016 11:39:14] - |A| - [7533568] - C:\WINDOWS\system32\mstscax.dll
[MD5.B7C13F4BE0263F3A8303404A96F4246D] - [25/07/2016 11:39:10] - |A| - [358752] - C:\WINDOWS\system32\msv1_0.dll
[MD5.28343B7C30E6AF073B02288EB579D984] - [25/07/2016 11:49:46] - |A| - [476728] - C:\WINDOWS\system32\msvproc.dll
[MD5.199298181CB86E5056D82BD1F86C8A97] - [25/07/2016 11:41:18] - |A| - [357216] - C:\WINDOWS\system32\mswsock.dll
[MD5.8559C1E30B9404590783497563A7A8AA] - [25/07/2016 11:43:54] - |A| - [1902592] - C:\WINDOWS\system32\msxml3.dll
[MD5.70E822EC30C93426C2C51D8CB8BBCDDF] - [25/07/2016 11:45:51] - |A| - [2587696] - C:\WINDOWS\system32\msxml6.dll
[MD5.AB416599057FFDC84E28BBB6DA69EADC] - [25/07/2016 11:43:58] - |A| - [235008] - C:\WINDOWS\system32\MTF.dll
[MD5.72534830694CCABA9A5CBA33F9771C63] - [25/07/2016 11:43:59] - |A| - [260608] - C:\WINDOWS\system32\MTFServer.dll
[MD5.F4F6D943E788447DAE29DA217B6743E6] - [25/07/2016 11:38:21] - |A| - [147456] - C:\WINDOWS\system32\mtxoci.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [6656] - C:\WINDOWS\system32\MUI
[MD5.C4DF2DEF5283FB1C44C6920F2FDD83BC] - [25/07/2016 11:43:16] - |A| - [44032] - C:\WINDOWS\system32\musdialoghandlers.dll
[MD5.8CA9FBB305EFB04585BAC36B7B29C14B] - [25/07/2016 11:36:12] - |A| - [172032] - C:\WINDOWS\system32\MusNotification.exe
[MD5.9DC794AC6F27E96F976990C6C7FC4862] - [25/07/2016 11:35:21] - |A| - [57344] - C:\WINDOWS\system32\MusNotificationUx.exe
[MD5.0AC905009A2ED68715675E086B805316] - [25/07/2016 11:38:26] - |A| - [407552] - C:\WINDOWS\system32\MusUpdateHandlers.dll
[MD5.3C9066503DE3E45CB98C8584DE19C186] - [25/07/2016 11:39:45] - |A| - [28160] - C:\WINDOWS\system32\nativemap.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [288256] - C:\WINDOWS\system32\nb-NO
[MD5.24146738C422814EEB2A98FF1FC5C6E1] - [25/07/2016 11:36:48] - |A| - [338432] - C:\WINDOWS\system32\ncbservice.dll
[MD5.6655228B16A6371BE3B45E7913B52250] - [25/07/2016 11:43:20] - |A| - [111064] - C:\WINDOWS\system32\ncryptsslp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\NDF
[MD5.B3B3BF36976D72C06C2D3524AC040643] - [25/07/2016 11:38:17] - |A| - [81144] - C:\WINDOWS\system32\netapi32.dll
[MD5.C93639FAB08F564D92AB5CFF29C2BFCD] - [25/07/2016 11:35:22] - |A| - [1216512] - C:\WINDOWS\system32\netcenter.dll
[MD5.C3BB5D3E3DD24AC0BFA9223F2877F136] - [25/07/2016 11:37:45] - |A| - [76800] - C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
[MD5.BEF109D45139E2646C116DD9B6E53E3C] - [25/07/2016 11:44:04] - |A| - [847360] - C:\WINDOWS\system32\netlogon.dll
[MD5.B9F994EA5B90838A7B10DEDCC4E41C2B] - [25/07/2016 11:37:59] - |A| - [270336] - C:\WINDOWS\system32\netplwiz.dll
[MD5.A83B4BBA591A3243C61DB825201BA024] - [25/07/2016 11:47:26] - |A| - [115040] - C:\WINDOWS\system32\NetSetupApi.dll
[MD5.131547B1C1D2ABD355C5DFE945BCB9A4] - [25/07/2016 11:52:25] - |A| - [693600] - C:\WINDOWS\system32\NetSetupEngine.dll
[MD5.ACC6B16066D073AA0E20B044BFEF9CD1] - [25/07/2016 11:39:15] - |A| - [471552] - C:\WINDOWS\system32\NetSetupShim.dll
[MD5.A3AA03C0C5002F3D89397637B770A1BA] - [25/07/2016 11:49:33] - |A| - [207360] - C:\WINDOWS\system32\NetSetupSvc.dll
[MD5.329E7ACF649A721B8A5B3F0A9976F91F] - [25/07/2016 11:38:16] - |A| - [2800128] - C:\WINDOWS\system32\netshell.dll
[MD5.FAAC4810F40849AB551C0B5557DF9D4B] - [25/07/2016 11:43:12] - |A| - [237056] - C:\WINDOWS\system32\NetworkDesktopSettings.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [52224] - C:\WINDOWS\system32\networklist
[MD5.240F6A0AAEEAB059BC0B7D8B72637F72] - [25/07/2016 11:45:30] - |A| - [2609664] - C:\WINDOWS\system32\NetworkMobileSettings.dll
[MD5.D7C68ADAF1DA79072A44620CD3042E44] - [25/07/2016 11:47:20] - |A| - [170848] - C:\WINDOWS\system32\NetworkUXBroker.exe
[MD5.C91D271837F2A7DE9875CF50068BF503] - [25/07/2016 11:40:55] - |A| - [511488] - C:\WINDOWS\system32\newdev.dll
[MD5.66989014C94A5AE3600DAFEA225C4DB8] - [25/07/2016 11:46:29] - |A| - [89600] - C:\WINDOWS\system32\NFCProvisioningPlugin.dll
[MD5.679DD4763AA8028B2F26651D3D02A2E1] - [25/07/2016 11:49:52] - |A| - [582656] - C:\WINDOWS\system32\ngccredprov.dll
[MD5.33C215D1F36A184FB0C0F83ECBE12B5B] - [25/07/2016 11:50:01] - |A| - [351232] - C:\WINDOWS\system32\NgcCtnr.dll
[MD5.0FB83658FBB2C5A18AB98C5C94DB9FAF] - [25/07/2016 11:50:00] - |A| - [289792] - C:\WINDOWS\system32\NgcCtnrSvc.dll
[MD5.04BB77409644685810DBD63D86F5720E] - [25/07/2016 11:48:38] - |A| - [99328] - C:\WINDOWS\system32\ngckeyenum.dll
[MD5.8561E653AEB0EFCAD88DE082C282E831] - [25/07/2016 11:48:48] - |A| - [76800] - C:\WINDOWS\system32\ngcpopkeysrv.dll
[MD5.7AAA9916AA10F4B0E9743798A5BA6549] - [25/07/2016 11:52:44] - |A| - [649216] - C:\WINDOWS\system32\ngcsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [307712] - C:\WINDOWS\system32\nl-NL
[MD5.F648E0821CACC7E547562321332E12B1] - [25/07/2016 11:41:40] - |A| - [988160] - C:\WINDOWS\system32\NMAA.dll
[MD5.79BD0E63A9E54ED8AFFD19F43B5B83F2] - [25/07/2016 11:39:42] - |A| - [264192] - C:\WINDOWS\system32\NmaDirect.dll
[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - [25/07/2016 18:39:07] - |A| - [741] - C:\WINDOWS\system32\NOISE.DAT
[MD5.DA7B203B42D2F32FB03AE8DFEB56F326] - [25/07/2016 11:41:27] - |A| - [529408] - C:\WINDOWS\system32\NotificationController.dll
[MD5.94612B9F7FC2B1A5C6D337C649B346F1] - [25/07/2016 11:38:04] - |A| - [278528] - C:\WINDOWS\system32\NotificationObjFactory.dll
[MD5.03DE6DE0019FFC0DE60759A893BD8B3F] - [25/07/2016 11:44:36] - |A| - [1819208] - C:\WINDOWS\system32\ntdll.dll
[MD5.95E5BA5E26BE4A4097458E1F316A8616] - [25/07/2016 11:54:48] - |A| - [7469408] - C:\WINDOWS\system32\ntoskrnl.exe
[MD5.1D5D1656DF134068A04480DB4B1E1753] - [25/07/2016 11:47:05] - |A| - [349184] - C:\WINDOWS\system32\ntprint.dll
[MD5.F747C037C6CC055E664235BF0EA9A30C] - [25/07/2016 11:35:23] - |A| - [882688] - C:\WINDOWS\system32\ntshrui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |SD| - [16968352] - C:\WINDOWS\system32\Nui
[MD5.DE4FA2E0FBF5D7CAF54977DE21949EC2] - [25/07/2016 18:39:07] - |A| - [15703] - C:\WINDOWS\system32\OEMDefaultAssociations.xml
[MD5.F8D77A486B78DB6FA44F2F7DF5D7F65C] - [25/07/2016 11:37:53] - |A| - [285184] - C:\WINDOWS\system32\oemlicense.dll
[MD5.4B4970CB5FF1D25B444F95A18ED8AF22] - [25/07/2016 11:42:40] - |A| - [114688] - C:\WINDOWS\system32\offlinelsa.dll
[MD5.642D4E1DE69A3D180D4962D6977AAAB3] - [25/07/2016 11:50:05] - |A| - [1322248] - C:\WINDOWS\system32\ole32.dll
[MD5.0C8955B4BB1E9D588B4B62D0BD2E5E78] - [25/07/2016 11:49:46] - |A| - [411648] - C:\WINDOWS\system32\oleacc.dll
[MD5.A4CA6FE3F02C6299EED8B7296DC902D6] - [25/07/2016 11:46:30] - |A| - [12800] - C:\WINDOWS\system32\oleacchooks.dll
[MD5.11C782F631D915895E56FC1CD8214E51] - [25/07/2016 11:43:26] - |A| - [100232] - C:\WINDOWS\system32\omadmapi.dll
[MD5.FFFDA814EE04E06DA9F0BADAA22ABBFD] - [25/07/2016 11:43:11] - |A| - [145920] - C:\WINDOWS\system32\omadmclient.exe
[MD5.D22A2DEC01300ECEB41D22AB60B1E4B3] - [25/07/2016 11:42:57] - |A| - [66048] - C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
[MD5.354D204E888E96FC12E0D1F94A98D300] - [25/07/2016 11:43:23] - |A| - [364032] - C:\WINDOWS\system32\OneBackupHandler.dll
[MD5.7EA42087AEE36B39F2758475B91AD5F3] - [25/07/2016 11:41:27] - |A| - [515072] - C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [12956045] - C:\WINDOWS\system32\oobe
[MD5.FAB5054707064EA9881954F98D9150C0] - [25/07/2016 11:35:21] - |A| - [85320] - C:\WINDOWS\system32\OpenWith.exe
[MD5.A4BC389CAEA0203FD33849FA8431AA88] - [25/07/2016 11:35:11] - |A| - [224256] - C:\WINDOWS\system32\PackageStateRoaming.dll
[MD5.F0BA42C8EB6ADB733E35D2EC7714408F] - [25/07/2016 11:35:14] - |A| - [49152] - C:\WINDOWS\system32\pcaui.exe
[MD5.D4098EBBED6B5F27CECEE7BAE59AF434] - [25/07/2016 18:43:33] - |A| - [131056] - C:\WINDOWS\system32\perfc009.dat
[MD5.51E5C851B06265B6A7FE78B6B18343FA] - [25/07/2016 18:50:07] - |A| - [147778] - C:\WINDOWS\system32\perfc00C.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - [25/07/2016 18:43:33] - |A| - [33362] - C:\WINDOWS\system32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - [25/07/2016 18:50:07] - |A| - [40528] - C:\WINDOWS\system32\perfd00C.dat
[MD5.9E4490CF02EFB89AC7C36D144083F890] - [25/07/2016 18:43:33] - |A| - [699000] - C:\WINDOWS\system32\perfh009.dat
[MD5.B55A524733D85D8E54A44260829A01B9] - [25/07/2016 18:50:07] - |A| - [787838] - C:\WINDOWS\system32\perfh00C.dat
[MD5.6B98E5694DEDC80E39DE706A22E46E53] - [25/07/2016 18:43:33] - |A| - [296742] - C:\WINDOWS\system32\perfi009.dat
[MD5.8F2243D346C50379E57AFCC43658FCDE] - [25/07/2016 18:50:07] - |A| - [350774] - C:\WINDOWS\system32\perfi00C.dat
[MD5.E6463EDEC3A5771E48128131057DBFAC] - [25/07/2016 18:22:02] - |A| - [1758862] - C:\WINDOWS\system32\PerfStringBackup.INI
[MD5.1435F76294D5E1D1017D5C6D47CA3F80] - [25/07/2016 11:40:59] - |A| - [106928] - C:\WINDOWS\system32\phoneactivate.exe
[MD5.E432FCF8572682126C3362AA856DC4AE] - [25/07/2016 11:47:18] - |A| - [221184] - C:\WINDOWS\system32\PhoneCallHistoryApis.dll
[MD5.A1BFD44C6343BDF582828EAB6B4CBDE5] - [25/07/2016 11:39:15] - |A| - [630784] - C:\WINDOWS\system32\PhoneProviders.dll
[MD5.57606281E23B0F53347527691E947B2B] - [25/07/2016 11:39:05] - |A| - [749056] - C:\WINDOWS\system32\PhoneService.dll
[MD5.FC749BCC3387CBBEE57539F414B24EB9] - [25/07/2016 11:37:52] - |A| - [583680] - C:\WINDOWS\system32\PhotoScreensaver.scr
[MD5.04F7878E7017105AB782353231561749] - [25/07/2016 11:47:25] - |A| - [252928] - C:\WINDOWS\system32\PimIndexMaintenance.dll
[MD5.EEA1E99FBC7D91A1A271012F2B4567BB] - [25/07/2016 11:47:12] - |A| - [60416] - C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [304640] - C:\WINDOWS\system32\pl-PL
[MD5.B2F6749368EEE07AF0B09755B1636F4F] - [25/07/2016 11:43:29] - |A| - [458752] - C:\WINDOWS\system32\PlayToDevice.dll
[MD5.1CA267651F0295A6B809EFCED2846F70] - [25/07/2016 11:43:53] - |A| - [697856] - C:\WINDOWS\system32\PlayToManager.dll
[MD5.2A64B3002165F3842EDCFA048624284F] - [25/07/2016 11:42:52] - |A| - [283648] - C:\WINDOWS\system32\PlayToReceiver.dll
[MD5.7324FB4B99D7485728862DE165946846] - [25/07/2016 11:38:17] - |A| - [1814528] - C:\WINDOWS\system32\pnidui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [386560] - C:\WINDOWS\system32\PointOfService
[MD5.F432ACF44EABBE3EB98F613E1573DA6F] - [25/07/2016 11:43:35] - |A| - [334736] - C:\WINDOWS\system32\policymanager.dll
[MD5.B232CE503C6666873E7B9E4BA769C524] - [25/07/2016 11:43:29] - |A| - [92160] - C:\WINDOWS\system32\policymanagerprecheck.dll
[MD5.4F99255A964A4009D434338D87A3610D] - [25/07/2016 11:38:18] - |A| - [332288] - C:\WINDOWS\system32\polstore.dll
[MD5.E1D8055043DF089DB8ADB67C21DF2CC4] - [25/07/2016 11:46:58] - |A| - [70656] - C:\WINDOWS\system32\POSyncServices.dll
[MD5.19348CC554A839CDFE5F79A42EBBBFAB] - [25/07/2016 11:35:15] - |A| - [589824] - C:\WINDOWS\system32\PrintDialogs.dll
[MD5.DC61C9AF4B96DB3CAB08168B8E9D3455] - [25/07/2016 11:36:47] - |A| - [2050560] - C:\WINDOWS\system32\PrintDialogs3D.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:31] - |D| - [430506] - C:\WINDOWS\system32\Printing_Admin_Scripts
[MD5.0FEE16BB03B1A97A70121165E7414903] - [25/07/2016 11:37:46] - |A| - [67584] - C:\WINDOWS\system32\profext.dll
[MD5.7E0078F1EFEB6F8F47CF85C1D73C7EBC] - [25/07/2016 11:44:04] - |A| - [328192] - C:\WINDOWS\system32\profsvc.dll
[MD5.F6A078D3FC7853D5A220413A239660CC] - [25/07/2016 11:49:52] - |A| - [1603224] - C:\WINDOWS\system32\propsys.dll
[MD5.156963089DF9C18AF330E08BFE41884D] - [25/07/2016 11:47:14] - |A| - [165376] - C:\WINDOWS\system32\provdatastore.dll
[MD5.C9B1B0285A5AA53774BF3D91891072E2] - [25/07/2016 11:49:43] - |A| - [296960] - C:\WINDOWS\system32\provengine.dll
[MD5.C9AC70AC6FEBDCFE585436FD9E3901B1] - [25/07/2016 11:49:28] - |A| - [287232] - C:\WINDOWS\system32\provhandlers.dll
[MD5.D08B38F8E8A995FC673E8D5ADABBFD13] - [25/07/2016 11:47:14] - |A| - [192000] - C:\WINDOWS\system32\provisioningcsp.dll
[MD5.3F4BDBBA1F3BBECBA656503BD0C16BEA] - [25/07/2016 11:49:14] - |A| - [168960] - C:\WINDOWS\system32\provops.dll
[MD5.C6856D20BE1DB90407C9154B0EC319B9] - [25/07/2016 11:38:12] - |A| - [77824] - C:\WINDOWS\system32\provpackageapidll.dll
[MD5.25DA92A03FFF1A620A950ED6209CDC8F] - [25/07/2016 11:46:46] - |A| - [77312] - C:\WINDOWS\system32\ProvPluginEng.dll
[MD5.1C671129864880F66678D3B80316074E] - [25/07/2016 11:47:15] - |A| - [56320] - C:\WINDOWS\system32\provtool.exe
[MD5.4EA244C67F3D3B0EB0CC694443D3F5AA] - [25/07/2016 11:38:44] - |A| - [167936] - C:\WINDOWS\system32\ProximityCommon.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\ProximityToast
[MD5.09291D797572201BF39B685E57B7C73B] - [25/07/2016 11:43:36] - |A| - [556032] - C:\WINDOWS\system32\PsmServiceExtHost.dll
[MD5.2362BCA98EAF8CE0487664467F720861] - [25/07/2016 11:43:41] - |A| - [178176] - C:\WINDOWS\system32\psmsrv.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [308736] - C:\WINDOWS\system32\pt-BR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [303616] - C:\WINDOWS\system32\pt-PT
[MD5.F9941B95928AB5717C6AE871941A8F44] - [25/07/2016 11:43:15] - |A| - [387072] - C:\WINDOWS\system32\qdvd.dll
[MD5.90AA1A4C3B4FF984BB33D74C23D71536] - [25/07/2016 11:38:58] - |A| - [678912] - C:\WINDOWS\system32\qedit.dll
[MD5.2EC83C9326B6731398674C0C0CB1636F] - [25/07/2016 11:45:24] - |A| - [1674240] - C:\WINDOWS\system32\quartz.dll
[MD5.717FDDACE38C314CA5A517E12162CC6D] - [25/07/2016 11:44:02] - |A| - [216576] - C:\WINDOWS\system32\QuickActionsDataModel.dll
[MD5.34D17C28C8B8DC7F98365A60300B40B4] - [25/07/2016 11:46:36] - |A| - [341504] - C:\WINDOWS\system32\RADCUI.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [24316] - C:\WINDOWS\system32\ras
[MD5.52B49D01CE8F8EEC3D557D2CCD46548B] - [25/07/2016 11:37:48] - |A| - [17408] - C:\WINDOWS\system32\rasadhlp.dll
[MD5.4148FE81CAA1383F97FA4F8A21A4700C] - [25/07/2016 11:38:02] - |A| - [733184] - C:\WINDOWS\system32\rasapi32.dll
[MD5.D60BA4C76D194472D6602FF3D2D51ADE] - [25/07/2016 11:37:43] - |A| - [106496] - C:\WINDOWS\system32\rasauto.dll
[MD5.9CEBBE3FB11718F2B2B2086102711C2E] - [25/07/2016 11:37:56] - |A| - [19456] - C:\WINDOWS\system32\rasautou.exe
[MD5.79F73D66F612FE53C8E5E607FCDCFAB1] - [25/07/2016 11:38:28] - |A| - [884736] - C:\WINDOWS\system32\rasdlg.dll
[MD5.FCC66CE466375869F873C9DA3A3C9453] - [25/07/2016 11:35:14] - |A| - [947200] - C:\WINDOWS\system32\rasgcw.dll
[MD5.DD285F10B3AB2588FED953E559ABEADD] - [25/07/2016 11:38:22] - |A| - [610816] - C:\WINDOWS\system32\rastls.dll
[MD5.096671DD1AA23C708FC4493C41D5DB82] - [25/07/2016 11:37:43] - |A| - [13824] - C:\WINDOWS\system32\rastlsext.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [0] - C:\WINDOWS\system32\RasToast
[MD5.757F9AA7EA001014DC9352C6144301BF] - [25/07/2016 11:41:16] - |A| - [3053568] - C:\WINDOWS\system32\rdpcore.dll
[MD5.00B6D59BBA3D3061EE5210970ACC758C] - [25/07/2016 11:38:54] - |A| - [4171264] - C:\WINDOWS\system32\rdpcorets.dll
[MD5.9430C60EBCAE82C0D27050C3FA231D1D] - [25/07/2016 11:37:54] - |A| - [84480] - C:\WINDOWS\system32\rdpudd.dll
[MD5.C439E5B6E3EB38C9C7611C393348503B] - [25/07/2016 11:43:38] - |A| - [1073152] - C:\WINDOWS\system32\RDXService.dll
[MD5.B204C799C5903272284D802DBFCF8F37] - [25/07/2016 11:43:36] - |A| - [315392] - C:\WINDOWS\system32\RDXTaskFactory.dll
[MD5.C6F9333F6C5F326B075CBC062E33793D] - [25/07/2016 11:46:22] - |A| - [7680] - C:\WINDOWS\system32\readingviewresources.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [2048] - C:\WINDOWS\system32\Recovery
[MD5.6BB898FE9AE437C3D9D1F4920B92B1C3] - [25/07/2016 11:42:00] - |A| - [1500672] - C:\WINDOWS\system32\RecoveryDrive.exe
[MD5.F5DC166DC9D533651B83B83CD70FD14C] - [25/07/2016 11:43:09] - |A| - [88392] - C:\WINDOWS\system32\remoteaudioendpoint.dll
[MD5.C59CF7385D070450643D61C8ADEFFE3C] - [25/07/2016 11:45:30] - |A| - [958976] - C:\WINDOWS\system32\RemoteNaturalLanguage.dll
[MD5.559E4E19F481FBB9AF622E23772533CC] - [25/07/2016 11:46:19] - |A| - [52736] - C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
[MD5.2786EAC53204EC98E5DD85C1A9DBA965] - [25/07/2016 11:39:52] - |A| - [1087488] - C:\WINDOWS\system32\reseteng.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [76] - C:\WINDOWS\system32\restore
[MD5.7CDB2034A13C7009CFF479C170E21C90] - [25/07/2016 11:42:39] - |A| - [55808] - C:\WINDOWS\system32\rilproxy.dll
[MD5.204E8E133BA977865C0789DE05C064D2] - [25/07/2016 11:37:57] - |A| - [76288] - C:\WINDOWS\system32\RMSRoamingSecurity.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [245248] - C:\WINDOWS\system32\ro-RO
[MD5.1997A751EF0FB9889E6642428DC4CAB2] - [25/07/2016 11:39:11] - |A| - [1161120] - C:\WINDOWS\system32\rpcrt4.dll
[MD5.72229D3836EA9697F5E13AAEA85F8688] - [25/07/2016 11:43:42] - |A| - [204048] - C:\WINDOWS\system32\rsaenh.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [299520] - C:\WINDOWS\system32\ru-RU
[MD5.D9A795240A84C9E3DA78BC1B9E239FCF] - [25/07/2016 11:42:55] - |A| - [95744] - C:\WINDOWS\system32\samlib.dll
[MD5.5E3427306DC41D80467C9B4ACDE7A9B5] - [25/07/2016 11:43:40] - |A| - [849920] - C:\WINDOWS\system32\samsrv.dll
[MD5.EB9699F8F050E41A2661E56090FB9988] - [25/07/2016 11:40:56] - |A| - [992256] - C:\WINDOWS\system32\sbe.dll
[MD5.023338E1DA5B6E5C2EFC7E5ADA7929C5] - [25/07/2016 11:40:49] - |A| - [685568] - C:\WINDOWS\system32\scapi.dll
[MD5.82C4028BABC9BADCD89600F5084E4543] - [25/07/2016 11:39:04] - |A| - [479232] - C:\WINDOWS\system32\schannel.dll
[MD5.4D82582733D9F437F544D3F8F98CE159] - [25/07/2016 11:37:09] - |A| - [1001472] - C:\WINDOWS\system32\schedsvc.dll
[MD5.F34470B288B2EF590B3ECA8BA4C90D95] - [25/07/2016 11:38:22] - |A| - [233984] - C:\WINDOWS\system32\schtasks.exe
[MD5.309B981F0EB10916BD0BF2972BB33841] - [25/07/2016 11:35:16] - |A| - [1213440] - C:\WINDOWS\system32\sdengin2.dll
[MD5.723C6C3DE056D3EB76F7520BEF5947B4] - [25/07/2016 11:35:01] - |A| - [150528] - C:\WINDOWS\system32\sdrsvc.dll
[MD5.C56BFF5D26E3CD34EEB79213B6220C14] - [25/07/2016 11:35:00] - |A| - [129536] - C:\WINDOWS\system32\sdshext.dll
[MD5.8FB500C462988EE33368E6E099638384] - [25/07/2016 11:40:50] - |A| - [394240] - C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
[MD5.4E762D96FA52AB55A796E373C0557361] - [25/07/2016 11:39:53] - |A| - [203776] - C:\WINDOWS\system32\SearchFilterHost.exe
[MD5.A5AE758495A6F7BAB269CCDC960CAAD6] - [25/07/2016 11:41:11] - |A| - [549888] - C:\WINDOWS\system32\SearchFolder.dll
[MD5.38F120F3E9F4C87A4825F12B33849BA5] - [25/07/2016 11:41:42] - |A| - [938496] - C:\WINDOWS\system32\SearchIndexer.exe
[MD5.877EAB65117EF1A49C28F815F10E3A87] - [25/07/2016 11:41:01] - |A| - [334848] - C:\WINDOWS\system32\SearchProtocolHost.exe
[MD5.258BCD1FE978849EDB02D131FD1F7893] - [25/07/2016 11:39:08] - |A| - [989536] - C:\WINDOWS\system32\SecConfig.efi
[MD5.EBD07BD20B5E0E92A398566EF8720F79] - [25/07/2016 11:35:10] - |A| - [31232] - C:\WINDOWS\system32\seclogon.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [4014] - C:\WINDOWS\system32\SecureBootUpdates
[MD5.844EB2280A13842B9919DCD0113F5487] - [25/07/2016 11:36:51] - |A| - [343552] - C:\WINDOWS\system32\SensorsApi.dll
[MD5.45D26646E3AD737E5DE3DB91CCCE7DBA] - [25/07/2016 11:39:05] - |A| - [339968] - C:\WINDOWS\system32\SensorService.dll
[MD5.DA4F2FBA02ADB65797953219ABEF0C44] - [25/07/2016 11:38:12] - |A| - [58400] - C:\WINDOWS\system32\SensorsNativeApi.dll
[MD5.3F4461644840A3C5572DDC726C36BDF7] - [25/07/2016 11:37:51] - |A| - [92160] - C:\WINDOWS\system32\SensorsNativeApi.V2.dll
[MD5.849275D7BF36660743973B8E28542E45] - [25/07/2016 11:38:08] - |A| - [51680] - C:\WINDOWS\system32\SensorsUtilsV2.dll
[MD5.6FF8248F3A9D69A095C7F3F42BC29CB2] - [25/07/2016 11:41:53] - |A| - [440152] - C:\WINDOWS\system32\services.exe
[MD5.21E74A7A50345F64A2E494C6B6AE0DF2] - [25/07/2016 11:40:56] - |A| - [243712] - C:\WINDOWS\system32\SettingMonitor.dll
[MD5.B66654D85A6C6F915E7D4827317739FA] - [25/07/2016 11:44:16] - |A| - [2125312] - C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
[MD5.318C685A15E02A8573DC3A2772804B21] - [25/07/2016 11:43:37] - |A| - [253440] - C:\WINDOWS\system32\SettingsHandlers_Maps.dll
[MD5.1CFFDC8E62372CBD2C4C1AB9ADAA0C35] - [25/07/2016 11:45:34] - |A| - [3994624] - C:\WINDOWS\system32\SettingsHandlers_nt.dll
[MD5.537CC506D45C691CD1FFF2D918E8C27C] - [25/07/2016 11:43:15] - |A| - [174080] - C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
[MD5.D2DAA7F5299D1612ACEF0C282BE4F47C] - [25/07/2016 11:42:51] - |A| - [492544] - C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
[MD5.7DF705D181132AAB5AE5B25A8FF32215] - [25/07/2016 11:41:32] - |A| - [613376] - C:\WINDOWS\system32\SettingSync.dll
[MD5.6E8F12E9EF754A715D62B5EEA045BE62] - [25/07/2016 11:41:56] - |A| - [984576] - C:\WINDOWS\system32\SettingSyncCore.dll
[MD5.9F1B8A631FD76E9702A58904D4F249BE] - [25/07/2016 11:41:22] - |A| - [566104] - C:\WINDOWS\system32\SettingSyncHost.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1077792] - C:\WINDOWS\system32\setup
[MD5.4973B94DE96E78AF1128A557846E8411] - [25/07/2016 11:41:28] - |A| - [4387680] - C:\WINDOWS\system32\setupapi.dll
[MD5.C49BB15138D9A7AE2901692CA30E11D1] - [25/07/2016 11:50:10] - |A| - [181248] - C:\WINDOWS\system32\shacct.dll
[MD5.70B0FB34458FCA020297A595205FC82F] - [25/07/2016 11:43:55] - |A| - [990208] - C:\WINDOWS\system32\SharedStartModel.dll
[MD5.C821BB49409012C6CD024F21959CC051] - [25/07/2016 11:41:36] - |A| - [638976] - C:\WINDOWS\system32\ShareHost.dll
[MD5.47323DE2A684895004CE63EC66FB4AB4] - [25/07/2016 11:43:26] - |A| - [401408] - C:\WINDOWS\system32\sharemediacpl.dll
[MD5.FD0F8299FDBEC22C8DBFA66CB4BD5B1B] - [25/07/2016 11:50:10] - |A| - [725776] - C:\WINDOWS\system32\SHCore.dll
[MD5.6ADFA862EDA342F416C05C9E88A69899] - [25/07/2016 11:37:30] - |A| - [22561256] - C:\WINDOWS\system32\shell32.dll
[MD5.509589754EDDE7F1EE879366F5692990] - [25/07/2016 11:43:02] - |A| - [182784] - C:\WINDOWS\system32\shutdownux.dll
[MD5.C5D55EF423F535D5A6766DB727BEB7E5] - [25/07/2016 11:38:19] - |A| - [160768] - C:\WINDOWS\system32\SimAuth.dll
[MD5.6CA35CF766C04B30BBE9F99CB70D1DE1] - [25/07/2016 11:38:22] - |A| - [193024] - C:\WINDOWS\system32\SimCfg.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [246784] - C:\WINDOWS\system32\sk-SK
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [242176] - C:\WINDOWS\system32\sl-SI
[MD5.00000000000000000000000000000000] - [26/07/2016 18:51:38] - |D| - [0] - C:\WINDOWS\system32\SleepStudy
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:31] - |D| - [53396] - C:\WINDOWS\system32\slmgr
[MD5.9F77B66EC74300D30720B1001E2CD044] - [25/07/2016 11:38:58] - |A| - [1037824] - C:\WINDOWS\system32\SmartcardCredentialProvider.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:03:01] - |D| - [16945175] - C:\WINDOWS\system32\SMI
[MD5.610D0502400BDAFD4BB8EA10713234C7] - [25/07/2016 11:38:26] - |A| - [74240] - C:\WINDOWS\system32\SMSRouter.dll
[MD5.F07301C282AA222C33F8C28B4F545275] - [25/07/2016 11:44:16] - |A| - [591872] - C:\WINDOWS\system32\SmsRouterSvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [7918944] - C:\WINDOWS\system32\Speech
[MD5.9E2BC2A7D1E3862327B5626CEE56C46E] - [25/07/2016 11:41:53] - |A| - [1487872] - C:\WINDOWS\system32\SpeechPal.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [7644036] - C:\WINDOWS\system32\Speech_OneCore
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [61125729] - C:\WINDOWS\system32\spool
[MD5.D1241DFC397FA8CCFB4BB4B63AAD31AC] - [25/07/2016 11:51:52] - |A| - [755712] - C:\WINDOWS\system32\spoolsv.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [6212533] - C:\WINDOWS\system32\spp
[MD5.939D80772D59831E50B03CDBD99049DF] - [25/07/2016 11:54:56] - |A| - [1540224] - C:\WINDOWS\system32\sppobjs.dll
[MD5.49B666BCCF59226549F64656584318EA] - [25/07/2016 11:37:34] - |A| - [6536256] - C:\WINDOWS\system32\sppsvc.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [24235] - C:\WINDOWS\system32\sppui
[MD5.B5D83BCE06D70B120D8AC889EEE4A14A] - [25/07/2016 11:51:51] - |A| - [692136] - C:\WINDOWS\system32\sppwinob.dll
[MD5.68B34C3558BEE0F6B822FA603E9AE441] - [25/07/2016 11:43:27] - |A| - [258280] - C:\WINDOWS\system32\sqmapi.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [249344] - C:\WINDOWS\system32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [245760] - C:\WINDOWS\system32\sr-Latn-RS
[MD5.8E3B324D6479A63B6F23D663307D53A1] - [25/07/2016 11:36:29] - |A| - [477696] - C:\WINDOWS\system32\srcore.dll
[MD5.995974222B873687A88C25FFCDB644F7] - [25/07/2016 11:41:43] - |A| - [965632] - C:\WINDOWS\system32\SRH.dll
[MD5.04ABF2BA35F85E88076A44B6FF19D3EE] - [25/07/2016 11:41:52] - |A| - [1716736] - C:\WINDOWS\system32\SRHInproc.dll
[MD5.DAFECF80513C6E6892BBEBB48D555A31] - [25/07/2016 11:39:50] - |A| - [115712] - C:\WINDOWS\system32\srpapi.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:07:27] - |D| - [2177408] - C:\WINDOWS\system32\SRSLabs
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1646592] - C:\WINDOWS\system32\sru
[MD5.2804ACDD73835F051CE71DA4DB25337D] - [25/07/2016 11:43:22] - |A| - [110584] - C:\WINDOWS\system32\srvcli.dll
[MD5.266B9C1CC212C255ED61CB13CE3A98A4] - [25/07/2016 11:46:36] - |A| - [13824] - C:\WINDOWS\system32\sscoreext.dll
[MD5.40B3D3F1F3DFF9C839F2FDAAB070D877] - [25/07/2016 11:47:20] - |A| - [465920] - C:\WINDOWS\system32\StikyNot.exe
[MD5.9E55D606C3CE9A37FB2FE5A419AE9CE6] - [25/07/2016 11:37:41] - |A| - [30208] - C:\WINDOWS\system32\StorageUsage.dll
[MD5.58BC9F0C8D92AD7E45F03596BE2E68B4] - [25/07/2016 11:38:47] - |A| - [550912] - C:\WINDOWS\system32\StoreAgent.dll
[MD5.F7391A45172C10D8B79A239CDD8BA88B] - [25/07/2016 11:38:55] - |A| - [209408] - C:\WINDOWS\system32\storewuauth.dll
[MD5.FE42F8A07885E518ED1E846C93E4B78C] - [25/07/2016 11:38:57] - |A| - [617984] - C:\WINDOWS\system32\StorSvc.dll
[MD5.F69610C2C741B025CE28BBAA7DA8A9EA] - [25/07/2016 11:38:46] - |A| - [684544] - C:\WINDOWS\system32\StructuredQuery.dll
[MD5.0CFE0F27EC828D9659FD8BF3A529F7B1] - [25/07/2016 11:43:50] - |A| - [166400] - C:\WINDOWS\system32\SubscriptionMgr.dll
[MD5.96576465D2259ADDE056451DBCBEAF3D] - [25/07/2016 11:42:57] - |A| - [656896] - C:\WINDOWS\system32\sud.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [293376] - C:\WINDOWS\system32\sv-SE
[MD5.681C50548D26B77E32C5A0ED3054A0C5] - [25/07/2016 11:43:22] - |A| - [3415040] - C:\WINDOWS\system32\SyncCenter.dll
[MD5.9A293A4EE7C2283AD9689AB268B6CBA5] - [25/07/2016 11:41:17] - |A| - [555520] - C:\WINDOWS\system32\SyncController.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:48] - |D| - [1698009] - C:\WINDOWS\system32\Sysprep
[MD5.FA8E0A9C648035CA1B47C9DA77EDB7EA] - [25/07/2016 11:41:37] - |A| - [380416] - C:\WINDOWS\system32\SystemEventsBrokerServer.dll
[MD5.20B48DC4AF4492B31A756528444BDA8C] - [25/07/2016 11:41:21] - |A| - [304752] - C:\WINDOWS\system32\systemreset.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1208092] - C:\WINDOWS\system32\SystemResetPlatform
[MD5.E083BE4900FCBB6BC42943438DCF2CAD] - [25/07/2016 11:46:48] - |A| - [176128] - C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
[MD5.7E6CF2485E67AE7AA84B0556612F22CA] - [25/07/2016 11:43:35] - |A| - [714240] - C:\WINDOWS\system32\SystemSettings.Handlers.dll
[MD5.CAEF382AD301DB79D004254E400719B2] - [25/07/2016 11:43:08] - |A| - [492544] - C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
[MD5.7DE46FA7E3A14535E5D971C977F874D9] - [25/07/2016 11:43:23] - |A| - [374008] - C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
[MD5.FEC2E3FF1F1D79E569DE372A020D1909] - [25/07/2016 11:45:44] - |A| - [3585536] - C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
[MD5.064EDB04AB15F985E5E9DE0D9B236958] - [25/07/2016 11:35:16] - |A| - [429056] - C:\WINDOWS\system32\taskcomp.dll
[MD5.2D27946C8EC1AA93A26FEC2C7909CD05] - [25/07/2016 11:36:13] - |A| - [299520] - C:\WINDOWS\system32\taskeng.exe
[MD5.F86A7E3BA31FB9AEF5E6EF29B65E202E] - [25/07/2016 11:41:29] - |A| - [1238584] - C:\WINDOWS\system32\Taskmgr.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [457322] - C:\WINDOWS\system32\Tasks
[MD5.7C20F3EC0BA5ACB8ED40CDEF41B0AC56] - [25/07/2016 11:38:36] - |A| - [779384] - C:\WINDOWS\system32\taskschd.dll
[MD5.594FDF2DB7568C73C282B282845E30CF] - [25/07/2016 11:46:50] - |A| - [36352] - C:\WINDOWS\system32\tbauth.dll
[MD5.3704397D35001B56B371B3395BD8B876] - [25/07/2016 11:39:03] - |A| - [123392] - C:\WINDOWS\system32\tdlrecover.exe
[MD5.0161DABC5CDB2BE6D0B91BEB5386B47D] - [25/07/2016 11:34:47] - |A| - [52736] - C:\WINDOWS\system32\tetheringclient.dll
[MD5.3DF7BD7E0E0CFCF8D8856B639FD46C3C] - [25/07/2016 11:34:47] - |A| - [30720] - C:\WINDOWS\system32\tetheringconfigsp.dll
[MD5.57C88C15CEC97318F580D7F4327AAA46] - [25/07/2016 11:35:43] - |A| - [163328] - C:\WINDOWS\system32\tetheringservice.dll
[MD5.26EDABD6AF6678D299852CB624EDE85B] - [25/07/2016 11:36:46] - |A| - [345600] - C:\WINDOWS\system32\TextInputFramework.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [229888] - C:\WINDOWS\system32\th-TH
[MD5.5A1580ADA5F4F38DC1CD0E9C1B98C6BF] - [25/07/2016 11:43:09] - |A| - [2563584] - C:\WINDOWS\system32\themecpl.dll
[MD5.B7BA7030B50FC782F44D28B63C28B535] - [25/07/2016 11:38:07] - |A| - [2902528] - C:\WINDOWS\system32\themeui.dll
[MD5.7890990143812A452858058BBD52149F] - [25/07/2016 11:38:25] - |A| - [297472] - C:\WINDOWS\system32\thumbcache.dll
[MD5.6D21D0A95286DCD09E354B612F592EB7] - [25/07/2016 18:39:09] - |A| - [1988] - C:\WINDOWS\system32\ticrf.rat
[MD5.7ECACE6D0B4C2D323408EB00FD93C682] - [25/07/2016 11:39:12] - |A| - [503808] - C:\WINDOWS\system32\tileobjserver.dll
[MD5.1A0945D67F0499600E7B43A69210EC5B] - [25/07/2016 11:39:49] - |A| - [41984] - C:\WINDOWS\system32\TimeBrokerClient.dll
[MD5.7E81E3E0D7F83BFE3C3975020B6C7F12] - [25/07/2016 11:41:43] - |A| - [163840] - C:\WINDOWS\system32\TimeBrokerServer.dll
[MD5.00110FDAF3380A23D360AEA5551B8D03] - [25/07/2016 11:52:12] - |A| - [821760] - C:\WINDOWS\system32\TokenBroker.dll
[MD5.63939B50C5C103FA71A419BCEA5B1CF0] - [25/07/2016 11:46:37] - |A| - [26112] - C:\WINDOWS\system32\TokenBrokerCookies.exe
[MD5.F6222E15A014A6026CD7F860006407C4] - [25/07/2016 11:41:06] - |A| - [47616] - C:\WINDOWS\system32\TpmTasks.dll
[MD5.E7AF5609667C0BF1BC80A9D2E2303C35] - [25/07/2016 11:42:06] - |A| - [3577344] - C:\WINDOWS\system32\tquery.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [289280] - C:\WINDOWS\system32\tr-TR
[MD5.35548DDC03345511E3B3F6C1237FFD6F] - [25/07/2016 11:36:44] - |A| - [1040800] - C:\WINDOWS\system32\twinapi.appcore.dll
[MD5.0C66FD155A553C3C1775F9EEE4C52F91] - [25/07/2016 11:49:20] - |A| - [701952] - C:\WINDOWS\system32\twinapi.dll
[MD5.06A6BED5044BFA97C1988568DD628777] - [25/07/2016 11:39:18] - |A| - [2444800] - C:\WINDOWS\system32\twinui.appcore.dll
[MD5.73B90D7C3DEF1941F783BE0391C0F057] - [25/07/2016 11:45:56] - |A| - [11545088] - C:\WINDOWS\system32\twinui.dll
[MD5.127925766866C52F147A2FFC0C0358A5] - [25/07/2016 11:38:04] - |A| - [87040] - C:\WINDOWS\system32\tzautoupdate.dll
[MD5.6DF9F08ED418A400857E5570E842A559] - [25/07/2016 11:36:13] - |A| - [838144] - C:\WINDOWS\system32\uDWM.dll
[MD5.E8A201E7ACF39359D99EEDD3D059E5AC] - [25/07/2016 11:53:32] - |A| - [1395712] - C:\WINDOWS\system32\UIAutomationCore.dll
[MD5.183B210A411E23AC9C5374AEE5645312] - [25/07/2016 11:46:12] - |A| - [36352] - C:\WINDOWS\system32\UIAutomationCoreRes.dll
[MD5.FA01865117A7529561E1F19FD0354D2E] - [25/07/2016 11:39:03] - |A| - [4170240] - C:\WINDOWS\system32\UIRibbon.dll
[MD5.ECDD8B72980581EF23F5BA0AFF04767F] - [25/07/2016 11:38:16] - |A| - [584704] - C:\WINDOWS\system32\UIRibbonRes.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [241152] - C:\WINDOWS\system32\uk-UA
[MD5.CB902A15DD21B363FECA5DCCF34F5C57] - [25/07/2016 11:53:44] - |A| - [1224704] - C:\WINDOWS\system32\Unistore.dll
[MD5.A09C212408747F8074D957375B9C486C] - [25/07/2016 11:36:29] - |A| - [268288] - C:\WINDOWS\system32\updatehandlers.dll
[MD5.EFE15754302A2188C933164CFF9AEFD1] - [25/07/2016 11:40:55] - |A| - [111104] - C:\WINDOWS\system32\updatepolicy.dll
[MD5.DFDA465D7D14906ECC04071E20D0F19E] - [25/07/2016 11:41:41] - |A| - [644096] - C:\WINDOWS\system32\uReFS.dll
[MD5.231099370F84D4AA4B373B0BD0B71D8F] - [25/07/2016 11:44:34] - |A| - [1729024] - C:\WINDOWS\system32\urlmon.dll
[MD5.FF07BE14ED82E218C3EEE7C986118A2E] - [25/07/2016 11:36:48] - |A| - [307712] - C:\WINDOWS\system32\usbmon.dll
[MD5.F5F7CE3E32536F1A37FB3972F27A814F] - [25/07/2016 11:52:04] - |A| - [1399224] - C:\WINDOWS\system32\user32.dll
[MD5.02DF62B54CEDC85DAC946FF3F01171F5] - [25/07/2016 11:38:18] - |A| - [1385472] - C:\WINDOWS\system32\usercpl.dll
[MD5.DD57E9F1482E1A9BD2514F6D017DF58A] - [25/07/2016 11:47:26] - |A| - [258560] - C:\WINDOWS\system32\UserDataAccountApis.dll
[MD5.DD877B48C28AB34197AD88902971B81D] - [25/07/2016 11:46:50] - |A| - [45056] - C:\WINDOWS\system32\UserDataLanguageUtil.dll
[MD5.A249C98D869623F1AF0DB4BCFFF6D2A8] - [25/07/2016 11:47:16] - |A| - [68096] - C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
[MD5.2771EBB565F5C121E66060B173991D4D] - [25/07/2016 11:54:19] - |A| - [1490432] - C:\WINDOWS\system32\UserDataService.dll
[MD5.020AD2DA67F206DC160053F88454A0D4] - [25/07/2016 11:46:45] - |A| - [111616] - C:\WINDOWS\system32\UserDataTimeUtil.dll
[MD5.B6877446C93D3110E56C90CF13CBEC89] - [25/07/2016 11:46:41] - |A| - [45568] - C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
[MD5.210F58F5F18D1DBF0B6F75BE33D8B06C] - [25/07/2016 11:35:31] - |A| - [651776] - C:\WINDOWS\system32\UserLanguagesCpl.dll
[MD5.36EC82F0E399F36BD25F593D63DC144A] - [25/07/2016 11:39:18] - |A| - [912384] - C:\WINDOWS\system32\usermgr.dll
[MD5.26DFF195B1A59942541CE199C586F0D4] - [25/07/2016 11:38:20] - |A| - [43520] - C:\WINDOWS\system32\usermgrcli.dll
[MD5.561B71EE613240D3CC643E2E308BD3F7] - [25/07/2016 11:37:50] - |A| - [248832] - C:\WINDOWS\system32\UserMgrProxy.dll
[MD5.50F7B408700BF28CF9986821E0486A16] - [25/07/2016 11:36:34] - |A| - [379392] - C:\WINDOWS\system32\usocore.dll
[MD5.703430E9FFF072334B247B5E88428331] - [25/07/2016 11:36:13] - |A| - [288768] - C:\WINDOWS\system32\vaultcli.dll
[MD5.B37F21B4C25BF10605A196791F93E324] - [25/07/2016 11:36:59] - |A| - [360448] - C:\WINDOWS\system32\vaultsvc.dll
[MD5.5D339458DA9FEA6E314817B7DDD4D351] - [25/07/2016 11:50:14] - |A| - [605184] - C:\WINDOWS\system32\vbscript.dll
[MD5.1D00BBEEE33FA7F64A8CBFF471968CB0] - [25/07/2016 11:48:46] - |A| - [195072] - C:\WINDOWS\system32\VCardParser.dll
[MD5.E706406D61508D207F6B41CA4AD30891] - [25/07/2016 11:38:47] - |A| - [127488] - C:\WINDOWS\system32\VEDataLayerHelpers.dll
[MD5.E3B8996D970DB8926A817A4BFC3DA5FD] - [25/07/2016 11:38:48] - |A| - [285184] - C:\WINDOWS\system32\VEEventDispatcher.dll
[MD5.315CFB6974B5111E3E62E9A512C92B25] - [25/07/2016 11:38:13] - |A| - [151040] - C:\WINDOWS\system32\VEStoreEventHandlers.dll
[MD5.9547F6675FB25D558BB0F10F1EC9DDD8] - [25/07/2016 11:38:24] - |A| - [591360] - C:\WINDOWS\system32\vpnike.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [75740406] - C:\WINDOWS\system32\wbem
[MD5.642EFABF900374FA85639D83B5533AFD] - [25/07/2016 11:38:54] - |A| - [621568] - C:\WINDOWS\system32\wbiosrvc.dll
[MD5.F00A2E895B61858DBB3FE870495E37FA] - [25/07/2016 11:38:53] - |A| - [210432] - C:\WINDOWS\system32\wcmcsp.dll
[MD5.0BF8D8C7EC9FB15D6480A12101E88B71] - [25/07/2016 11:39:15] - |A| - [606720] - C:\WINDOWS\system32\wcmsvc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:31] - |D| - [0] - C:\WINDOWS\system32\WCN
[MD5.F2503C00653F06AD926553E2C4F69376] - [25/07/2016 11:43:19] - |A| - [1294336] - C:\WINDOWS\system32\wcnwiz.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [33940350] - C:\WINDOWS\system32\WDI
[MD5.CFD91D429BA902F1E3EF09434BFEAF53] - [25/07/2016 11:38:05] - |A| - [1048576] - C:\WINDOWS\system32\WebcamUi.dll
[MD5.F3EB6A22AFB3893ACD4E7C1B02382A3F] - [25/07/2016 11:46:54] - |A| - [262144] - C:\WINDOWS\system32\webcheck.dll
[MD5.D41EC066D915E4825121AE2687596BC2] - [25/07/2016 11:47:24] - |A| - [496640] - C:\WINDOWS\system32\webio.dll
[MD5.333F190DFAE2E1EE500234B78ADDA297] - [25/07/2016 11:44:00] - |A| - [640472] - C:\WINDOWS\system32\wer.dll
[MD5.871DB0260278B46C50D17C5CF4AEB12F] - [25/07/2016 11:36:30] - |A| - [1291776] - C:\WINDOWS\system32\werconcpl.dll
[MD5.95D2BD6AC94FB337AF69F8AFE056BEBE] - [25/07/2016 11:43:13] - |A| - [147808] - C:\WINDOWS\system32\wermgr.exe
[MD5.B86D30AE36165FC84E56AAD4EFBCF527] - [25/07/2016 11:43:06] - |A| - [451584] - C:\WINDOWS\system32\werui.dll
[MD5.AA97AC06BFA15DA23C7C9C145A226C2D] - [25/07/2016 11:37:57] - |A| - [25600] - C:\WINDOWS\system32\wfapigp.dll
[MD5.84ADBF35DAF6404148AE85973BE26D59] - [25/07/2016 11:42:54] - |A| - [48640] - C:\WINDOWS\system32\wfdprov.dll
[MD5.8C837B999EE2D443E8C19677C4BB7F60] - [25/07/2016 11:35:01] - |A| - [677376] - C:\WINDOWS\system32\wiaaut.dll
[MD5.A78E76034D230AFE6B74B57BAF8C8BF2] - [25/07/2016 11:43:02] - |A| - [27648] - C:\WINDOWS\system32\WiFiConfigSP.dll
[MD5.BD3F339FE542C30BB4A88F34A597728C] - [25/07/2016 11:42:46] - |A| - [134656] - C:\WINDOWS\system32\wificonnapi.dll
[MD5.A34D9229F8D3A7164247213C9A283DB0] - [25/07/2016 11:43:42] - |A| - [189952] - C:\WINDOWS\system32\WiFiDisplay.dll
[MD5.F172E5709824756634091047826E7A9F] - [25/07/2016 11:45:34] - |A| - [1319424] - C:\WINDOWS\system32\wifinetworkmanager.dll
[MD5.6072C7DB85FD3FE8D308EE44865C04DE] - [25/07/2016 11:43:51] - |A| - [305664] - C:\WINDOWS\system32\wifiprofilessettinghandler.dll
[MD5.6EA247B3631FE0181583566B9D828B22] - [25/07/2016 11:44:07] - |A| - [413536] - C:\WINDOWS\system32\wifitask.exe
[MD5.66312F4AFEFB1AE0B80051F8A5E5B26B] - [25/07/2016 11:40:58] - |A| - [698208] - C:\WINDOWS\system32\wimgapi.dll
[MD5.BA45A9F29AB13A0E66BAABF9D7C30B70] - [25/07/2016 11:40:57] - |A| - [523616] - C:\WINDOWS\system32\wimserv.exe
[MD5.5B7B6AF7E94E972DCE4BF892ABD466B6] - [25/07/2016 11:46:26] - |A| - [115200] - C:\WINDOWS\system32\win32k.sys
[MD5.ED82578312E8B2D2D1D2F87CD77695AC] - [25/07/2016 11:52:36] - |A| - [1387520] - C:\WINDOWS\system32\win32kbase.sys
[MD5.4EC98235B7BFCA3705279A9E9242C648] - [25/07/2016 11:54:16] - |A| - [3589632] - C:\WINDOWS\system32\win32kfull.sys
[MD5.02B2863417FF2E5E34BD42EBF8B49528] - [25/07/2016 11:48:45] - |A| - [841728] - C:\WINDOWS\system32\win32spl.dll
[MD5.4F83D9D2478E3421BFA7B7F13FAD614B] - [25/07/2016 11:37:44] - |A| - [130560] - C:\WINDOWS\system32\winbio.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [1128] - C:\WINDOWS\system32\WinBioDatabase
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [50191360] - C:\WINDOWS\system32\WinBioPlugIns
[MD5.CBCA5650B97DFE6D86E4F4DC0D3DD86B] - [25/07/2016 11:52:10] - |A| - [828928] - C:\WINDOWS\system32\Windows.AccountsControl.dll
[MD5.A143C34D5DFADCDDBB88CC396DC1F802] - [25/07/2016 11:39:16] - |A| - [859136] - C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
[MD5.E9CEE634054C1EE9D3112A2E86190FEC] - [25/07/2016 11:38:00] - |A| - [330240] - C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
[MD5.4F56CB4CE94272928D1F884A5798456C] - [25/07/2016 11:40:59] - |A| - [538112] - C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
[MD5.29BB9364FD70012F169516312CAB0FB7] - [25/07/2016 11:43:02] - |A| - [317440] - C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
[MD5.1849F8CCD27258F69EAABC334A87846C] - [25/07/2016 11:42:14] - |A| - [6973952] - C:\WINDOWS\system32\Windows.Data.Pdf.dll
[MD5.AB3F697651DDAE1C424C9B2412EFBB59] - [25/07/2016 11:41:48] - |A| - [1239552] - C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
[MD5.7E6FCD52B7EE309145A51A286ED18224] - [25/07/2016 11:37:54] - |A| - [344064] - C:\WINDOWS\system32\Windows.Devices.Picker.dll
[MD5.3F8466CC13D1F614C8FAC24B1C030D59] - [25/07/2016 11:35:04] - |A| - [214528] - C:\WINDOWS\system32\Windows.Devices.Scanners.dll
[MD5.82AC452307257A4B3F08856EE84EE2EC] - [25/07/2016 11:48:50] - |A| - [892416] - C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
[MD5.7A576DA811BCF5843C909D9BC9AEC351] - [25/07/2016 11:38:01] - |A| - [522240] - C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
[MD5.E6AA08DC29AA637E861DAF0AB3E21888] - [25/07/2016 11:38:58] - |A| - [1567744] - C:\WINDOWS\system32\Windows.Globalization.dll
[MD5.E17447519BC01492E3234C90890800D4] - [25/07/2016 11:35:42] - |A| - [368128] - C:\WINDOWS\system32\Windows.Graphics.dll
[MD5.5E126FBE705D91361A3A26DAF9A55838] - [25/07/2016 11:41:44] - |A| - [2103296] - C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
[MD5.DEB8CA5DE728ECB09706765DFAC90DBA] - [25/07/2016 11:38:24] - |A| - [596480] - C:\WINDOWS\system32\Windows.Graphics.Printing.dll
[MD5.56A8197D9FAE5D63ED0CED92BD03F4F8] - [25/07/2016 11:41:33] - |A| - [450048] - C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
[MD5.E32F15E26724F3BB6423FB29FF3E2A8F] - [25/07/2016 11:42:52] - |A| - [278016] - C:\WINDOWS\system32\Windows.Internal.Management.dll
[MD5.D907D75D41B373D2F8DBD9E0E8B041C1] - [25/07/2016 11:43:49] - |A| - [730352] - C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
[MD5.3690FAA19C6D3C68C033D0E5CB3BDB03] - [25/07/2016 11:46:19] - |A| - [28160] - C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
[MD5.C9BFE1D6420BFADB249162039C321F63] - [25/07/2016 11:53:36] - |A| - [1131520] - C:\WINDOWS\system32\Windows.Media.Audio.dll
[MD5.AF13258A6E8FD57CE0B9C6BEDCDF80CB] - [25/07/2016 11:43:39] - |A| - [144896] - C:\WINDOWS\system32\Windows.Media.Devices.dll
[MD5.0E52D076B5FDCD59AEC112BD7665E2E7] - [25/07/2016 11:52:38] - |A| - [3428864] - C:\WINDOWS\system32\Windows.Media.dll
[MD5.950575747FCDCAF5CD7692664DBFE903] - [25/07/2016 11:48:44] - |A| - [1434112] - C:\WINDOWS\system32\Windows.Media.Editing.dll
[MD5.024199E28832EEF1418AC3E93894FB75] - [25/07/2016 11:41:30] - |A| - [376536] - C:\WINDOWS\system32\Windows.Media.MediaControl.dll
[MD5.2DDEA2BEDD3169F483C9BE610ADFE8B1] - [25/07/2016 11:39:35] - |A| - [8705672] - C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
[MD5.5712B5F645838BFC583AB4A5E9684572] - [25/07/2016 11:44:08] - |A| - [1575936] - C:\WINDOWS\system32\Windows.Media.Speech.dll
[MD5.4DDF78E93CF079FD19D80CB45DA9611D] - [25/07/2016 11:41:25] - |A| - [1036288] - C:\WINDOWS\system32\Windows.Media.Streaming.dll
[MD5.E7DA2262B7A9C793FEBD14088AE4C72F] - [25/07/2016 11:36:33] - |A| - [900608] - C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
[MD5.DB2911201B4AAC79AF712C5551F0C41D] - [25/07/2016 11:44:11] - |A| - [688640] - C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
[MD5.A6969BAD3166EDA1C79988DD782A87CF] - [25/07/2016 11:44:02] - |A| - [888320] - C:\WINDOWS\system32\Windows.Networking.dll
[MD5.FC0F06DFE5FD20CCFCE17F3180746D24] - [25/07/2016 11:49:58] - |A| - [576000] - C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
[MD5.8C86CB7C7725B196773451DE66602199] - [25/07/2016 11:37:41] - |A| - [75776] - C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
[MD5.4FE86093AE50EDBB2C51F719AE366AA2] - [25/07/2016 11:49:08] - |A| - [697344] - C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
[MD5.720627CBA30152DFA93E8438BCEAA167] - [25/07/2016 11:48:48] - |A| - [708608] - C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
[MD5.E274C4B6C496B72CCE171CB56C51C41A] - [25/07/2016 11:40:43] - |A| - [51200] - C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
[MD5.7FA43A7587D5D6AA8FFE42A271CF2585] - [25/07/2016 11:39:52] - |A| - [45056] - C:\WINDOWS\system32\Windows.Speech.Pal.dll
[MD5.17139E61D556444B6FCE67920E71D369] - [25/07/2016 11:43:53] - |A| - [2745856] - C:\WINDOWS\system32\Windows.StateRepository.dll
[MD5.0B1DA49D8F816ED7CF44B112B2F348DD] - [25/07/2016 11:42:51] - |A| - [59904] - C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
[MD5.86236B9417AA659DF48C45162C148167] - [25/07/2016 11:42:57] - |A| - [64000] - C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
[MD5.12FEFF0CACF65E3FB5531E2D19728FB0] - [25/07/2016 11:49:07] - |A| - [337336] - C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
[MD5.4B80239138EB21B50A1FBA54FDB15860] - [25/07/2016 11:37:21] - |A| - [6605544] - C:\WINDOWS\system32\windows.storage.dll
[MD5.D62B0829530BBBA204ECA98B57FC4C58] - [25/07/2016 11:38:00] - |A| - [817152] - C:\WINDOWS\system32\Windows.Storage.Search.dll
[MD5.F35D067F84D5F8EE3ACEEC3188FF3B40] - [25/07/2016 11:43:04] - |A| - [414720] - C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
[MD5.324F99E7B2B6739370D398D3C79A6DFD] - [25/07/2016 11:42:59] - |A| - [475648] - C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
[MD5.46E51F35566F8B73540D56EAA0A97E46] - [25/07/2016 11:35:13] - |A| - [175616] - C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
[MD5.1EF7B8D9AF97BA18A61E6256300A2E78] - [25/07/2016 11:44:26] - |A| - [1211904] - C:\WINDOWS\system32\Windows.UI.Cred.dll
[MD5.E772B8EEE1D142622192ADFF4DA1618B] - [25/07/2016 11:36:41] - |A| - [673280] - C:\WINDOWS\system32\Windows.UI.dll
[MD5.F099E147846A9CFF5D26E9292D77F8A9] - [25/07/2016 11:51:34] - |A| - [1797120] - C:\WINDOWS\system32\Windows.UI.Immersive.dll
[MD5.5066575F39AEECAA7A9E03C0FA007A90] - [25/07/2016 11:51:50] - |A| - [881664] - C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
[MD5.C731DF7843CA87A97969FC182298D8F0] - [25/07/2016 11:45:40] - |A| - [2635776] - C:\WINDOWS\system32\Windows.UI.Logon.dll
[MD5.AA39F6642940FD8D4781701AD73776AD] - [25/07/2016 11:42:55] - |A| - [188416] - C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
[MD5.552E1A170B36D372CA67A5990E95BF13] - [25/07/2016 11:42:22] - |A| - [6312448] - C:\WINDOWS\system32\Windows.UI.Search.dll
[MD5.E269E5AE6F0B70FC5093DF5D438C5FD2] - [25/07/2016 11:44:27] - |A| - [1390080] - C:\WINDOWS\system32\Windows.UI.Shell.dll
[MD5.2DEED9D59520DD7DF44C4D4F58C3B046] - [25/07/2016 11:37:24] - |A| - [16985088] - C:\WINDOWS\system32\Windows.UI.Xaml.dll
[MD5.8AA095B5A4826840B348D0A94969CE1A] - [25/07/2016 11:34:43] - |A| - [1268736] - C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
[MD5.51449675B00C62F970B497A2FBF1BC46] - [25/07/2016 11:44:24] - |A| - [787456] - C:\WINDOWS\system32\Windows.Web.dll
[MD5.87F0EA669FB37C03207A8870C3B91174] - [25/07/2016 11:45:13] - |A| - [1410560] - C:\WINDOWS\system32\Windows.Web.Http.dll
[MD5.63660131B3B6F976F28E75F37DFB2F5F] - [25/07/2016 11:36:41] - |A| - [1776768] - C:\WINDOWS\system32\WindowsCodecs.dll
[MD5.E249D7A2B7998EF00990E56190D738B1] - [25/07/2016 11:47:12] - |A| - [276480] - C:\WINDOWS\system32\WindowsCodecsExt.dll
[MD5.4FBF7735D43C338B9F6A1F86116451E5] - [25/07/2016 11:38:39] - |A| - [28851224] - C:\WINDOWS\system32\WindowsCodecsRaw.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [8511517] - C:\WINDOWS\system32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [53207040] - C:\WINDOWS\system32\winevt
[MD5.D4B30E23A3B373648F61290DAF432CB2] - [25/07/2016 11:50:09] - |A| - [794624] - C:\WINDOWS\system32\winhttp.dll
[MD5.F6D1F548315E07F98B6294940CCBE7FB] - [25/07/2016 11:46:26] - |A| - [97280] - C:\WINDOWS\system32\winhttpcom.dll
[MD5.1EEBC6859473037A1A671738AD083C7D] - [25/07/2016 11:45:42] - |A| - [3026944] - C:\WINDOWS\system32\wininet.dll
[MD5.CD885F960066DDD538CD1BBD509A0EC0] - [25/07/2016 11:42:53] - |A| - [69632] - C:\WINDOWS\system32\wininetlui.dll
[MD5.C1C81AAF533552B3C4D9F11A5FF97700] - [25/07/2016 11:43:58] - |A| - [291360] - C:\WINDOWS\system32\wininit.exe
[MD5.BB46F924BAF7128D44B25783ED785A18] - [25/07/2016 11:43:24] - |A| - [448000] - C:\WINDOWS\system32\winipcfile.dll
[MD5.C1257DCFD6031469F154CF44E0769613] - [25/07/2016 11:43:27] - |A| - [1141248] - C:\WINDOWS\system32\winipcsecproc.dll
[MD5.BB861E878479CCBCF55D4242AC400E36] - [25/07/2016 11:36:28] - |A| - [1317640] - C:\WINDOWS\system32\winload.efi
[MD5.8C01DAF52F9923A4B9DF31F1D9331567] - [25/07/2016 11:36:25] - |A| - [1141504] - C:\WINDOWS\system32\winload.exe
[MD5.5C156EC4E44E30331BCC865A3B61D839] - [25/07/2016 11:39:13] - |A| - [585728] - C:\WINDOWS\system32\winlogon.exe
[MD5.96D121188D91FB4C9C878F30A3F7086F] - [25/07/2016 11:51:53] - |A| - [1552104] - C:\WINDOWS\system32\winmde.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [3784704] - C:\WINDOWS\system32\WinMetadata
[MD5.5DB913462AD1D5EB8766E5A51922D661] - [25/07/2016 11:42:53] - |A| - [2012672] - C:\WINDOWS\system32\winmsipc.dll
[MD5.C55144832FF73830BBBC0B5B6EED6383] - [25/07/2016 11:36:23] - |A| - [1030416] - C:\WINDOWS\system32\winresume.efi
[MD5.11FB4531482E461A71E5303F53FFDC92] - [25/07/2016 11:36:21] - |A| - [874968] - C:\WINDOWS\system32\winresume.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:31] - |D| - [110108] - C:\WINDOWS\system32\winrm
[MD5.D20C52607024BD08A88CF1CA6B339C9B] - [25/07/2016 11:50:06] - |A| - [517632] - C:\WINDOWS\system32\winspool.drv
[MD5.6C647A171ACA3838441206BBE715B0D7] - [25/07/2016 11:46:54] - |A| - [198144] - C:\WINDOWS\system32\winsrv.dll
[MD5.D02F3E132E6AD02F2CB4F9991FB77B56] - [25/07/2016 11:52:09] - |A| - [1270072] - C:\WINDOWS\system32\WinTypes.dll
[MD5.998015F786B2B9EE029FB556393CF848] - [25/07/2016 11:43:17] - |A| - [78040] - C:\WINDOWS\system32\wkscli.dll
[MD5.C991F0E48492D1550279F901AB2332B0] - [25/07/2016 11:43:38] - |A| - [390496] - C:\WINDOWS\system32\wlanapi.dll
[MD5.B26725818ECD6486A3FEB0509ED66CB3] - [25/07/2016 11:43:35] - |A| - [519680] - C:\WINDOWS\system32\WLanConn.dll
[MD5.9E5D0971925AF8E8EBAB3A98991500BD] - [25/07/2016 11:43:13] - |A| - [510464] - C:\WINDOWS\system32\WlanMediaManager.dll
[MD5.09918925526BC0B5B823CF1A2473D909] - [25/07/2016 11:43:16] - |A| - [412672] - C:\WINDOWS\system32\wlanmsm.dll
[MD5.53AC4B2658807691D2A485EE0F8A50E9] - [25/07/2016 11:44:03] - |A| - [463360] - C:\WINDOWS\system32\wlansec.dll
[MD5.453740989239803FE363FF8B40EA2E08] - [25/07/2016 11:44:14] - |A| - [2295808] - C:\WINDOWS\system32\wlansvc.dll
[MD5.0ED8556CB47EC7689D0046791F3427AE] - [25/07/2016 11:43:01] - |A| - [26112] - C:\WINDOWS\system32\wlansvcpal.dll
[MD5.D3C6155DF570181F97488A3186E4E8E2] - [25/07/2016 11:42:58] - |A| - [412672] - C:\WINDOWS\system32\wlanui.dll
[MD5.D78D829952282676116A92E1C5C3A89F] - [25/07/2016 11:41:12] - |A| - [37232] - C:\WINDOWS\system32\wldp.dll
[MD5.D229D73154CD66884BEAD67393ABE5C7] - [25/07/2016 11:41:27] - |A| - [726528] - C:\WINDOWS\system32\wlidcli.dll
[MD5.E48BBF1363F843E030757EC190DD33E6] - [25/07/2016 11:54:50] - |A| - [2057216] - C:\WINDOWS\system32\wlidsvc.dll
[MD5.67C00AEDBE4B3AD408A4910A357E046F] - [25/07/2016 11:44:08] - |A| - [786696] - C:\WINDOWS\system32\WMADMOD.DLL
[MD5.11B74BAF9BD95FC3B7F17658A8CDBF3C] - [25/07/2016 11:41:41] - |A| - [1804664] - C:\WINDOWS\system32\WMALFXGFXDSP.dll
[MD5.E5830830FB987CB46C18AB55ECC7763A] - [25/07/2016 11:36:13] - |A| - [341504] - C:\WINDOWS\system32\wmicmiplugin.dll
[MD5.6E415D9BFD8D1BC0354C3B0E4A0E1C56] - [25/07/2016 11:54:33] - |A| - [14252544] - C:\WINDOWS\system32\wmp.dll
[MD5.E750AFEDBCC48016787CB4F6644923E4] - [25/07/2016 11:35:47] - |A| - [1847808] - C:\WINDOWS\system32\WMPDMC.exe
[MD5.C9BB741EB879D6B5A6CDBE88315B030B] - [25/07/2016 11:42:58] - |A| - [373248] - C:\WINDOWS\system32\WmpDui.dll
[MD5.9D86BE6C15D60535AE36AA0D8DECFC51] - [25/07/2016 11:40:48] - |A| - [394752] - C:\WINDOWS\system32\WMPhoto.dll
[MD5.79F5E0E53F4D42D1DB0D83D719C551C9] - [25/07/2016 11:43:51] - |A| - [1554152] - C:\WINDOWS\system32\wmpmde.dll
[MD5.FC3D54BD8FBD8A053223D1EC6E9103A4] - [25/07/2016 11:48:41] - |A| - [388896] - C:\WINDOWS\system32\wmpps.dll
[MD5.B84FEAB09387BECCA1900E4BFBD899A9] - [25/07/2016 11:41:48] - |A| - [1009152] - C:\WINDOWS\system32\WMSPDMOD.DLL
[MD5.55FB0D95CC3EF6A0EB40DBDBC529787A] - [25/07/2016 11:38:43] - |A| - [1255936] - C:\WINDOWS\system32\WMSPDMOE.DLL
[MD5.23B32FD7B58007D0407B8A4191AB76BB] - [25/07/2016 11:34:48] - |A| - [28672] - C:\WINDOWS\system32\WordBreakers.dll
[MD5.3B6CCFF7AD385842A9638DCF654ABCD4] - [25/07/2016 11:38:45] - |A| - [1872896] - C:\WINDOWS\system32\workfolderssvc.dll
[MD5.6D6E9C9C70E196F6833A96C267327368] - [25/07/2016 11:45:36] - |A| - [2876928] - C:\WINDOWS\system32\Wpc.dll
[MD5.08C501FB351842DC6B5A34DFA705C28C] - [25/07/2016 11:44:52] - |A| - [1750440] - C:\WINDOWS\system32\WpcMon.exe
[MD5.9E625D3F5AAC433191CF4F16174DDE05] - [25/07/2016 11:44:11] - |A| - [824320] - C:\WINDOWS\system32\WpcWebFilter.dll
[MD5.1AC7CA0E0DA703106B6DFACD2C84E520] - [25/07/2016 11:43:55] - |A| - [2285568] - C:\WINDOWS\system32\WpcWebSync.dll
[MD5.45FA01F8B7971ACB65202038E34D04A3] - [25/07/2016 11:49:17] - |A| - [86528] - C:\WINDOWS\system32\wpdbusenum.dll
[MD5.80625D0A23E439BCAA2C3021042A5EBF] - [25/07/2016 11:49:06] - |A| - [2088960] - C:\WINDOWS\system32\wpdshext.dll
[MD5.C2F73C1C869B72BF897379A6B02CB5C2] - [25/07/2016 11:46:59] - |A| - [69120] - C:\WINDOWS\system32\WPDShServiceObj.dll
[MD5.634E0909C598C5BA50E0890D7CAFD795] - [25/07/2016 11:41:26] - |A| - [870400] - C:\WINDOWS\system32\wpncore.dll
[MD5.E9B10E704AD5B1BA5E531809C89A085B] - [25/07/2016 11:40:47] - |A| - [93184] - C:\WINDOWS\system32\wpninprc.dll
[MD5.F68AD4ACC7535D811F94A52233AE0457] - [25/07/2016 11:38:46] - |A| - [430312] - C:\WINDOWS\system32\ws2_32.dll
[MD5.F2E3456FD405F9BEACA0B8CF2BBDF0DE] - [25/07/2016 11:43:33] - |A| - [202472] - C:\WINDOWS\system32\wscapi.dll
[MD5.BA46DFBCD3D906776F0F803B6C0B5690] - [25/07/2016 11:40:47] - |A| - [185344] - C:\WINDOWS\system32\WSClient.dll
[MD5.5B813FADEA5BE9195F01C83287F823F7] - [25/07/2016 11:43:38] - |A| - [190464] - C:\WINDOWS\system32\wscsvc.dll
[MD5.38C87ECB57CB973AA5DA633B91778670] - [25/07/2016 11:43:02] - |A| - [676352] - C:\WINDOWS\system32\WSDApi.dll
[MD5.12D83590FEF1C8C28DBF3323C61E831A] - [25/07/2016 11:47:28] - |A| - [31232] - C:\WINDOWS\system32\wsdchngr.dll
[MD5.C3534256AF526A16AADBA335AA99D58F] - [25/07/2016 11:37:44] - |A| - [63488] - C:\WINDOWS\system32\wshbth.dll
[MD5.8321155AACF85779A42582B0CD5084A4] - [25/07/2016 11:43:37] - |A| - [148992] - C:\WINDOWS\system32\wshom.ocx
[MD5.EFA47480BEB0968E3A18479593B2E60C] - [25/07/2016 11:37:43] - |A| - [18944] - C:\WINDOWS\system32\wshrm.dll
[MD5.D0E812616609B1E6E3317FF46B9177C8] - [25/07/2016 11:42:39] - |A| - [44032] - C:\WINDOWS\system32\wsplib.dll
[MD5.7185B16516478DF0061C2561C1B072CE] - [25/07/2016 11:47:18] - |A| - [228352] - C:\WINDOWS\system32\wsqmcons.exe
[MD5.1E099AE79C6D58063E0B4F538732B87F] - [25/07/2016 11:42:23] - |A| - [3449168] - C:\WINDOWS\system32\WSService.dll
[MD5.518ABEC8D3C1EEB1C64FDC3B77CD428C] - [25/07/2016 11:41:18] - |A| - [961536] - C:\WINDOWS\system32\WSShared.dll
[MD5.8E908E944599C9134A209D5876884C07] - [25/07/2016 11:40:48] - |A| - [183808] - C:\WINDOWS\system32\WSSync.dll
[MD5.F1DF87BCF5429D48484E78FB1933326B] - [25/07/2016 11:39:03] - |A| - [848896] - C:\WINDOWS\system32\wuapi.dll
[MD5.CC270562CC41D32D118D9EA75E966FE5] - [25/07/2016 11:38:11] - |A| - [26408] - C:\WINDOWS\system32\wuauclt.exe
[MD5.F2A9089A715EC55EA8A5C660F724A7B3] - [25/07/2016 11:39:21] - |A| - [2280448] - C:\WINDOWS\system32\wuaueng.dll
[MD5.F5B8CC586CE9D6187F412B5DFE932468] - [25/07/2016 11:38:11] - |A| - [33280] - C:\WINDOWS\system32\wuautoappupdate.dll
[MD5.862FCF0385E0D94A2CD2FB4604096CDB] - [25/07/2016 11:40:29] - |A| - [200192] - C:\WINDOWS\system32\WUDFPlatform.dll
[MD5.90A52EBAC043CFCA92E5F3DEAD4BBB4C] - [25/07/2016 11:38:13] - |A| - [48128] - C:\WINDOWS\system32\wups.dll
[MD5.DC59D9253F50A2D329945CBDBE3B8B7A] - [25/07/2016 11:37:41] - |A| - [32256] - C:\WINDOWS\system32\wups2.dll
[MD5.FA913C83823C2BA250E80AAE2E3905D1] - [25/07/2016 11:48:58] - |A| - [381952] - C:\WINDOWS\system32\wuuhext.dll
[MD5.0C41EA00D56409637B157DAA3C7ECDE0] - [25/07/2016 11:43:52] - |A| - [808288] - C:\WINDOWS\system32\WWAHost.exe
[MD5.BF53DA0A9C4BC6A0D8DCF529154DBF74] - [25/07/2016 11:43:52] - |A| - [538632] - C:\WINDOWS\system32\WWanAPI.dll
[MD5.8938F957903BBA18ED242AE4DBF419FD] - [25/07/2016 11:42:41] - |A| - [73728] - C:\WINDOWS\system32\wwancfg.dll
[MD5.6630413C9F5E87F0C097D77AD96CBBC3] - [25/07/2016 11:43:26] - |A| - [465920] - C:\WINDOWS\system32\wwanconn.dll
[MD5.FB468F3E01B83C0878F024B8B15F8A78] - [25/07/2016 11:43:05] - |A| - [6572032] - C:\WINDOWS\system32\wwanmm.dll
[MD5.716E299C1058C9F2030F31BC7270A210] - [25/07/2016 11:42:40] - |A| - [52224] - C:\WINDOWS\system32\Wwanpref.dll
[MD5.447413C46C687CF730051DD8B4EA12F6] - [25/07/2016 11:42:40] - |A| - [75264] - C:\WINDOWS\system32\wwanprotdim.dll
[MD5.5DA95027DF2317174E8C39B4A8D1FCD8] - [25/07/2016 11:45:28] - |A| - [1213440] - C:\WINDOWS\system32\wwansvc.dll
[MD5.F40D409308162E071561049ACADF753C] - [25/07/2016 11:43:10] - |A| - [80600] - C:\WINDOWS\system32\wwapi.dll
[MD5.5DFAF8BE5A3CABAABF6795BC09EB7876] - [25/07/2016 11:53:48] - |A| - [948736] - C:\WINDOWS\system32\XblAuthManager.dll
[MD5.6D7B4647F5FB25CE88E2555A9DFF1D2E] - [25/07/2016 11:47:54] - |A| - [70656] - C:\WINDOWS\system32\XblAuthManagerProxy.dll
[MD5.E0FBBE85A7DC215F97F7B81236CE2674] - [25/07/2016 11:46:20] - |A| - [60928] - C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
[MD5.7118498F6E48758A2EF5A7D1982E2B62] - [25/07/2016 11:42:05] - |A| - [1139712] - C:\WINDOWS\system32\XblGameSave.dll
[MD5.69E727F94BEA64E66C284F3C482F33E6] - [25/07/2016 11:39:09] - |A| - [1035776] - C:\WINDOWS\system32\XboxNetApiSvc.dll
[MD5.928C7B3D285CD3485267E6B819748DA4] - [25/07/2016 11:39:00] - |A| - [4646912] - C:\WINDOWS\system32\xpsrchvw.exe
[MD5.5FCE18E28E0439C147A16323961CD1FA] - [25/07/2016 11:36:43] - |A| - [3046400] - C:\WINDOWS\system32\xpsservices.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [209408] - C:\WINDOWS\system32\zh-CN
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [203776] - C:\WINDOWS\system32\zh-HK
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [203776] - C:\WINDOWS\system32\zh-TW
[MD5.E57B9A2BBBBB39F369A1141472A3DDFD] - [25/07/2016 11:42:59] - |A| - [392192] - C:\WINDOWS\system32\zipfldr.dll
[MD5.8A48AEAACC0F44E999BEC15BF017E74B] - [25/07/2016 11:35:28] - |A| - [36864] - C:\WINDOWS\system32\ztrace_maps.dll
[MD5.469441BAE3FF8A16826FC62C51EF5E18] - [25/07/2016 11:36:25] - |A| - [563552] - C:\WINDOWS\system32\Drivers\acpi.sys
[MD5.70148EFA9A562E7185B75BBE7D376BF7] - [25/07/2016 11:38:51] - |A| - [578912] - C:\WINDOWS\system32\Drivers\afd.sys
[MD5.EDDB0D726DBECDFC1DBCC6DB464E5A13] - [25/07/2016 11:41:06] - |A| - [146272] - C:\WINDOWS\system32\Drivers\appid.sys
[MD5.A4411C522D41707D5BCA817A5BB9E30B] - [25/07/2016 11:38:26] - |A| - [114688] - C:\WINDOWS\system32\Drivers\bridge.sys
[MD5.C24C27FDF93B85A4EFCF25F830253AA2] - [25/07/2016 11:43:22] - |A| - [117248] - C:\WINDOWS\system32\Drivers\capimg.sys
[MD5.309E3CFC5309CECD9317A69990716A87] - [25/07/2016 11:43:34] - |A| - [604928] - C:\WINDOWS\system32\Drivers\cng.sys
[MD5.935823F79CBEDB91637B63D37E3A5A36] - [25/07/2016 11:36:33] - |A| - [148480] - C:\WINDOWS\system32\Drivers\dfsc.sys
[MD5.8359F776CA899E761852F2293B724EAE] - [25/07/2016 11:35:59] - |A| - [185184] - C:\WINDOWS\system32\Drivers\dumpsd.sys
[MD5.3996DF4D52FD6273750C7033D1447C0A] - [25/07/2016 11:54:49] - |A| - [31744] - C:\WINDOWS\system32\Drivers\dumpsdport.sys
[MD5.97BFC3BD9F910B24EB956FF3387C71CF] - [25/07/2016 11:53:30] - |A| - [1987936] - C:\WINDOWS\system32\Drivers\dxgkrnl.sys
[MD5.66FDDD2004332EED0A8262E9762EB457] - [25/07/2016 11:48:52] - |A| - [393568] - C:\WINDOWS\system32\Drivers\dxgmms1.sys
[MD5.91A2D07C017068FD2F11414E8D676EC5] - [25/07/2016 11:50:04] - |A| - [577376] - C:\WINDOWS\system32\Drivers\dxgmms2.sys
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:27] - |D| - [68608] - C:\WINDOWS\system32\Drivers\en-US
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [23735] - C:\WINDOWS\system32\Drivers\etc
[MD5.C330883C06E2D4CE4F6982F048265D37] - [25/07/2016 11:43:47] - |A| - [335712] - C:\WINDOWS\system32\Drivers\fastfat.sys
[MD5.8F2523C9D8F1448FF2156452AF60FA00] - [25/07/2016 11:38:23] - |A| - [87552] - C:\WINDOWS\system32\Drivers\filecrypt.sys
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:27] - |D| - [1479168] - C:\WINDOWS\system32\Drivers\fr-FR
[MD5.50DFE05C698E9B0A63D95E3D669A105C] - [25/07/2016 11:41:35] - |A| - [638816] - C:\WINDOWS\system32\Drivers\fvevol.sys
[MD5.1480F5E5EB49487F8B040F4340561928] - [25/07/2016 19:13:51] - |A| - [204688] - C:\WINDOWS\system32\Drivers\fwndislwf64.sys
[MD5.2B94E767EECD3982F7E1541D1384DA36] - [25/07/2016 19:13:51] - |A| - [321416] - C:\WINDOWS\system32\Drivers\fwndislwf64.sys.tmp
[MD5.020F3FD207AFEDAC8E05E4C567547A78] - [25/07/2016 11:43:19] - |A| - [155136] - C:\WINDOWS\system32\Drivers\hidclass.sys
[MD5.63C3F74DC398A1C1A77E39DFB9C312CA] - [25/07/2016 11:38:57] - |A| - [1089888] - C:\WINDOWS\system32\Drivers\http.sys
[MD5.5DFF4CF4DF7FD11AE5A1DAD8C67619D2] - [25/07/2016 11:43:25] - |A| - [161632] - C:\WINDOWS\system32\Drivers\ksecpkg.sys
[MD5.BF6CA7EA5ECD6CF72D3D76652A9B8280] - [25/07/2016 11:38:46] - |A| - [144384] - C:\WINDOWS\system32\Drivers\mrxdav.sys
[MD5.0B3B0C1D86050355676640488FA897D3] - [25/07/2016 11:36:18] - |A| - [430944] - C:\WINDOWS\system32\Drivers\mrxsmb.sys
[MD5.1A490555FD330CA2764D89191177C867] - [25/07/2016 11:48:43] - |A| - [285696] - C:\WINDOWS\system32\Drivers\mrxsmb10.sys
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 18:05:17] - |AH| - [0] - C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
[MD5.E582DA849A58524E645545FB68B6625D] - [25/07/2016 11:38:27] - |A| - [1152864] - C:\WINDOWS\system32\Drivers\ndis.sys
[MD5.883A36E2FF7FA3E1281CB575579FE3AF] - [25/07/2016 11:37:58] - |A| - [124928] - C:\WINDOWS\system32\Drivers\Ndu.sys
[MD5.C03E926B0E7D66D68994067231DC3246] - [25/07/2016 11:41:23] - |A| - [278528] - C:\WINDOWS\system32\Drivers\netbt.sys
[MD5.19BD8A88AAC580592668B070AC0727D9] - [25/07/2016 11:45:41] - |A| - [2152280] - C:\WINDOWS\system32\Drivers\ntfs.sys
[MD5.549DFD8240CF20BFBD88AD9D89325DBF] - [25/07/2016 11:43:18] - |A| - [530432] - C:\WINDOWS\system32\Drivers\nwifi.sys
[MD5.D330D74B5F99309B5CCA30AE41C57CDE] - [25/07/2016 11:43:15] - |A| - [118624] - C:\WINDOWS\system32\Drivers\partmgr.sys
[MD5.EF94E21C3220AE3F8539542EC0B3FF06] - [25/07/2016 11:43:49] - |A| - [331616] - C:\WINDOWS\system32\Drivers\pci.sys
[MD5.67B9684B8272D5EBD1CCBB1DBD425EC8] - [25/07/2016 11:35:28] - |A| - [99680] - C:\WINDOWS\system32\Drivers\pdc.sys
[MD5.0731E8F4D8D3B8D3FD98A46A8ABFE0A0] - [25/07/2016 11:39:52] - |A| - [333824] - C:\WINDOWS\system32\Drivers\portcls.sys
[MD5.E3C82823B22463BC38AA4F8ADA852624] - [25/07/2016 11:37:48] - |A| - [104960] - C:\WINDOWS\system32\Drivers\rasl2tp.sys
[MD5.DBBACE77DDE8CCFD85B37B114965C385] - [25/07/2016 11:38:44] - |A| - [147968] - C:\WINDOWS\system32\Drivers\rmcast.sys
[MD5.1CDA6D0A2345AA589949AE9C83853913] - [25/07/2016 11:35:27] - |A| - [277856] - C:\WINDOWS\system32\Drivers\sdbus.sys
[MD5.B880BE37452AB1D4AA93845F58EF7960] - [25/07/2016 11:36:34] - |A| - [95072] - C:\WINDOWS\system32\Drivers\sdport.sys
[MD5.DE6D7DC78D956928F59F7415A0F41E13] - [25/07/2016 11:41:15] - |A| - [95072] - C:\WINDOWS\system32\Drivers\sdstor.sys
[MD5.249A563C48DFD9E42A37587653E003BB] - [25/07/2016 11:43:01] - |A| - [83968] - C:\WINDOWS\system32\Drivers\serial.sys
[MD5.BE88248427A6AA548A904FD867667F70] - [25/07/2016 11:48:52] - |A| - [406528] - C:\WINDOWS\system32\Drivers\srv.sys
[MD5.2568B86F6A50D254324CB89022CA9EFC] - [25/07/2016 11:41:23] - |A| - [690176] - C:\WINDOWS\system32\Drivers\srv2.sys
[MD5.6E520D6B16EA8AE23D1F81C1194F00C8] - [25/07/2016 11:41:07] - |A| - [237056] - C:\WINDOWS\system32\Drivers\srvnet.sys
[MD5.CF63BF6AAEDF721E37F9E216FD321B8E] - [25/07/2016 11:36:35] - |A| - [2403168] - C:\WINDOWS\system32\Drivers\tcpip.sys
[MD5.91D3F2A6253EF83EFBD7903028F58C4D] - [25/07/2016 11:36:29] - |A| - [118624] - C:\WINDOWS\system32\Drivers\tdx.sys
[MD5.87B9ABB965F7AF987D52791F0DD1663D] - [25/07/2016 11:47:34] - |A| - [211296] - C:\WINDOWS\system32\Drivers\tpm.sys
[MD5.82D3B1F4D80057826AA649D78147DE36] - [25/07/2016 11:41:20] - |A| - [63488] - C:\WINDOWS\system32\Drivers\UcmCx.sys
[MD5.05DD22294A4F3F89E52351C7721E6D2C] - [25/07/2016 11:36:16] - |A| - [258912] - C:\WINDOWS\system32\Drivers\ufx01000.sys
[MD5.2A87EA182EA333D79AA0B03833EA67F2] - [25/07/2016 11:43:39] - |A| - [131424] - C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
[MD5.00000000000000000000000000000000] - [25/07/2016 18:37:49] - |D| - [1447424] - C:\WINDOWS\system32\Drivers\UMDF
[MD5.E7463CE8579A0418A98BE9BE42C647D7] - [25/07/2016 11:44:03] - |A| - [534872] - C:\WINDOWS\system32\Drivers\USBHUB3.SYS
[MD5.4AAD6547953D373A1EB5B2DF583D868B] - [25/07/2016 11:43:03] - |A| - [67072] - C:\WINDOWS\system32\Drivers\usbser.sys
[MD5.8949F77132A4F8F3BA17C6727099F002] - [25/07/2016 11:43:10] - |A| - [127840] - C:\WINDOWS\system32\Drivers\USBSTOR.SYS
[MD5.9E9D58F5E1702955B2F4D62996F80E8E] - [25/07/2016 11:44:00] - |A| - [378208] - C:\WINDOWS\system32\Drivers\USBXHCI.SYS
[MD5.2BC2E99623119521EEF7910A11D0FDE0] - [25/07/2016 11:43:52] - |A| - [694784] - C:\WINDOWS\system32\Drivers\WdiWiFi.sys
[MD5.EF536C54AB9281FDC4E83B07279FCFC4] - [25/07/2016 11:40:56] - |A| - [35680] - C:\WINDOWS\system32\Drivers\wimmount.sys
[MD5.F279536122B83FD0D8E158AA753E1B7C] - [25/07/2016 11:49:35] - |A| - [238592] - C:\WINDOWS\system32\Drivers\xboxgip.sys
[MD5.DA0807D87A62D076C29C4E30F1E84F46] - [25/07/2016 11:46:26] - |A| - [26112] - C:\WINDOWS\system32\Drivers\xinputhid.sys
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:31] - |D| - [0] - C:\WINDOWS\syswow64\0409
[MD5.7D276C5DF303462091092C3311027D30] - [25/07/2016 11:41:32] - |A| - [129024] - C:\WINDOWS\syswow64\AboveLockAppHost.dll
[MD5.B1D8636E375413D57B50BDE20CA5E710] - [25/07/2016 11:41:53] - |A| - [358400] - C:\WINDOWS\syswow64\AccountsRt.dll
[MD5.19157418D05756492D3F54751EC5B041] - [25/07/2016 11:47:06] - |A| - [546816] - C:\WINDOWS\syswow64\ActionCenterCPL.dll
[MD5.B981A07C0A0CCE68BD90DF3E3EC520DE] - [25/07/2016 11:41:47] - |A| - [1707520] - C:\WINDOWS\syswow64\ActiveSyncProvider.dll
[MD5.98DA8D97E83C73E7AD7A142A801E1898] - [25/07/2016 11:39:08] - |A| - [2193408] - C:\WINDOWS\syswow64\actxprxy.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [2256224] - C:\WINDOWS\syswow64\AdvancedInstallers
[MD5.30C2700A2CDEF6042585C9296ABC9054] - [25/07/2016 11:41:29] - |A| - [499432] - C:\WINDOWS\syswow64\advapi32.dll
[MD5.BBB9376A3D8764A6763183340625FCEA] - [25/07/2016 11:42:45] - |A| - [70656] - C:\WINDOWS\syswow64\AppCapture.dll
[MD5.836DF245362A9E09CC050EB107E85D74] - [25/07/2016 11:36:33] - |A| - [467456] - C:\WINDOWS\syswow64\AppContracts.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\AppLocker
[MD5.5A212173FC0622865F409B16ED77C9DF] - [25/07/2016 11:35:53] - |A| - [98304] - C:\WINDOWS\syswow64\AppointmentActivation.dll
[MD5.620737C11CD32E03299E0B60BC896230] - [25/07/2016 11:36:57] - |A| - [552960] - C:\WINDOWS\syswow64\AppointmentApis.dll
[MD5.E48A7C15B395A8F1537CE249183D508F] - [25/07/2016 11:38:00] - |A| - [190464] - C:\WINDOWS\syswow64\apprepapi.dll
[MD5.8686191CF27D6707FC890A6CD4CB552A] - [25/07/2016 11:37:45] - |A| - [260096] - C:\WINDOWS\syswow64\apprepsync.dll
[MD5.AE3444858CB88D033427C1E9D6FE749E] - [25/07/2016 11:40:53] - |A| - [738816] - C:\WINDOWS\syswow64\appwiz.cpl
[MD5.1B26C71109A2EA27DD6684719BF493EC] - [25/07/2016 11:41:39] - |A| - [188256] - C:\WINDOWS\syswow64\AppxAllUserStore.dll
[MD5.8E8FBA400CD678AB46D46BB24921A051] - [25/07/2016 11:36:32] - |A| - [342528] - C:\WINDOWS\syswow64\AppXDeploymentClient.dll
[MD5.A495EA4706387D12C00641D8C48BA527] - [25/07/2016 11:43:32] - |A| - [890368] - C:\WINDOWS\syswow64\AppxPackaging.dll
[MD5.9B034D049D1C6EC9BED55D2F27D86ED9] - [25/07/2016 11:39:40] - |A| - [2186] - C:\WINDOWS\syswow64\AppxProvisioning.xml
[MD5.15E75D27F0C67A7A21D5A514601F0E5A] - [25/07/2016 11:35:18] - |A| - [135168] - C:\WINDOWS\syswow64\AppxSip.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [256512] - C:\WINDOWS\syswow64\ar-SA
[MD5.97E96ABEBCB6CF556406781C47C5282A] - [25/07/2016 11:38:07] - |A| - [78848] - C:\WINDOWS\syswow64\asycfilt.dll
[MD5.5922C03A67F868265E5AB176DB6D641D] - [25/07/2016 11:43:57] - |A| - [316256] - C:\WINDOWS\syswow64\atmfd.dll
[MD5.FB68B81CBD3F79D09E3EA1D0DFB424B6] - [25/07/2016 11:42:37] - |A| - [37376] - C:\WINDOWS\syswow64\atmlib.dll
[MD5.D0693220928997E1DD513B261AF86308] - [25/07/2016 11:38:59] - |A| - [454056] - C:\WINDOWS\syswow64\AudioEng.dll
[MD5.A60B02C7D70EEBF8E362BA5C06339177] - [25/07/2016 11:38:12] - |A| - [366224] - C:\WINDOWS\syswow64\AUDIOKSE.dll
[MD5.86128937B83E51BF543CBCB854AE4FFC] - [25/07/2016 11:39:09] - |A| - [405568] - C:\WINDOWS\syswow64\AudioSes.dll
[MD5.96E0F50ABD43C92B4B66154113C701DE] - [25/07/2016 11:41:22] - |A| - [2155008] - C:\WINDOWS\syswow64\authui.dll
[MD5.56BBCFD02C4C5248CAF8EAF8236A4674] - [25/07/2016 11:43:45] - |A| - [667648] - C:\WINDOWS\syswow64\AzureSettingSyncProvider.dll
[MD5.F60E1993D8D8FD2E23516C1278B209C1] - [25/07/2016 11:37:41] - |A| - [34304] - C:\WINDOWS\syswow64\BackgroundTransferHost.exe
[MD5.312472050BECE16F51493C95CCE91B57] - [25/07/2016 11:42:52] - |A| - [334336] - C:\WINDOWS\syswow64\bcastdvr.exe
[MD5.75F7D82383D8CF10D5999874993A2EF5] - [25/07/2016 11:42:38] - |A| - [27136] - C:\WINDOWS\syswow64\bcastdvr.proxy.dll
[MD5.2FDF5001427D457AC43942FADC742404] - [25/07/2016 11:43:12] - |A| - [360480] - C:\WINDOWS\syswow64\bcryptprimitives.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [227328] - C:\WINDOWS\syswow64\bg-BG
[MD5.3BFBC5158CC4CA508FEC8284DB6727FD] - [25/07/2016 11:52:32] - |A| - [5205504] - C:\WINDOWS\syswow64\BingMaps.dll
[MD5.7CDF1630DCF7C9167E551874D18C3CE0] - [25/07/2016 11:52:05] - |A| - [709120] - C:\WINDOWS\syswow64\BingOnlineServices.dll
[MD5.DA97C8A8C517210E4ACA90E45C836E80] - [25/07/2016 11:47:26] - |A| - [80896] - C:\WINDOWS\syswow64\BluetoothApis.dll
[MD5.3EB91A44E6BCD05CA257E113FCA1DA0C] - [25/07/2016 11:38:06] - |A| - [43520] - C:\WINDOWS\syswow64\browcli.dll
[MD5.359765C7C700F7CED909A69C5DBBD943] - [25/07/2016 11:40:48] - |A| - [140800] - C:\WINDOWS\syswow64\BrowserSettingSync.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [952] - C:\WINDOWS\syswow64\Bthprops
[MD5.89C06DA6E3B3C06F69E2CAFB3431CAF5] - [25/07/2016 11:46:56] - |A| - [31232] - C:\WINDOWS\syswow64\ByteCodeGenerator.exe
[MD5.75B5C1588D3703F44004D3EB2BD358AD] - [25/07/2016 11:35:04] - |A| - [129024] - C:\WINDOWS\syswow64\CallHistoryClient.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\catroot
[MD5.4C421E34FF4A836590401A3E9A5B5DE8] - [25/07/2016 11:35:21] - |A| - [415744] - C:\WINDOWS\syswow64\catsrvut.dll
[MD5.A820BD54E6B4A68C6E4490EA23FA5650] - [25/07/2016 11:54:24] - |A| - [1860096] - C:\WINDOWS\syswow64\cdp.dll
[MD5.56315A6A6598E701BB0A5F506DA6143E] - [25/07/2016 11:35:42] - |A| - [200704] - C:\WINDOWS\syswow64\cemapi.dll
[MD5.4907E0A9216A6DCEAB351F534A97FAFC] - [25/07/2016 11:42:56] - |A| - [339456] - C:\WINDOWS\syswow64\certcli.dll
[MD5.C34CC619C1F747F81D2C2C47D5C1B095] - [25/07/2016 11:41:46] - |A| - [2604032] - C:\WINDOWS\syswow64\CertEnroll.dll
[MD5.0FC0E3CA4D36EB8A3BC1BA48436C1645] - [25/07/2016 11:37:57] - |A| - [63488] - C:\WINDOWS\syswow64\cfgbkend.dll
[MD5.31AC81040FBFB538619282F47C3ED884] - [25/07/2016 11:54:06] - |A| - [5660672] - C:\WINDOWS\syswow64\Chakra.dll
[MD5.395F9E50709FAE503C339047207E46CF] - [25/07/2016 11:36:19] - |A| - [540160] - C:\WINDOWS\syswow64\ChatApis.dll
[MD5.DFB970BC93678AFA2F95A51BF1506049] - [25/07/2016 11:40:58] - |A| - [64584] - C:\WINDOWS\syswow64\Clipc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [328192] - C:\WINDOWS\syswow64\Com
[MD5.CBE2DFB96C188DC8913B0CCBFA50C2FF] - [25/07/2016 11:39:22] - |A| - [1824264] - C:\WINDOWS\syswow64\combase.dll
[MD5.03BF64E3FD79A5C4FD0B51659B164EDC] - [25/07/2016 11:42:52] - |A| - [965120] - C:\WINDOWS\syswow64\comdlg32.dll
[MD5.5B64BFE61393D22D908BB5E2A17B6147] - [25/07/2016 11:37:12] - |A| - [1328128] - C:\WINDOWS\syswow64\comsvcs.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [7281] - C:\WINDOWS\syswow64\config
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |SD| - [49954] - C:\WINDOWS\syswow64\Configuration
[MD5.EB5DBA11B7C79B28A759AF12F03A17BB] - [25/07/2016 11:36:59] - |A| - [769536] - C:\WINDOWS\syswow64\ContactApis.dll
[MD5.460CDD92C5283DCB9E35AF2B8DB7F200] - [25/07/2016 11:36:45] - |A| - [461824] - C:\WINDOWS\syswow64\CoreMessaging.dll
[MD5.766F809BC576BC57FF3B7C343D1E8881] - [25/07/2016 11:41:51] - |A| - [1862008] - C:\WINDOWS\syswow64\CoreUIComponents.dll
[MD5.ADCC41AF6513D5192E0C1A250D2ED4A1] - [25/07/2016 11:41:45] - |A| - [348672] - C:\WINDOWS\syswow64\CredProvDataModel.dll
[MD5.B4643C990D071EE99D9713336052F97B] - [25/07/2016 11:41:19] - |A| - [193024] - C:\WINDOWS\syswow64\credprovhost.dll
[MD5.2E7375FB616E7F729B077628F9BF2537] - [25/07/2016 11:35:05] - |A| - [220672] - C:\WINDOWS\syswow64\credprovs.dll
[MD5.E247EAA09FE6397200205FA90BF87C1D] - [25/07/2016 11:38:55] - |A| - [1536600] - C:\WINDOWS\syswow64\crypt32.dll
[MD5.AB48B90C4DB88D2F31D1A6F460F76D29] - [25/07/2016 11:36:13] - |A| - [241664] - C:\WINDOWS\syswow64\cryptngc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [274944] - C:\WINDOWS\syswow64\cs-CZ
[MD5.00C8B201BE1C9705906A484DBE5D6332] - [25/07/2016 11:39:11] - |A| - [4759040] - C:\WINDOWS\syswow64\d2d1.dll
[MD5.A825405D442EB9A2526468E16296DD58] - [25/07/2016 11:38:59] - |A| - [513368] - C:\WINDOWS\syswow64\d3d10level9.dll
[MD5.92A252E7DAF67D36BC81758A0F8596EB] - [25/07/2016 11:38:56] - |A| - [2195632] - C:\WINDOWS\syswow64\d3d10warp.dll
[MD5.4963662B1CBB0035FD5D6832824DC7B6] - [25/07/2016 11:39:06] - |A| - [2186864] - C:\WINDOWS\syswow64\d3d11.dll
[MD5.4102898869C3F72FBD50E7A7D003F530] - [25/07/2016 11:41:42] - |A| - [1866104] - C:\WINDOWS\syswow64\d3d9.dll
[MD5.9FFEF91F0BEE39FAE2305ACE3C11B4A8] - [25/07/2016 11:43:01] - |A| - [3695104] - C:\WINDOWS\syswow64\D3DCompiler_47.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [271872] - C:\WINDOWS\syswow64\da-DK
[MD5.7CF445915FC12FA890EFE5D43AD8B2F9] - [25/07/2016 11:41:39] - |A| - [4078080] - C:\WINDOWS\syswow64\dbgeng.dll
[MD5.F0ED21F9D39229B305C363B6ED023170] - [25/07/2016 11:42:40] - |A| - [11776] - C:\WINDOWS\syswow64\dciman32.dll
[MD5.83CF09D8FE73DC8FA7374C98B32243DF] - [25/07/2016 11:38:44] - |A| - [675064] - C:\WINDOWS\syswow64\dcomp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [305664] - C:\WINDOWS\syswow64\de-DE
[MD5.856AD15FD2D187EA8435564A135C85C0] - [25/07/2016 11:43:55] - |A| - [228352] - C:\WINDOWS\syswow64\deviceaccess.dll
[MD5.1E00F1B16E727B3D23F6516988F2E7EA] - [25/07/2016 11:39:55] - |A| - [502272] - C:\WINDOWS\syswow64\DevicePairing.dll
[MD5.CEF14DB231B344BBDBF7C04A12D8336B] - [25/07/2016 11:42:51] - |A| - [293888] - C:\WINDOWS\syswow64\dhcpcore.dll
[MD5.8000FB1D40149AC05F6BDE9248A6B956] - [25/07/2016 11:43:11] - |A| - [230400] - C:\WINDOWS\syswow64\dhcpcore6.dll
[MD5.88A3958213B43EED8402D4496149924A] - [25/07/2016 11:42:54] - |A| - [64000] - C:\WINDOWS\syswow64\dhcpcsvc.dll
[MD5.4F34CCC76E60CCE8BA12663A747EC05B] - [25/07/2016 11:42:55] - |A| - [57344] - C:\WINDOWS\syswow64\dhcpcsvc6.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |SD| - [17920] - C:\WINDOWS\syswow64\DiagSvcs
[MD5.A1A9DDD5C6A335C0B97423A2F75C9299] - [25/07/2016 11:38:58] - |A| - [453472] - C:\WINDOWS\syswow64\directmanipulation.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [5992704] - C:\WINDOWS\syswow64\Dism
[MD5.1E506E10685E8774F12BF5E2F10197F1] - [25/07/2016 11:40:42] - |A| - [736768] - C:\WINDOWS\syswow64\Display.dll
[MD5.053E2D136DB8A4743E4C40D5D979834B] - [25/07/2016 11:36:25] - |A| - [200704] - C:\WINDOWS\syswow64\DisplayManager.dll
[MD5.A3F164387FAF9C571959C73361317F04] - [25/07/2016 11:37:54] - |A| - [442368] - C:\WINDOWS\syswow64\dlnashext.dll
[MD5.415F514AA00B37A1772639F7B22BC305] - [25/07/2016 11:35:18] - |A| - [217600] - C:\WINDOWS\syswow64\dmdskmgr.dll
[MD5.6A7ACABAE92C837F5C1330188EAE36AE] - [25/07/2016 11:49:56] - |A| - [535080] - C:\WINDOWS\syswow64\dnsapi.dll
[MD5.29C26A25041DC901A01A021D31B0FDD8] - [25/07/2016 11:46:34] - |A| - [292864] - C:\WINDOWS\syswow64\dot3ui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [1146976] - C:\WINDOWS\syswow64\downlevel
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [3482266] - C:\WINDOWS\syswow64\drivers
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\DriverStore
[MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - [25/07/2016 18:39:19] - |A| - [215943] - C:\WINDOWS\syswow64\dssec.dat
[MD5.332384C9BF8D46044F3A5189A2E7C6FE] - [25/07/2016 11:35:51] - |A| - [1448960] - C:\WINDOWS\syswow64\dui70.dll
[MD5.737FC213AB9B3494E8677D12F08B8703] - [25/07/2016 11:35:13] - |A| - [482816] - C:\WINDOWS\syswow64\duser.dll
[MD5.0313658DF0E7A0F28F9580AF15B37531] - [25/07/2016 11:38:52] - |A| - [1626112] - C:\WINDOWS\syswow64\dwmcore.dll
[MD5.DE4C532C704002ED07B523208327629C] - [25/07/2016 11:49:00] - |A| - [1987072] - C:\WINDOWS\syswow64\DWrite.dll
[MD5.7CDA291CF22B91DDBB88B5089EBE25CE] - [25/07/2016 11:39:04] - |A| - [521152] - C:\WINDOWS\syswow64\dxgi.dll
[MD5.6AA3C6E88196938932ADE02296C33458] - [25/07/2016 11:47:14] - |A| - [268800] - C:\WINDOWS\syswow64\dxtrans.dll
[MD5.733B5C5DCFEB74A288F69272A79FCBF7] - [25/07/2016 11:37:49] - |A| - [248320] - C:\WINDOWS\syswow64\eapp3hst.dll
[MD5.19D8F7D29B8B94071DAC6453690BB5CA] - [25/07/2016 11:38:13] - |A| - [284160] - C:\WINDOWS\syswow64\eappcfg.dll
[MD5.5642D8C9041FF6F1EE88E42C90639CA8] - [25/07/2016 11:37:47] - |A| - [96256] - C:\WINDOWS\syswow64\eappgnui.dll
[MD5.4FAB17214FC37489C59B19CED55D4B7F] - [25/07/2016 11:37:50] - |A| - [238592] - C:\WINDOWS\syswow64\eapphost.dll
[MD5.9160F82BF248F5CD2A5CA4C109369D41] - [25/07/2016 11:37:53] - |A| - [55808] - C:\WINDOWS\syswow64\eappprxy.dll
[MD5.F297B1F54D3FF42732C89C738AEC041F] - [25/07/2016 11:37:55] - |A| - [141824] - C:\WINDOWS\syswow64\easwrt.dll
[MD5.21CB86D69B268182994F981471FCBB82] - [25/07/2016 11:54:59] - |A| - [18674176] - C:\WINDOWS\syswow64\edgehtml.dll
[MD5.65E98344070A6C0B66ED476F735B14D3] - [25/07/2016 11:46:22] - |A| - [59904] - C:\WINDOWS\syswow64\EditBufferTestHook.dll
[MD5.EA11A61E656D6CC6F5001F8366B2BA08] - [25/07/2016 11:37:49] - |A| - [279040] - C:\WINDOWS\syswow64\edputil.dll
[MD5.051FDE1463E8468FACFC38C63B4D8FE3] - [25/07/2016 11:35:03] - |A| - [442880] - C:\WINDOWS\syswow64\efswrt.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [299520] - C:\WINDOWS\syswow64\el-GR
[MD5.2C84609F09FD003FA955567D395EEA8A] - [25/07/2016 11:35:46] - |A| - [575488] - C:\WINDOWS\syswow64\EmailApis.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:32] - |D| - [0] - C:\WINDOWS\syswow64\en
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [218624] - C:\WINDOWS\syswow64\en-GB
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [1638912] - C:\WINDOWS\syswow64\en-US
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [295424] - C:\WINDOWS\syswow64\es-ES
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [237568] - C:\WINDOWS\syswow64\es-MX
[MD5.402A33FCE08200518FB0012A6BF2E966] - [25/07/2016 11:54:52] - |A| - [2722816] - C:\WINDOWS\syswow64\esent.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [213504] - C:\WINDOWS\syswow64\et-EE
[MD5.FAE7DA27029FDDA27375722B4DC387D7] - [25/07/2016 11:41:51] - |A| - [138240] - C:\WINDOWS\syswow64\ETWCoreUIComponentsResources.dll
[MD5.B44BC5CC78CF476028D1939A7712BD93] - [25/07/2016 11:44:24] - |A| - [652312] - C:\WINDOWS\syswow64\evr.dll
[MD5.BC98A3374DAB7CE9E600A667FDCD9F96] - [25/07/2016 11:35:14] - |A| - [193536] - C:\WINDOWS\syswow64\ExecModelClient.dll
[MD5.B6113983ED77D6FE99BDEE461E7BE004] - [25/07/2016 11:41:54] - |A| - [4074160] - C:\WINDOWS\syswow64\explorer.exe
[MD5.23D61B1CFA38F287D8C31A4816315454] - [25/07/2016 11:44:07] - |A| - [4413440] - C:\WINDOWS\syswow64\ExplorerFrame.dll
[MD5.259517866C369BCC5990292BCB57E709] - [25/07/2016 11:35:16] - |A| - [223744] - C:\WINDOWS\syswow64\ExSMime.dll
[MD5.E34395496B11CF5C8C5B6D2E438BFA43] - [25/07/2016 11:35:12] - |A| - [18944] - C:\WINDOWS\syswow64\ExtrasXmlParser.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |SD| - [21460799] - C:\WINDOWS\syswow64\F12
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [274432] - C:\WINDOWS\syswow64\fi-FI
[MD5.160CC95D34D62B6A72F9E4E3EE52EBCC] - [25/07/2016 11:49:05] - |A| - [369664] - C:\WINDOWS\syswow64\FirewallAPI.dll
[MD5.955DC56DC263DBF2B433829192D88CD9] - [25/07/2016 18:43:00] - |A| - [828408] - C:\WINDOWS\syswow64\FlashPlayerApp.exe
[MD5.26144B5C2B08E127298A71BF79D10B48] - [25/07/2016 18:43:00] - |A| - [176632] - C:\WINDOWS\syswow64\FlashPlayerCPLApp.cpl
[MD5.E391DD57E6965C8D2DB05A4A52F80EC8] - [25/07/2016 11:43:42] - |A| - [546456] - C:\WINDOWS\syswow64\fontdrvhost.exe
[MD5.9BD17D372080234722C1139DAC039C9D] - [25/07/2016 11:42:44] - |A| - [93696] - C:\WINDOWS\syswow64\fontsub.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:32] - |D| - [3215360] - C:\WINDOWS\syswow64\fr
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [242176] - C:\WINDOWS\syswow64\fr-CA
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [38121165] - C:\WINDOWS\syswow64\fr-FR
[MD5.B315EB17077EF082A79922D4EA47DBF4] - [25/07/2016 11:47:31] - |A| - [163328] - C:\WINDOWS\syswow64\fwbase.dll
[MD5.9DEB4C56FAAB147839BF68B6C28A38FC] - [25/07/2016 11:46:30] - |A| - [164864] - C:\WINDOWS\syswow64\fwpolicyiomgr.dll
[MD5.9A9CDAB4049BDB383C5CA8746F44E4CB] - [25/07/2016 11:38:03] - |A| - [269824] - C:\WINDOWS\syswow64\FWPUCLNT.DLL
[MD5.4C6145BBEFDD7092ABFA5F7614BA2E66] - [25/07/2016 11:34:59] - |A| - [53760] - C:\WINDOWS\syswow64\FwRemoteSvr.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\FxsTmp
[MD5.64B619A6CE464E494651950794CE8264] - [25/07/2016 11:42:48] - |A| - [541184] - C:\WINDOWS\syswow64\GamePanel.exe
[MD5.67BA16BD6265C9E401A3814137ECF8F4] - [25/07/2016 11:41:19] - |A| - [2578432] - C:\WINDOWS\syswow64\gameux.dll
[MD5.F58B6B20BB45E99C99D0F2B73B9EE373] - [25/07/2016 11:36:40] - |A| - [1372312] - C:\WINDOWS\syswow64\gdi32.dll
[MD5.4F79496B51E1A67B496FF6A407D22D30] - [25/07/2016 11:43:27] - |A| - [1467392] - C:\WINDOWS\syswow64\GdiPlus.dll
[MD5.7BB466A82CD38CCBEE666D475BB2F3D2] - [25/07/2016 11:35:00] - |A| - [199680] - C:\WINDOWS\syswow64\GlobCollationHost.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\GroupPolicy
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [244736] - C:\WINDOWS\syswow64\he-IL
[MD5.C0D3B98EB0C657DDEB0C033D01C6D9E7] - [25/07/2016 11:40:54] - |A| - [574976] - C:\WINDOWS\syswow64\hgcpl.dll
[MD5.529D8C676C042EC2E6930221F81C1A4A] - [25/07/2016 11:35:03] - |A| - [99840] - C:\WINDOWS\syswow64\hlink.dll
[MD5.0D19695F93813C63B4656E42536892FA] - [25/07/2016 11:43:19] - |A| - [47104] - C:\WINDOWS\syswow64\hmkd.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [221696] - C:\WINDOWS\syswow64\hr-HR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [278016] - C:\WINDOWS\syswow64\hu-HU
[MD5.F7F4D3C8F419097D5219C80B811978A9] - [25/07/2016 11:35:15] - |A| - [203264] - C:\WINDOWS\syswow64\iassam.dll
[MD5.9E2490246907BC5DFF0D06E975A98FE9] - [25/07/2016 11:42:47] - |A| - [12288] - C:\WINDOWS\syswow64\IconCodecService.dll
[MD5.ECD81B99477AB4A93D7838EB40B870D0] - [25/07/2016 18:39:20] - |A| - [8798] - C:\WINDOWS\syswow64\icrav03.rat
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [37145] - C:\WINDOWS\syswow64\icsxml
[MD5.9459503897809956B533141003277298] - [25/07/2016 11:40:43] - |A| - [92160] - C:\WINDOWS\syswow64\IdCtrls.dll
[MD5.973057A6623492B1620B0167D320BD4D] - [25/07/2016 11:47:10] - |A| - [1526272] - C:\WINDOWS\syswow64\ieapfltr.dll
[MD5.3A280280AEA583EAB0375C330F7A6CE9] - [25/07/2016 11:49:56] - |A| - [335872] - C:\WINDOWS\syswow64\iedkcs32.dll
[MD5.350ED2186E2C0E80ABCE270C9A52647E] - [25/07/2016 11:54:23] - |A| - [12128256] - C:\WINDOWS\syswow64\ieframe.dll
[MD5.9CAC58EBAFB3E32711920568810CDCD7] - [25/07/2016 11:49:52] - |A| - [307200] - C:\WINDOWS\syswow64\ieproxy.dll
[MD5.608F7830161D98DBDD6324F74E9165C4] - [25/07/2016 11:44:40] - |A| - [2921880] - C:\WINDOWS\syswow64\iertutil.dll
[MD5.8A62CEED5A0DD6C76C921F8B47187CA3] - [25/07/2016 11:37:46] - |A| - [477184] - C:\WINDOWS\syswow64\ieui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [19984051] - C:\WINDOWS\syswow64\IME
[MD5.447D69BB274546D00C8DBF23C2DBDBCE] - [25/07/2016 11:47:30] - |A| - [2050048] - C:\WINDOWS\syswow64\inetcpl.cpl
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\inetsrv
[MD5.6D062C6E2C47B3DCDE8F4C3FDB634DEE] - [25/07/2016 11:46:25] - |A| - [83456] - C:\WINDOWS\syswow64\InputLocaleManager.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [200192] - C:\WINDOWS\syswow64\InputMethod
[MD5.408AF8141C4A44BC120F4204F8F79A75] - [25/07/2016 11:54:19] - |A| - [1944576] - C:\WINDOWS\syswow64\InputService.dll
[MD5.69E1CFC67F4A4043F01AD3513A73ED02] - [25/07/2016 11:47:29] - |A| - [161280] - C:\WINDOWS\syswow64\InstallAgent.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [1187840] - C:\WINDOWS\syswow64\InstallShield
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\Ipmi
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [301056] - C:\WINDOWS\syswow64\it-IT
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [222720] - C:\WINDOWS\syswow64\ja-JP
[MD5.0B6A790F69FC2D67EEFF6F015EF24C5B] - [25/07/2016 11:47:28] - |A| - [800768] - C:\WINDOWS\syswow64\JpMapControl.dll
[MD5.30E3DC9ED2C6641709AC961CB7CE72BB] - [25/07/2016 11:44:09] - |A| - [647680] - C:\WINDOWS\syswow64\jscript.dll
[MD5.79C50C86572AF5891D1196569C9D2EB1] - [25/07/2016 11:53:33] - |A| - [3663360] - C:\WINDOWS\syswow64\jscript9.dll
[MD5.49A21B514FC10B2D55499D58DC78E862] - [25/07/2016 11:37:54] - |A| - [45568] - C:\WINDOWS\syswow64\jsproxy.dll
[MD5.15F732C297CE4B169D85214A96A16559] - [25/07/2016 11:44:50] - |A| - [792064] - C:\WINDOWS\syswow64\kerberos.dll
[MD5.F45E83301A6C99D342C600B5B29BCD71] - [25/07/2016 11:38:59] - |A| - [1557776] - C:\WINDOWS\syswow64\KernelBase.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [220672] - C:\WINDOWS\syswow64\ko-KR
[MD5.29EF8EC898FE21680DB5FB15DB513EC8] - [25/07/2016 11:35:17] - |A| - [235008] - C:\WINDOWS\syswow64\ksproxy.ax
[MD5.197948552BE23DACBEF10ECC8168FD11] - [25/07/2016 11:39:46] - |A| - [29696] - C:\WINDOWS\syswow64\LaunchWinApp.exe
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - [25/07/2016 19:01:04] - |A| - [50650] - C:\WINDOWS\syswow64\license.rtf
[MD5.265DB46FE368D8F701A74976D3823ADC] - [25/07/2016 11:54:18] - |A| - [986976] - C:\WINDOWS\syswow64\LicenseManager.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [74981] - C:\WINDOWS\syswow64\Licenses
[MD5.EEB99F0E02F9243F18691C75CD16AEE4] - [25/07/2016 11:40:47] - |A| - [207872] - C:\WINDOWS\syswow64\licensingdiag.exe
[MD5.53C369D0405DFB420EF6FF967A90960B] - [25/07/2016 11:41:52] - |A| - [1185280] - C:\WINDOWS\syswow64\LocationFramework.dll
[MD5.D7BDD6C833746E64F1652D6CDE47701F] - [25/07/2016 11:41:21] - |A| - [372224] - C:\WINDOWS\syswow64\LockAppBroker.dll
[MD5.236FB0CAF33B0EB94893BF7299F3D00D] - [25/07/2016 11:41:41] - |A| - [254656] - C:\WINDOWS\syswow64\LockAppHost.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\LogFiles
[MD5.644CE64AB3ED902711CB0B86CF4ECA22] - [25/07/2016 11:36:42] - |A| - [434688] - C:\WINDOWS\syswow64\LogonController.dll
[MD5.54F47C0CD2DE99A7B8C7583CF6C22D92] - [25/07/2016 11:42:38] - |A| - [3072] - C:\WINDOWS\syswow64\lpk.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [218624] - C:\WINDOWS\syswow64\lt-LT
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [219648] - C:\WINDOWS\syswow64\lv-LV
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [24255554] - C:\WINDOWS\syswow64\Macromed
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [33460] - C:\WINDOWS\syswow64\MailContactsCalendarSync
[MD5.3F695F3A23A019E6DF7BAC57276B1E77] - [25/07/2016 11:49:33] - |A| - [349696] - C:\WINDOWS\syswow64\MapConfiguration.dll
[MD5.CB84B6382E21D875D0EC9665CD6908B8] - [25/07/2016 11:49:50] - |A| - [711680] - C:\WINDOWS\syswow64\MapControlCore.dll
[MD5.3FCEAC0D175851962F9CF797A370A14F] - [25/07/2016 11:46:09] - |A| - [3072] - C:\WINDOWS\syswow64\MapControlStringsRes.dll
[MD5.B7299EF9D5D4C7D480AC5A8ACEA402E1] - [25/07/2016 11:47:10] - |A| - [87040] - C:\WINDOWS\syswow64\MapsBtSvc.dll
[MD5.F32770E19F1CB817274BC85824730E48] - [25/07/2016 11:44:06] - |A| - [470528] - C:\WINDOWS\syswow64\MbaeApi.dll
[MD5.AF1D02B5F78B3D0522458E8240672582] - [25/07/2016 11:43:39] - |A| - [673280] - C:\WINDOWS\syswow64\MbaeApiPublic.dll
[MD5.1CDEF66CFD26AF241D8546896F77B8A5] - [25/07/2016 11:42:56] - |A| - [489984] - C:\WINDOWS\syswow64\mbsmsapi.dll
[MD5.A19A2DDCC69FF16B5FB68AD4F02B564A] - [25/07/2016 11:41:48] - |A| - [480256] - C:\WINDOWS\syswow64\MCRecvSrc.dll
[MD5.A9E193BE154B7145EF06FD0FD10232A0] - [25/07/2016 11:35:28] - |A| - [151040] - C:\WINDOWS\syswow64\mdmregistration.dll
[MD5.388077FF1642D94BF81F9D814F22BBA2] - [25/07/2016 11:43:37] - |A| - [499712] - C:\WINDOWS\syswow64\MessagingDataModel2.dll
[MD5.F3B12C931650835388F43DB2DF606657] - [25/07/2016 11:37:01] - |A| - [511320] - C:\WINDOWS\syswow64\mf.dll
[MD5.C117F577BB0CC6545EA181FBB3FACE99] - [25/07/2016 11:39:20] - |A| - [980352] - C:\WINDOWS\syswow64\mfasfsrcsnk.dll
[MD5.B572C03916EC3A8BE05CB2199D4A3263] - [25/07/2016 11:38:47] - |A| - [451936] - C:\WINDOWS\syswow64\MFCaptureEngine.dll
[MD5.B65549A1CDB2C827AD022A3F35994FCF] - [25/07/2016 11:39:25] - |A| - [2180136] - C:\WINDOWS\syswow64\mfcore.dll
[MD5.B073C14F8B76DF8652415488C22F10A1] - [25/07/2016 11:39:13] - |A| - [670928] - C:\WINDOWS\syswow64\mfds.dll
[MD5.59976482DB1C9F2F41DF62AA9A1B01C5] - [25/07/2016 11:39:07] - |A| - [2062336] - C:\WINDOWS\syswow64\MFMediaEngine.dll
[MD5.964DE3052B6A869EFBC86930DD51E8BD] - [25/07/2016 11:39:04] - |A| - [379392] - C:\WINDOWS\syswow64\mfmkvsrcsnk.dll
[MD5.49CF99392314B7CAD65DE8A05ABFE30D] - [25/07/2016 11:39:21] - |A| - [882720] - C:\WINDOWS\syswow64\mfmp4srcsnk.dll
[MD5.888D41F5EFD6995491326C0DEEA2124A] - [25/07/2016 11:39:16] - |A| - [713824] - C:\WINDOWS\syswow64\mfmpeg2srcsnk.dll
[MD5.0A8409C137B580A3EEB80E33649044F3] - [25/07/2016 11:39:05] - |A| - [701384] - C:\WINDOWS\syswow64\mfnetcore.dll
[MD5.57D00F9D60519705D37BAFB852771443] - [25/07/2016 11:39:19] - |A| - [1118208] - C:\WINDOWS\syswow64\mfnetsrc.dll
[MD5.A489CECF560EA0421C04277904210395] - [25/07/2016 11:38:51] - |A| - [925576] - C:\WINDOWS\syswow64\mfplat.dll
[MD5.0FA8D61A4D4F56063113F9DA4E18848B] - [25/07/2016 11:43:59] - |A| - [289248] - C:\WINDOWS\syswow64\MFPlay.dll
[MD5.734C17FFE65F9E0436BDAD566A613D8C] - [25/07/2016 11:35:20] - |A| - [32040] - C:\WINDOWS\syswow64\mfpmp.exe
[MD5.EF3D963CD01DBBBAA7394BB1A638A1BB] - [25/07/2016 11:38:19] - |A| - [116728] - C:\WINDOWS\syswow64\mfps.dll
[MD5.C85501FE7EFD33E06A877B8786F396B6] - [25/07/2016 11:39:06] - |A| - [462760] - C:\WINDOWS\syswow64\mfreadwrite.dll
[MD5.AF209F751EB761084CEFE2CF10E1CE8D] - [25/07/2016 11:39:17] - |A| - [895080] - C:\WINDOWS\syswow64\mfsrcsnk.dll
[MD5.3B5A60CFD5EA636133A0A9F8CD4EDC45] - [25/07/2016 11:38:48] - |A| - [709176] - C:\WINDOWS\syswow64\mfsvr.dll
[MD5.7BA4B67BDA4222B55FA700E31B63F32D] - [25/07/2016 11:38:53] - |A| - [208176] - C:\WINDOWS\syswow64\mftranscode.dll
[MD5.C11AFEBFFDD62BA366D2F146212B415E] - [25/07/2016 11:46:10] - |A| - [110592] - C:\WINDOWS\syswow64\Microsoft-Windows-MapControls.dll
[MD5.451356B814B46BB6582F307E24AA0863] - [25/07/2016 11:46:10] - |A| - [9728] - C:\WINDOWS\syswow64\Microsoft-Windows-MosHost.dll
[MD5.53E2029302DA056DE856D4C662663B2B] - [25/07/2016 11:46:10] - |A| - [10240] - C:\WINDOWS\syswow64\Microsoft-Windows-MosTrace.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [3314648] - C:\WINDOWS\syswow64\migration
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [867168] - C:\WINDOWS\syswow64\migwiz
[MD5.D5ACEA2845E642A7ABF383C316CABDA6] - [25/07/2016 11:54:12] - |A| - [6295552] - C:\WINDOWS\syswow64\mos.dll
[MD5.E4873BE74A0BE6F30A6948F882E6E7FC] - [25/07/2016 11:47:26] - |A| - [50176] - C:\WINDOWS\syswow64\MosHostClient.dll
[MD5.262D880248233D3A96C15F7C7E1BAD21] - [25/07/2016 11:46:10] - |A| - [58368] - C:\WINDOWS\syswow64\MosResource.dll
[MD5.0BBEA534AB25CEBFE72BD191FF84F593] - [25/07/2016 11:47:18] - |A| - [59904] - C:\WINDOWS\syswow64\MosStorage.dll
[MD5.51B550A0FBFA6E04F8595ED0BD99C202] - [25/07/2016 11:43:29] - |A| - [100160] - C:\WINDOWS\syswow64\MP3DMOD.DLL
[MD5.9D5C3A40554E6C01E6B4C9A888286452] - [25/07/2016 18:39:21] - |A| - [209408] - C:\WINDOWS\syswow64\msclmd.dll
[MD5.A680339559FBC02BC0854D73DDE85C7B] - [25/07/2016 11:52:52] - |A| - [1174008] - C:\WINDOWS\syswow64\msctf.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [46592] - C:\WINDOWS\syswow64\MSDRM
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [53538] - C:\WINDOWS\syswow64\MsDtc
[MD5.BEF902286DC49188F8435B1C2474AE96] - [25/07/2016 11:48:42] - |A| - [687616] - C:\WINDOWS\syswow64\msfeeds.dll
[MD5.C86784A6F08E733BE19D62C82182FA7D] - [25/07/2016 11:43:45] - |A| - [266752] - C:\WINDOWS\syswow64\MSFlacDecoder.dll
[MD5.E5DD7B8A4023B9277C434405849BB43A] - [25/07/2016 11:41:38] - |A| - [2680320] - C:\WINDOWS\syswow64\msftedit.dll
[MD5.01ECA12A5BF2D571FCE11C05419C3E50] - [25/07/2016 11:55:17] - |A| - [19347968] - C:\WINDOWS\syswow64\mshtml.dll
[MD5.192B579E14C116D2B742FEBE85A4D3C1] - [25/07/2016 11:46:24] - |A| - [2756096] - C:\WINDOWS\syswow64\mshtml.tlb
[MD5.594D1C58958A1F980336964B643784F3] - [25/07/2016 11:37:17] - |A| - [3671040] - C:\WINDOWS\syswow64\msi.dll
[MD5.1EEC0939B2B99EF1F53B14D9205041AD] - [25/07/2016 11:40:34] - |A| - [282624] - C:\WINDOWS\syswow64\msieftp.dll
[MD5.1F48933EFAB68EDD3B456C78E17B89CE] - [25/07/2016 11:43:20] - |A| - [871936] - C:\WINDOWS\syswow64\MSMPEG2ENC.DLL
[MD5.ACE2B02BA07DF7F13F59D07F7A38AA18] - [25/07/2016 11:41:13] - |A| - [161792] - C:\WINDOWS\syswow64\msorcl32.dll
[MD5.D4DE4F98D350823BACCA6D7F753D74D4] - [25/07/2016 11:39:51] - |A| - [6471168] - C:\WINDOWS\syswow64\mspaint.exe
[MD5.C2230C9A5F4DA4FE5EF9462047429082] - [25/07/2016 11:42:47] - |A| - [32768] - C:\WINDOWS\syswow64\msscntrs.dll
[MD5.5467DAD0BDB397D84052FCCF8686FB9C] - [25/07/2016 11:41:12] - |A| - [60928] - C:\WINDOWS\syswow64\mssign32.dll
[MD5.B27FEB21C56278185E7B7A77722C6819] - [25/07/2016 11:38:36] - |A| - [777728] - C:\WINDOWS\syswow64\MsSpellCheckingFacility.dll
[MD5.F3C7017623E0F1F04016E5041A106FC8] - [25/07/2016 11:42:59] - |A| - [119296] - C:\WINDOWS\syswow64\mssph.dll
[MD5.4BC42306D03B539D0EDDD81CC0AE0CD3] - [25/07/2016 11:43:04] - |A| - [244736] - C:\WINDOWS\syswow64\mssphtb.dll
[MD5.6500AB640E37FBFBE0D57B24F8BC6F30] - [25/07/2016 11:43:54] - |A| - [1984000] - C:\WINDOWS\syswow64\mssrch.dll
[MD5.EF539679E1F6FA5DFDCE4D013A3D37CF] - [25/07/2016 11:52:00] - |A| - [6740992] - C:\WINDOWS\syswow64\mstscax.dll
[MD5.3ABE2040F4F9BDDD008EC5D4713D5ABE] - [25/07/2016 11:36:53] - |A| - [294752] - C:\WINDOWS\syswow64\msv1_0.dll
[MD5.38AF3B80B54449F95BD16486EC8975A3] - [26/07/2016 13:32:41] - |A| - [476160] - C:\WINDOWS\syswow64\msvcp80.dll
[MD5.E2D57E42409B6E576CFECA69C39201D0] - [26/07/2016 13:32:41] - |A| - [353280] - C:\WINDOWS\syswow64\msvcr80.dll
[MD5.A7583A49B0F4A91E5B2E154C3582DF82] - [25/07/2016 11:38:53] - |A| - [420928] - C:\WINDOWS\syswow64\msvproc.dll
[MD5.1F5B5642253FC9760EEACD81900C38DC] - [25/07/2016 11:35:42] - |A| - [312160] - C:\WINDOWS\syswow64\mswsock.dll
[MD5.2FE56BAE736FE2AD20950ECED0FFD6D1] - [25/07/2016 11:43:40] - |A| - [1588224] - C:\WINDOWS\syswow64\msxml3.dll
[MD5.6E7BF3FB027D46B7DEFCFFBEF8C4511D] - [25/07/2016 11:37:19] - |A| - [2026736] - C:\WINDOWS\syswow64\msxml6.dll
[MD5.C9D7861D1C984E1997A3778A97DD1AF9] - [25/07/2016 11:36:34] - |A| - [162816] - C:\WINDOWS\syswow64\MTF.dll
[MD5.96BFB1E4B3F38D999E418D286BE45BFB] - [25/07/2016 11:35:32] - |A| - [118272] - C:\WINDOWS\syswow64\mtxoci.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [6656] - C:\WINDOWS\syswow64\MUI
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [268288] - C:\WINDOWS\syswow64\nb-NO
[MD5.110EE87B0F4E38609AD73E9075EF82A4] - [25/07/2016 11:38:20] - |A| - [97096] - C:\WINDOWS\syswow64\ncryptsslp.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\NDF
[MD5.6C2B2CA75F486449921ED10A39DB9799] - [25/07/2016 11:47:30] - |A| - [69744] - C:\WINDOWS\syswow64\netapi32.dll
[MD5.E3E6CA2D3FAADDEE4FC8A934FA42FA3D] - [25/07/2016 11:46:44] - |A| - [1171456] - C:\WINDOWS\syswow64\netcenter.dll
[MD5.3249EA75874EE3DD3FCBA141656DF210] - [25/07/2016 11:39:07] - |A| - [713728] - C:\WINDOWS\syswow64\netlogon.dll
[MD5.F99386465A196CA0129AE92307FF472D] - [25/07/2016 11:46:42] - |A| - [197120] - C:\WINDOWS\syswow64\netplwiz.dll
[MD5.53BD5A0B7D0B027984D99BEDB945CEE6] - [25/07/2016 11:43:12] - |A| - [84832] - C:\WINDOWS\syswow64\NetSetupApi.dll
[MD5.E724CB02012CEBF773DC9FE304DCD946] - [25/07/2016 11:43:53] - |A| - [501600] - C:\WINDOWS\syswow64\NetSetupEngine.dll
[MD5.4AE45F3077E79A3E3B22996F80DA9E7A] - [25/07/2016 11:39:11] - |A| - [354304] - C:\WINDOWS\syswow64\NetSetupShim.dll
[MD5.F964FA5FA4FAB1B2D9E6638A0CF0D7E7] - [25/07/2016 11:38:21] - |A| - [2679808] - C:\WINDOWS\syswow64\netshell.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [52224] - C:\WINDOWS\syswow64\networklist
[MD5.861D71E2284DCEA5E9309CDE8D920252] - [25/07/2016 11:40:55] - |A| - [485888] - C:\WINDOWS\syswow64\newdev.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [285184] - C:\WINDOWS\syswow64\nl-NL
[MD5.631450FBA9C8677C00F5A577905ECE36] - [25/07/2016 11:46:30] - |A| - [784896] - C:\WINDOWS\syswow64\NMAA.dll
[MD5.6AE2C3CFEA73E2D01CB1E00DBD1EC4A5] - [25/07/2016 11:46:12] - |A| - [205824] - C:\WINDOWS\syswow64\NmaDirect.dll
[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - [25/07/2016 18:39:21] - |A| - [741] - C:\WINDOWS\syswow64\NOISE.DAT
[MD5.806D3A66BBC91F7F2B4FCC337C13EFAE] - [25/07/2016 11:43:00] - |A| - [239104] - C:\WINDOWS\syswow64\NotificationObjFactory.dll
[MD5.85ED26DB17B3270944C344E0E5B7C34A] - [25/07/2016 11:41:58] - |A| - [1542816] - C:\WINDOWS\syswow64\ntdll.dll
[MD5.ABFB6150CA07482BCF3D3FDE3B62152A] - [25/07/2016 11:42:56] - |A| - [309760] - C:\WINDOWS\syswow64\ntprint.dll
[MD5.34B1DD62B3F090A0466241F84F1E9AE0] - [25/07/2016 11:38:08] - |A| - [802816] - C:\WINDOWS\syswow64\ntshrui.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |SD| - [3872256] - C:\WINDOWS\syswow64\Nui
[MD5.77D3FB612C75A70CDA55889616DF3969] - [25/07/2016 11:40:34] - |A| - [205312] - C:\WINDOWS\syswow64\oemlicense.dll
[MD5.761E6E736B47DA42D74227A26F658108] - [25/07/2016 11:37:42] - |A| - [100864] - C:\WINDOWS\syswow64\offlinelsa.dll
[MD5.F0781A46DFE3A6C48FCA23FCDDA69B4B] - [25/07/2016 11:36:27] - |A| - [957608] - C:\WINDOWS\syswow64\ole32.dll
[MD5.1A341701906986F1865766C6849269FC] - [25/07/2016 11:41:33] - |A| - [323072] - C:\WINDOWS\syswow64\oleacc.dll
[MD5.91ED19257EAA98C1C95A7E5F0FF07FF0] - [25/07/2016 11:39:47] - |A| - [10240] - C:\WINDOWS\syswow64\oleacchooks.dll
[MD5.FC03376F464F07369BC07A6D9BE8CA8D] - [25/07/2016 11:38:04] - |A| - [88576] - C:\WINDOWS\syswow64\olepro32.dll
[MD5.BF769A5BEA8E50F12264746D30D57C6F] - [25/07/2016 11:37:43] - |A| - [52736] - C:\WINDOWS\syswow64\OnDemandConnRouteHelper.dll
[MD5.61D86AEAE520B20FD3AE5C68327239EB] - [25/07/2016 11:41:20] - |A| - [400896] - C:\WINDOWS\syswow64\OneDriveSettingSyncProvider.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [655552] - C:\WINDOWS\syswow64\oobe
[MD5.F7169F42A954DEAD789529859921BD36] - [25/07/2016 11:38:09] - |A| - [81112] - C:\WINDOWS\syswow64\OpenWith.exe
[MD5.AC42505CBCEE5825BB2695C34E43B1D0] - [25/07/2016 11:38:45] - |A| - [184832] - C:\WINDOWS\syswow64\PackageStateRoaming.dll
[MD5.DBE39E4BDCC3D8F49A2B0277652120D0] - [25/07/2016 11:35:15] - |A| - [41984] - C:\WINDOWS\syswow64\pcaui.exe
[MD5.3547D79A60007624BFEBAFCAE158E992] - [25/07/2016 11:35:30] - |A| - [169984] - C:\WINDOWS\syswow64\PhoneCallHistoryApis.dll
[MD5.1AEBF2230422716D8CE1BEBCBAE961D3] - [25/07/2016 11:35:04] - |A| - [48128] - C:\WINDOWS\syswow64\PimIndexMaintenanceClient.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [281600] - C:\WINDOWS\syswow64\pl-PL
[MD5.9ACCC0C1786391EF1FD1FAF12AE22801] - [25/07/2016 11:50:16] - |A| - [340480] - C:\WINDOWS\syswow64\PlayToDevice.dll
[MD5.53903FCDBE698C8804D0B479F4F5E29B] - [25/07/2016 11:49:30] - |A| - [517632] - C:\WINDOWS\syswow64\PlayToManager.dll
[MD5.ED3335C188873DD766C73C98F06A3BEA] - [25/07/2016 11:46:32] - |A| - [216576] - C:\WINDOWS\syswow64\PlayToReceiver.dll
[MD5.64229C17CFE9262689EAE3E852D3975F] - [25/07/2016 11:36:18] - |A| - [296488] - C:\WINDOWS\syswow64\policymanager.dll
[MD5.4DED20A327D15D69FB85310D14D67711] - [25/07/2016 11:35:19] - |A| - [291328] - C:\WINDOWS\syswow64\polstore.dll
[MD5.3B1F2F6F89F3F4ED75C5FADDB2E7CFE1] - [25/07/2016 11:35:18] - |A| - [56320] - C:\WINDOWS\syswow64\POSyncServices.dll
[MD5.ED363EC037EBC7A072B23923A4651731] - [25/07/2016 18:06:20] - |A| - [2718208] - C:\WINDOWS\syswow64\PrintConfig.dll
[MD5.65585F1DB21193BA2DEB7C034984E2E8] - [25/07/2016 11:37:55] - |A| - [519168] - C:\WINDOWS\syswow64\PrintDialogs.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:34] - |D| - [430506] - C:\WINDOWS\syswow64\Printing_Admin_Scripts
[MD5.CA2EA5401563387162E61444AE15AF59] - [25/07/2016 11:39:56] - |A| - [53248] - C:\WINDOWS\syswow64\profext.dll
[MD5.AF3369020E352540743E7664F7CAA189] - [25/07/2016 11:41:40] - |A| - [1355336] - C:\WINDOWS\syswow64\propsys.dll
[MD5.404EA5D1E9451EAB6D37403B7CFAD736] - [25/07/2016 11:35:19] - |A| - [123392] - C:\WINDOWS\syswow64\ProximityCommon.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [286720] - C:\WINDOWS\syswow64\pt-BR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [281088] - C:\WINDOWS\syswow64\pt-PT
[MD5.9484654938AE332E2BD2EFEA8F596376] - [25/07/2016 11:35:28] - |A| - [569856] - C:\WINDOWS\syswow64\qdvd.dll
[MD5.627DC6C1A8D38FFC64BF884C2DE90410] - [25/07/2016 11:38:59] - |A| - [573440] - C:\WINDOWS\syswow64\qedit.dll
[MD5.2003BE1653553FBC9D809BA40AEE4D68] - [25/07/2016 11:37:10] - |A| - [1542656] - C:\WINDOWS\syswow64\quartz.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [24316] - C:\WINDOWS\syswow64\ras
[MD5.27C3814755F5078A06B3B95CC6BAD111] - [25/07/2016 11:46:25] - |A| - [13312] - C:\WINDOWS\syswow64\rasadhlp.dll
[MD5.9797BB52F1943B78CD245B41AE833E1F] - [25/07/2016 11:35:51] - |A| - [653312] - C:\WINDOWS\syswow64\rasapi32.dll
[MD5.CF17C8CA575EC10ACDE1671CDED01B73] - [25/07/2016 11:46:48] - |A| - [17408] - C:\WINDOWS\syswow64\rasautou.exe
[MD5.559358D3C39A1EC0D944714C32FAD582] - [25/07/2016 11:36:24] - |A| - [799744] - C:\WINDOWS\syswow64\rasdlg.dll
[MD5.B34DE2B803625C572C664C495FC3F720] - [25/07/2016 11:46:56] - |A| - [846336] - C:\WINDOWS\syswow64\rasgcw.dll
[MD5.F07AE86B2CD1C2CF6AE7812C60299032] - [25/07/2016 11:38:12] - |A| - [535040] - C:\WINDOWS\syswow64\rastls.dll
[MD5.96D60277EF8CB48BD3D920298C9D7F83] - [25/07/2016 11:37:42] - |A| - [11776] - C:\WINDOWS\syswow64\rastlsext.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\RasToast
[MD5.CB82FEFF538C7889DD58EF66B8FDB9FD] - [25/07/2016 11:47:12] - |A| - [2632192] - C:\WINDOWS\syswow64\rdpcore.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [781] - C:\WINDOWS\syswow64\Recovery
[MD5.A4CC1E8330E839AA619978E61AEEEAC4] - [25/07/2016 11:38:08] - |A| - [73360] - C:\WINDOWS\syswow64\remoteaudioendpoint.dll
[MD5.897906025BD3616BF9C30A3979A73DEE] - [25/07/2016 11:53:38] - |A| - [712704] - C:\WINDOWS\syswow64\RemoteNaturalLanguage.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\restore
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [223232] - C:\WINDOWS\syswow64\ro-RO
[MD5.525FC35182F9660E2A7DCC75607535DC] - [25/07/2016 11:36:32] - |A| - [707608] - C:\WINDOWS\syswow64\rpcrt4.dll
[MD5.25B0BAA64D6D62873FAA7719DB64015C] - [25/07/2016 11:38:27] - |A| - [183904] - C:\WINDOWS\syswow64\rsaenh.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:07:11] - |D| - [2125808] - C:\WINDOWS\syswow64\RTCOM
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [277504] - C:\WINDOWS\syswow64\ru-RU
[MD5.E793B893135F3B6942B6230D45E27610] - [25/07/2016 11:37:44] - |A| - [61440] - C:\WINDOWS\syswow64\samlib.dll
[MD5.836FF4B7A3AC93E7D659F4FCCF7E0309] - [25/07/2016 11:42:58] - |A| - [779264] - C:\WINDOWS\syswow64\sbe.dll
[MD5.318E2A6EC26C9703A5B273B015672660] - [25/07/2016 11:36:55] - |A| - [388608] - C:\WINDOWS\syswow64\schannel.dll
[MD5.4A8E1182ECF552141C2C165B0A137E50] - [25/07/2016 11:38:06] - |A| - [186880] - C:\WINDOWS\syswow64\schtasks.exe
[MD5.8DBFE13F50BE7578913003EE5256AEBE] - [25/07/2016 11:42:51] - |A| - [282624] - C:\WINDOWS\syswow64\Search.ProtocolHandler.MAPI2.dll
[MD5.D0B4D167CB9BA37A62BA8E7B7934F517] - [25/07/2016 11:35:22] - |A| - [460800] - C:\WINDOWS\syswow64\SearchFolder.dll
[MD5.F370A686221023EC003D96BB1FBA57A0] - [25/07/2016 11:43:40] - |A| - [760320] - C:\WINDOWS\syswow64\SearchIndexer.exe
[MD5.4C629B1F6E54578C7875057FD5C53E5F] - [25/07/2016 11:42:51] - |A| - [282624] - C:\WINDOWS\syswow64\SearchProtocolHost.exe
[MD5.DDC479FA1A36285BFC1EF25B547403C3] - [25/07/2016 11:36:46] - |A| - [273408] - C:\WINDOWS\syswow64\SensorsApi.dll
[MD5.7D51637A2E604113F1A4E96FF3F2727C] - [25/07/2016 11:40:59] - |A| - [51128] - C:\WINDOWS\syswow64\SensorsNativeApi.dll
[MD5.2823A28AB08EE9DCE85436C700799D66] - [25/07/2016 11:39:47] - |A| - [80384] - C:\WINDOWS\syswow64\SensorsNativeApi.V2.dll
[MD5.E2C0139812E0030B26F2E7B156C726A4] - [25/07/2016 11:40:46] - |A| - [184832] - C:\WINDOWS\syswow64\SettingMonitor.dll
[MD5.D69DDC0073FA31032D7F9379D054679F] - [25/07/2016 11:41:22] - |A| - [503296] - C:\WINDOWS\syswow64\SettingSync.dll
[MD5.0162996989471778328E929D58B1041E] - [25/07/2016 11:41:45] - |A| - [754176] - C:\WINDOWS\syswow64\SettingSyncCore.dll
[MD5.D00ACFADE7EE80F0C45CC0B94EB5D21A] - [25/07/2016 11:41:20] - |A| - [465760] - C:\WINDOWS\syswow64\SettingSyncHost.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [871456] - C:\WINDOWS\syswow64\setup
[MD5.8162BC2EC9E529AA90F196A12D887308] - [25/07/2016 11:41:34] - |A| - [4268880] - C:\WINDOWS\syswow64\setupapi.dll
[MD5.9E6DBA611E99BE75589D6A358F54364F] - [25/07/2016 11:43:50] - |A| - [137728] - C:\WINDOWS\syswow64\shacct.dll
[MD5.245BCE64F9396340F4E84FB140DD6CA6] - [25/07/2016 11:41:24] - |A| - [489984] - C:\WINDOWS\syswow64\ShareHost.dll
[MD5.B726B6583C0E880B59BE3C4463C27BAB] - [25/07/2016 11:38:50] - |A| - [569752] - C:\WINDOWS\syswow64\SHCore.dll
[MD5.3EEAC377D273ABB2B6FB02DBFE8E307E] - [25/07/2016 11:39:29] - |A| - [21123320] - C:\WINDOWS\syswow64\shell32.dll
[MD5.E71CB29D5B7F76DD58677381CBFE6847] - [25/07/2016 11:38:07] - |A| - [129024] - C:\WINDOWS\syswow64\SimAuth.dll
[MD5.42D425CA43C93CC578D1AEA96D1E39F0] - [25/07/2016 11:38:10] - |A| - [157696] - C:\WINDOWS\syswow64\SimCfg.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [223744] - C:\WINDOWS\syswow64\sk-SK
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [220672] - C:\WINDOWS\syswow64\sl-SI
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:34] - |D| - [53396] - C:\WINDOWS\syswow64\slmgr
[MD5.1CB309C3183A1249C0F3241BB3BA66DD] - [25/07/2016 11:41:24] - |A| - [736768] - C:\WINDOWS\syswow64\SmartcardCredentialProvider.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\SMI
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [4296032] - C:\WINDOWS\syswow64\Speech
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [5916276] - C:\WINDOWS\syswow64\Speech_OneCore
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [1412430] - C:\WINDOWS\syswow64\spp
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [24235] - C:\WINDOWS\syswow64\sppui
[MD5.4D2E3D6BC01E7A5E9C6F9AFDBFAF98BB] - [25/07/2016 11:41:26] - |A| - [220064] - C:\WINDOWS\syswow64\sqmapi.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [228864] - C:\WINDOWS\syswow64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [224768] - C:\WINDOWS\syswow64\sr-Latn-RS
[MD5.8B70A4CDB39E270F7F892C82BDB641A5] - [25/07/2016 11:38:37] - |A| - [799744] - C:\WINDOWS\syswow64\SRH.dll
[MD5.0B1427CECB2D744C61E841DF0B905592] - [25/07/2016 11:38:48] - |A| - [1445888] - C:\WINDOWS\syswow64\SRHInproc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\sru
[MD5.C122D52ED9662F09EC2650B010544468] - [25/07/2016 11:38:20] - |A| - [73872] - C:\WINDOWS\syswow64\srvcli.dll
[MD5.A3B6AED415AEEA114597E5043F45FF18] - [25/07/2016 11:49:28] - |A| - [415232] - C:\WINDOWS\syswow64\StoreAgent.dll
[MD5.A142F1D0FF07C172FA90075B7848CCD0] - [25/07/2016 11:43:46] - |A| - [521728] - C:\WINDOWS\syswow64\StructuredQuery.dll
[MD5.2311952A48D5D22080073E5AD4621509] - [25/07/2016 11:40:50] - |A| - [629760] - C:\WINDOWS\syswow64\sud.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [272896] - C:\WINDOWS\syswow64\sv-SE
[MD5.2F7684C2601F30ED0A5AFCB3AD295152] - [25/07/2016 11:41:00] - |A| - [3301376] - C:\WINDOWS\syswow64\SyncCenter.dll
[MD5.551624F398703A90CAFCC5777CEA99E8] - [25/07/2016 11:41:14] - |A| - [450560] - C:\WINDOWS\syswow64\SyncController.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:34] - |D| - [0] - C:\WINDOWS\syswow64\sysprep
[MD5.E7AF52CE93D93984F11E5021024CA085] - [25/07/2016 11:38:07] - |A| - [356352] - C:\WINDOWS\syswow64\taskcomp.dll
[MD5.FBA0E803ED70D649630DCA8EEC625414] - [25/07/2016 11:38:17] - |A| - [240640] - C:\WINDOWS\syswow64\taskeng.exe
[MD5.38F874DC40AED7FE90ABED3006FF20B9] - [25/07/2016 11:38:48] - |A| - [1083656] - C:\WINDOWS\syswow64\Taskmgr.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\syswow64\Tasks
[MD5.F40196C743D54C56C7C2CCDD6FDE262E] - [25/07/2016 11:36:55] - |A| - [572272] - C:\WINDOWS\syswow64\taskschd.dll
[MD5.2E947792E9B1C738E33FD5794B1650F9] - [25/07/2016 11:46:36] - |A| - [30208] - C:\WINDOWS\syswow64\tbauth.dll
[MD5.71DF6482300C802BB104514F34B460F0] - [25/07/2016 11:43:57] - |A| - [91648] - C:\WINDOWS\syswow64\tdlrecover.exe
[MD5.097906E4A4DAACC83E4BBCB351A82123] - [25/07/2016 11:50:03] - |A| - [245760] - C:\WINDOWS\syswow64\TextInputFramework.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [209920] - C:\WINDOWS\syswow64\th-TH
[MD5.212B595D06DB8A90B540E970E493CD6F] - [25/07/2016 11:40:51] - |A| - [2519552] - C:\WINDOWS\syswow64\themecpl.dll
[MD5.F843B18F29E440CB4599F3674E03B0A5] - [25/07/2016 11:40:45] - |A| - [2849792] - C:\WINDOWS\syswow64\themeui.dll
[MD5.6DA0B412C0DD9DDB5382527488A5AD2E] - [25/07/2016 11:36:16] - |A| - [237056] - C:\WINDOWS\syswow64\thumbcache.dll
[MD5.6D21D0A95286DCD09E354B612F592EB7] - [25/07/2016 18:39:22] - |A| - [1988] - C:\WINDOWS\syswow64\ticrf.rat
[MD5.9DB69A637142A6C72DF22706CF2F6F7B] - [25/07/2016 11:37:45] - |A| - [31744] - C:\WINDOWS\syswow64\TimeBrokerClient.dll
[MD5.4C5CD8F1A3B88B8B7B9F57F2E256FAFC] - [25/07/2016 11:50:02] - |A| - [639488] - C:\WINDOWS\syswow64\TokenBroker.dll
[MD5.EAF904785CA7849C66F6DC2EF0A0E0E7] - [25/07/2016 11:46:38] - |A| - [22528] - C:\WINDOWS\syswow64\TokenBrokerCookies.exe
[MD5.A233DD6D55CDBC80890E6D0702F727B5] - [25/07/2016 11:44:10] - |A| - [2771968] - C:\WINDOWS\syswow64\tquery.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [268800] - C:\WINDOWS\syswow64\tr-TR
[MD5.A5B6DDDF137C8118B93D00404510741D] - [25/07/2016 11:36:31] - |A| - [836760] - C:\WINDOWS\syswow64\twinapi.appcore.dll
[MD5.643BBA6FB3DA30DC0294F14D72EEFAAB] - [25/07/2016 11:41:25] - |A| - [581632] - C:\WINDOWS\syswow64\twinapi.dll
[MD5.409D5D7EB68EDC5E5751A1F437F8C58E] - [25/07/2016 11:37:03] - |A| - [2000896] - C:\WINDOWS\syswow64\twinui.appcore.dll
[MD5.A582CC5D97DA29AFE99024BBE96673F3] - [25/07/2016 11:42:10] - |A| - [9919488] - C:\WINDOWS\syswow64\twinui.dll
[MD5.CC2F923F02D8EB36D0C442CE709B6CD9] - [25/07/2016 11:42:02] - |A| - [1139712] - C:\WINDOWS\syswow64\UIAutomationCore.dll
[MD5.D51618B0CB2B51F7D9B8DEB38A454126] - [25/07/2016 11:39:42] - |A| - [36352] - C:\WINDOWS\syswow64\UIAutomationCoreRes.dll
[MD5.D613DBA2E2D43264B6D5C1933F3A71FC] - [25/07/2016 11:39:01] - |A| - [3459584] - C:\WINDOWS\syswow64\UIRibbon.dll
[MD5.FC4E7D3027D748E2D131C9DED39D4976] - [25/07/2016 11:37:45] - |A| - [584704] - C:\WINDOWS\syswow64\UIRibbonRes.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [219648] - C:\WINDOWS\syswow64\uk-UA
[MD5.4B9DE8EAA2E16C34E018749F325BAEFF] - [25/07/2016 11:37:10] - |A| - [949248] - C:\WINDOWS\syswow64\Unistore.dll
[MD5.4243F729D260C0D6C6A3B605F51FD518] - [25/07/2016 11:40:51] - |A| - [103424] - C:\WINDOWS\syswow64\updatepolicy.dll
[MD5.6F1EEEF679AFA703C7C328BD87C5AB68] - [25/07/2016 11:38:51] - |A| - [558592] - C:\WINDOWS\syswow64\uReFS.dll
[MD5.7D5E17FC31FA563A94A8251AF8ADDEE4] - [25/07/2016 11:39:12] - |A| - [1498624] - C:\WINDOWS\syswow64\urlmon.dll
[MD5.E7BD4D15CDC5A1E162256CFADCA92344] - [25/07/2016 11:36:47] - |A| - [1337240] - C:\WINDOWS\syswow64\user32.dll
[MD5.32E42A131A187BCAD87EA3A2A09498B9] - [25/07/2016 11:47:00] - |A| - [1249280] - C:\WINDOWS\syswow64\usercpl.dll
[MD5.242708810A22D373904539EDF39FFAD1] - [25/07/2016 11:35:14] - |A| - [196608] - C:\WINDOWS\syswow64\UserDataAccountApis.dll
[MD5.392434472351B2DA0499AEC962E988CE] - [25/07/2016 11:35:01] - |A| - [37888] - C:\WINDOWS\syswow64\UserDataLanguageUtil.dll
[MD5.39E7BAB659A6AB4419A908E578BE7029] - [25/07/2016 11:35:02] - |A| - [56320] - C:\WINDOWS\syswow64\UserDataPlatformHelperUtil.dll
[MD5.93B7ED5F44D9C3FB0A74C059E1B9E68B] - [25/07/2016 11:35:04] - |A| - [89088] - C:\WINDOWS\syswow64\UserDataTimeUtil.dll
[MD5.31657EDEEA6039E71C708BDA61AB62D5] - [25/07/2016 11:35:01] - |A| - [37888] - C:\WINDOWS\syswow64\UserDataTypeHelperUtil.dll
[MD5.C41C3339364B262957110B2C6C32FF3D] - [25/07/2016 11:43:00] - |A| - [573440] - C:\WINDOWS\syswow64\UserLanguagesCpl.dll
[MD5.6CE4F5BC53932C885B2276C2B352065C] - [25/07/2016 11:38:15] - |A| - [34816] - C:\WINDOWS\syswow64\usermgrcli.dll
[MD5.64F7A89D4DBFA69D40C7C1FF5BB4457E] - [25/07/2016 11:37:43] - |A| - [166912] - C:\WINDOWS\syswow64\UserMgrProxy.dll
[MD5.88A5A640F1C46936CEA62B7B42969E8E] - [25/07/2016 11:36:44] - |A| - [502784] - C:\WINDOWS\syswow64\vbscript.dll
[MD5.43AE8C9F7D031AB3DBEADA4C17D8C682] - [25/07/2016 11:35:19] - |A| - [150528] - C:\WINDOWS\syswow64\VCardParser.dll
[MD5.E9E7FA1FC796ADC16A1169736EFC7AF3] - [25/07/2016 11:43:37] - |A| - [84480] - C:\WINDOWS\syswow64\VEDataLayerHelpers.dll
[MD5.D93D6F9BC1EE3329A9DCF3B9591EB156] - [25/07/2016 11:43:18] - |A| - [219136] - C:\WINDOWS\syswow64\VEEventDispatcher.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [15816076] - C:\WINDOWS\syswow64\wbem
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:34] - |D| - [0] - C:\WINDOWS\syswow64\WCN
[MD5.B6A9C98BFE60CB8DC992033108F3C4F0] - [25/07/2016 11:35:05] - |A| - [1226752] - C:\WINDOWS\syswow64\wcnwiz.dll
[MD5.94B32AFBC8D832B3CC39C87DACCF4CEE] - [25/07/2016 11:37:55] - |A| - [879616] - C:\WINDOWS\syswow64\WebcamUi.dll
[MD5.86FBB78A2D77D9BDD58F0D72A2E4D934] - [25/07/2016 11:46:38] - |A| - [230400] - C:\WINDOWS\syswow64\webcheck.dll
[MD5.D6D84F133DC05DB51FE689BB2066D43E] - [25/07/2016 11:47:10] - |A| - [405504] - C:\WINDOWS\syswow64\webio.dll
[MD5.38EE252AD45EB7D6834F718B9487D3F9] - [25/07/2016 11:36:46] - |A| - [538736] - C:\WINDOWS\syswow64\wer.dll
[MD5.7A2A3BAAA05C8124D95B2915E904F900] - [25/07/2016 11:35:20] - |A| - [141664] - C:\WINDOWS\syswow64\wermgr.exe
[MD5.EBD26D676238C0B3938AFF925043576F] - [25/07/2016 11:38:01] - |A| - [394752] - C:\WINDOWS\syswow64\werui.dll
[MD5.7734BD0E9C8ED7DC48F559A67D0A79F4] - [25/07/2016 11:46:31] - |A| - [20480] - C:\WINDOWS\syswow64\wfapigp.dll
[MD5.CD94405BB0A90B179E94BE23F4D2B79D] - [25/07/2016 11:46:39] - |A| - [39424] - C:\WINDOWS\syswow64\wfdprov.dll
[MD5.A3E1888B827AD9132A35657C48C9762B] - [25/07/2016 11:40:54] - |A| - [578048] - C:\WINDOWS\syswow64\wiaaut.dll
[MD5.100E983F59F3BF3A3F8BFA327CF9B438] - [25/07/2016 11:36:19] - |A| - [157184] - C:\WINDOWS\syswow64\WiFiDisplay.dll
[MD5.1E7B13CDBA9D57D2BF54A7501FB17376] - [25/07/2016 11:41:36] - |A| - [586080] - C:\WINDOWS\syswow64\wimgapi.dll
[MD5.B7B67257F01B0B814066F245DAD34367] - [25/07/2016 11:39:46] - |A| - [93696] - C:\WINDOWS\syswow64\winbio.dll
[MD5.E78E204A005D6DDEBBFA453380D6E847] - [25/07/2016 11:38:55] - |A| - [585216] - C:\WINDOWS\syswow64\Windows.AccountsControl.dll
[MD5.395AC69CCD9E2D590775AA6ADD2AE1D2] - [25/07/2016 11:52:44] - |A| - [649728] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Store.dll
[MD5.162EE6B2FD2EBF008AF0B12C7E07A6D8] - [25/07/2016 11:47:00] - |A| - [250880] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Store.TestingFramework.dll
[MD5.40C2D19E230CDCBA7707DB5C5A9C6419] - [25/07/2016 11:42:03] - |A| - [5323776] - C:\WINDOWS\syswow64\Windows.Data.Pdf.dll
[MD5.D1600085065675F98F41A01DCD03AA6E] - [25/07/2016 11:50:58] - |A| - [854528] - C:\WINDOWS\syswow64\Windows.Devices.Bluetooth.dll
[MD5.5A9CDDA8859CDA201006EE7BB84BC673] - [25/07/2016 11:46:42] - |A| - [254976] - C:\WINDOWS\syswow64\Windows.Devices.Picker.dll
[MD5.05B15BD9C92BE52F35A2295B22C5D892] - [25/07/2016 11:41:01] - |A| - [168448] - C:\WINDOWS\syswow64\Windows.Devices.Scanners.dll
[MD5.257C46467A3C9FA96EA59B8B7DFCCA75] - [25/07/2016 11:46:40] - |A| - [559616] - C:\WINDOWS\syswow64\Windows.Devices.SmartCards.dll
[MD5.ED87A6D9B014FC9D5CF57B9D7F54EA15] - [25/07/2016 11:40:29] - |A| - [386560] - C:\WINDOWS\syswow64\Windows.Devices.WiFiDirect.dll
[MD5.5AF1EAB54122BA45CA59C10FAF3CC558] - [25/07/2016 11:36:26] - |A| - [1228800] - C:\WINDOWS\syswow64\Windows.Globalization.dll
[MD5.CF97D32C0BD24525307676C04F4A32DF] - [25/07/2016 11:43:14] - |A| - [298496] - C:\WINDOWS\syswow64\Windows.Graphics.dll
[MD5.B99334A08D3E9CE2D4A4BFB8BBC4CB76] - [25/07/2016 11:43:17] - |A| - [1448960] - C:\WINDOWS\syswow64\Windows.Graphics.Printing.3D.dll
[MD5.50B851ADFFAC3B2EFD1B5DE4D8A94277] - [25/07/2016 11:41:06] - |A| - [468992] - C:\WINDOWS\syswow64\Windows.Graphics.Printing.dll
[MD5.9B60985A87BA2FED9F57DA30F191098E] - [25/07/2016 11:51:04] - |A| - [315904] - C:\WINDOWS\syswow64\Windows.Internal.Bluetooth.dll
[MD5.5DC9ED2C89D94C47892DF237D604BDC8] - [25/07/2016 11:35:00] - |A| - [200192] - C:\WINDOWS\syswow64\Windows.Internal.Management.dll
[MD5.C8F351BE29CEA63BC5EE5A175576B7F3] - [25/07/2016 11:39:15] - |A| - [1105920] - C:\WINDOWS\syswow64\Windows.Media.Audio.dll
[MD5.8D9CB9BB31AC17112D75456E928C3839] - [25/07/2016 11:38:28] - |A| - [103936] - C:\WINDOWS\syswow64\Windows.Media.Devices.dll
[MD5.BD869430C7B7CCD5FE0C3D9D6D344953] - [25/07/2016 11:39:06] - |A| - [2798080] - C:\WINDOWS\syswow64\Windows.Media.dll
[MD5.734026191E38F421D62D0067D89B0E35] - [25/07/2016 11:38:03] - |A| - [1063936] - C:\WINDOWS\syswow64\Windows.Media.Editing.dll
[MD5.463DA1563BB9C1849527967BA80C1810] - [25/07/2016 11:44:00] - |A| - [287712] - C:\WINDOWS\syswow64\Windows.Media.MediaControl.dll
[MD5.C23A52581FEA6CD49A49160BFA794BF7] - [25/07/2016 11:39:36] - |A| - [6952088] - C:\WINDOWS\syswow64\Windows.Media.Protection.PlayReady.dll
[MD5.76B34D04F94D7A8D47763C4E8285F88B] - [25/07/2016 11:43:29] - |A| - [1117184] - C:\WINDOWS\syswow64\Windows.Media.Speech.dll
[MD5.A4879DCB9CBE6F67661F0EF4D5A59092] - [25/07/2016 11:38:13] - |A| - [835072] - C:\WINDOWS\syswow64\Windows.Media.Streaming.dll
[MD5.B39E043BCB704FF6F0D0DEADBCBA754D] - [25/07/2016 11:38:47] - |A| - [683008] - C:\WINDOWS\syswow64\Windows.Networking.BackgroundTransfer.dll
[MD5.7C7CC816CEEB07022EBCC6B779B16E1D] - [25/07/2016 11:39:02] - |A| - [521728] - C:\WINDOWS\syswow64\Windows.Networking.Connectivity.dll
[MD5.5E52C817BCF919CF11CD523A2EC4A456] - [25/07/2016 11:38:52] - |A| - [638464] - C:\WINDOWS\syswow64\Windows.Networking.dll
[MD5.C40419A7C19D8C10AD7F7C923044FCFF] - [25/07/2016 11:48:44] - |A| - [523776] - C:\WINDOWS\syswow64\Windows.Security.Authentication.OnlineId.dll
[MD5.97C7434D1268B8AA10A615415C92CE9A] - [25/07/2016 11:46:48] - |A| - [496128] - C:\WINDOWS\syswow64\Windows.Security.Authentication.Web.Core.dll
[MD5.80BD175A8820F5D1C0913DE1BA2A0400] - [25/07/2016 11:34:58] - |A| - [40960] - C:\WINDOWS\syswow64\Windows.Shell.Search.UriHandler.dll
[MD5.937208F90E70A7A415F05932ABD72DFB] - [25/07/2016 11:37:53] - |A| - [34304] - C:\WINDOWS\syswow64\Windows.Speech.Pal.dll
[MD5.CF034E3697C5CA79777F94116D57C6A6] - [25/07/2016 11:38:57] - |A| - [2179584] - C:\WINDOWS\syswow64\Windows.StateRepository.dll
[MD5.492C152E65A4F59D0FDDE2F2E0C34DE8] - [25/07/2016 11:37:46] - |A| - [48128] - C:\WINDOWS\syswow64\Windows.StateRepositoryBroker.dll
[MD5.10882529EF2A92C7E5ACCC0E6EDF8390] - [25/07/2016 11:37:53] - |A| - [48640] - C:\WINDOWS\syswow64\Windows.StateRepositoryClient.dll
[MD5.4BBFE28B6732D30D01C8880CEB254BB5] - [25/07/2016 11:38:23] - |A| - [256192] - C:\WINDOWS\syswow64\Windows.Storage.ApplicationData.dll
[MD5.394B995CB6ADFEED1A37DD15FADE5068] - [25/07/2016 11:54:31] - |A| - [5240960] - C:\WINDOWS\syswow64\windows.storage.dll
[MD5.414967EA08650001DD671FEFE37633E7] - [25/07/2016 11:35:12] - |A| - [645632] - C:\WINDOWS\syswow64\Windows.Storage.Search.dll
[MD5.A65CFA79A13690155545A5FEEEC4FC42] - [25/07/2016 11:40:42] - |A| - [283136] - C:\WINDOWS\syswow64\Windows.UI.BioFeedback.dll
[MD5.70BE5D31CD548715F88398D7B56E99B5] - [25/07/2016 11:40:43] - |A| - [315904] - C:\WINDOWS\syswow64\Windows.UI.BlockedShutdown.dll
[MD5.70128BC69D515F2D38577D2438861424] - [25/07/2016 11:46:54] - |A| - [133632] - C:\WINDOWS\syswow64\Windows.UI.Core.TextInput.dll
[MD5.541C337FA4551C852FA4371AD3BF9C5B] - [25/07/2016 11:41:33] - |A| - [764928] - C:\WINDOWS\syswow64\Windows.UI.Cred.dll
[MD5.E48F0A089D9BAE356BF14FE3A16B1147] - [25/07/2016 11:41:54] - |A| - [489984] - C:\WINDOWS\syswow64\Windows.UI.dll
[MD5.8F81BC95794B0C17812988D44D000170] - [25/07/2016 11:41:36] - |A| - [1582080] - C:\WINDOWS\syswow64\Windows.UI.Immersive.dll
[MD5.2C0BBF7FC5526D7285BEAD239895C473] - [25/07/2016 11:41:50] - |A| - [682496] - C:\WINDOWS\syswow64\Windows.UI.Input.Inking.dll
[MD5.E43E3D372FB0B976124C3A4F080556C6] - [25/07/2016 11:41:54] - |A| - [1799680] - C:\WINDOWS\syswow64\Windows.UI.Logon.dll
[MD5.23F74037E71A1D1D827A3F0DDCB8A697] - [25/07/2016 11:37:12] - |A| - [4404736] - C:\WINDOWS\syswow64\Windows.UI.Search.dll
[MD5.D8F75D59301833722BFB4893A47F57F2] - [25/07/2016 11:53:56] - |A| - [13018112] - C:\WINDOWS\syswow64\Windows.UI.Xaml.dll
[MD5.52838DDB3B20C7330A30D89509A93B55] - [25/07/2016 11:46:12] - |A| - [1268736] - C:\WINDOWS\syswow64\Windows.UI.Xaml.Resources.dll
[MD5.7C557ABB26C2B2D930AA005FF6A8C025] - [25/07/2016 11:39:08] - |A| - [592384] - C:\WINDOWS\syswow64\Windows.Web.dll
[MD5.D57F7D9FB771CA0B434E975F76413430] - [25/07/2016 11:39:19] - |A| - [1072128] - C:\WINDOWS\syswow64\Windows.Web.Http.dll
[MD5.236B3202BBB1FCD6C3319A994056E108] - [25/07/2016 11:49:44] - |A| - [1522160] - C:\WINDOWS\syswow64\WindowsCodecs.dll
[MD5.702A77C8EB30026CF6C16F9B1439F166] - [25/07/2016 11:38:01] - |A| - [238592] - C:\WINDOWS\syswow64\WindowsCodecsExt.dll
[MD5.FFA3300F8C8542A92015C7FF48A16AF9] - [25/07/2016 11:38:32] - |A| - [28083144] - C:\WINDOWS\syswow64\WindowsCodecsRaw.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [7659212] - C:\WINDOWS\syswow64\WindowsPowerShell
[MD5.1E497317417C1C68B5453DD04721B16D] - [25/07/2016 11:49:51] - |A| - [614400] - C:\WINDOWS\syswow64\winhttp.dll
[MD5.4A2AD2C3B186FFE8EFE4DC7AB492F73E] - [25/07/2016 11:46:27] - |A| - [79360] - C:\WINDOWS\syswow64\winhttpcom.dll
[MD5.21BE44272CAC55D1B6C88C1E0BA78F8E] - [25/07/2016 11:39:22] - |A| - [2501632] - C:\WINDOWS\syswow64\wininet.dll
[MD5.D5BF10F0C309C82820813A7190CE1F5F] - [25/07/2016 11:37:49] - |A| - [65536] - C:\WINDOWS\syswow64\wininetlui.dll
[MD5.CEEA8FA78E1652BB7219FC118E9F67EE] - [25/07/2016 11:40:46] - |A| - [330752] - C:\WINDOWS\syswow64\winipcfile.dll
[MD5.BEC15702CE3242133B95F0E2C69FFC88] - [25/07/2016 11:41:02] - |A| - [980480] - C:\WINDOWS\syswow64\winipcsecproc.dll
[MD5.EACDCB7EA7696B10EF5CC65040A44923] - [25/07/2016 11:43:47] - |A| - [1349640] - C:\WINDOWS\syswow64\winmde.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [3784704] - C:\WINDOWS\syswow64\WinMetadata
[MD5.2086CC9E5A8C75F246A75EE606988B77] - [25/07/2016 11:39:50] - |A| - [1508352] - C:\WINDOWS\syswow64\winmsipc.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:34] - |D| - [110108] - C:\WINDOWS\syswow64\winrm
[MD5.550ECFF3C3808065169BFEA6C2B7837C] - [25/07/2016 11:43:53] - |A| - [400896] - C:\WINDOWS\syswow64\winspool.drv
[MD5.6EB3A9117D1849AE452110A2C66CC411] - [25/07/2016 11:39:04] - |A| - [820704] - C:\WINDOWS\syswow64\WinTypes.dll
[MD5.B65D241B81A010B6A78CCEEA900CCFC0] - [25/07/2016 11:38:14] - |A| - [56320] - C:\WINDOWS\syswow64\wkscli.dll
[MD5.30F680D95B0CCABE46C775672C912C0A] - [25/07/2016 11:48:50] - |A| - [306832] - C:\WINDOWS\syswow64\wlanapi.dll
[MD5.5A0B501B638941EAF2BEABCE3C645769] - [25/07/2016 11:35:02] - |A| - [413696] - C:\WINDOWS\syswow64\WLanConn.dll
[MD5.3D3BBD2DA5660B0B6C9F6A8B9401648C] - [25/07/2016 11:47:02] - |A| - [337920] - C:\WINDOWS\syswow64\wlanmsm.dll
[MD5.51DF6FC12B5EF8CA87414D79C98CBC7A] - [25/07/2016 11:46:32] - |A| - [395264] - C:\WINDOWS\syswow64\wlansec.dll
[MD5.9208E440059270395C320190BFA9EE0E] - [25/07/2016 11:46:58] - |A| - [368128] - C:\WINDOWS\syswow64\wlanui.dll
[MD5.BF370250794A9405AD153A4C1A4F5BBD] - [25/07/2016 11:38:13] - |A| - [32552] - C:\WINDOWS\syswow64\wldp.dll
[MD5.650A2E42A8965FEEF24105EF3D19780B] - [25/07/2016 11:38:26] - |A| - [510976] - C:\WINDOWS\syswow64\wlidcli.dll
[MD5.0B7C5790893F3650162BED4BEA35D9A6] - [25/07/2016 11:44:04] - |A| - [695752] - C:\WINDOWS\syswow64\WMADMOD.DLL
[MD5.87755FF83726D908224C08C180D42C72] - [25/07/2016 11:54:21] - |A| - [12586496] - C:\WINDOWS\syswow64\wmp.dll
[MD5.5A69A6CB031970F5E0BBD4E967D32924] - [25/07/2016 11:38:05] - |A| - [1497088] - C:\WINDOWS\syswow64\WMPDMC.exe
[MD5.6B50CF0D71F727CEDF49216FD4AC0FB9] - [25/07/2016 11:39:53] - |A| - [290304] - C:\WINDOWS\syswow64\WmpDui.dll
[MD5.A7CD30176029F60B56F5590E37310103] - [25/07/2016 11:43:00] - |A| - [339968] - C:\WINDOWS\syswow64\WMPhoto.dll
[MD5.C8892F76C2D15CB1175E3F7A04D07904] - [25/07/2016 11:43:45] - |A| - [890880] - C:\WINDOWS\syswow64\WMSPDMOD.DLL
[MD5.132209E26098FCDDEC023B460E68EBEB] - [25/07/2016 11:43:35] - |A| - [1070080] - C:\WINDOWS\syswow64\WMSPDMOE.DLL
[MD5.D707B12965D5E8DFBD7C5BF7FB12AF02] - [25/07/2016 11:46:20] - |A| - [24064] - C:\WINDOWS\syswow64\WordBreakers.dll
[MD5.FC42E59329315A30F397490033055D28] - [25/07/2016 11:44:07] - |A| - [2217984] - C:\WINDOWS\syswow64\Wpc.dll
[MD5.B33928C3DED11908104A38E0C3090F7F] - [25/07/2016 11:43:47] - |A| - [572928] - C:\WINDOWS\syswow64\WpcWebFilter.dll
[MD5.968DD3AA844E40932950709FD9CB9556] - [25/07/2016 11:46:49] - |A| - [1976832] - C:\WINDOWS\syswow64\wpdshext.dll
[MD5.75869FD635879D9B0DCED6B6E4FEFDCD] - [25/07/2016 11:46:34] - |A| - [57344] - C:\WINDOWS\syswow64\WPDShServiceObj.dll
[MD5.FBBE8B9147474379F54F8A1BACBF9748] - [25/07/2016 11:41:26] - |A| - [388384] - C:\WINDOWS\syswow64\ws2_32.dll
[MD5.9A6B1DB1667CDD276A208F5AE5646948] - [25/07/2016 11:37:49] - |A| - [151552] - C:\WINDOWS\syswow64\WSClient.dll
[MD5.AD1EC1102124182624F1224768FFAE96] - [25/07/2016 11:36:45] - |A| - [564224] - C:\WINDOWS\syswow64\WSDApi.dll
[MD5.92B98A16E41005D74CF7B2EF28AB1FCF] - [25/07/2016 11:43:16] - |A| - [26112] - C:\WINDOWS\syswow64\wsdchngr.dll
[MD5.8450005F7BA8662A64E3FB7B0C3EE836] - [25/07/2016 11:46:32] - |A| - [51712] - C:\WINDOWS\syswow64\wshbth.dll
[MD5.94A99147A62D9830676B47D2BFA8FA46] - [25/07/2016 11:38:27] - |A| - [125440] - C:\WINDOWS\syswow64\wshom.ocx
[MD5.B61C9BA4E125BC5FFF338D7B11BAC6EC] - [25/07/2016 11:38:14] - |A| - [805888] - C:\WINDOWS\syswow64\WSShared.dll
[MD5.3E97CC7E938C4D15FCC27EC33C898606] - [25/07/2016 11:37:55] - |A| - [153088] - C:\WINDOWS\syswow64\WSSync.dll
[MD5.B91176A909798C7EAC28AB4FE786CA53] - [25/07/2016 11:41:50] - |A| - [705536] - C:\WINDOWS\syswow64\wuapi.dll
[MD5.F5814ED9E8B83F872FBDCB139B001C8A] - [25/07/2016 11:40:48] - |A| - [23552] - C:\WINDOWS\syswow64\wups.dll
[MD5.D0A2BA04B1E3F6C1F0E52F65D97EF39D] - [25/07/2016 11:43:44] - |A| - [703840] - C:\WINDOWS\syswow64\WWAHost.exe
[MD5.7D81335F3FCD9C37DE3C8C9989428C99] - [25/07/2016 11:36:30] - |A| - [431240] - C:\WINDOWS\syswow64\WWanAPI.dll
[MD5.102F3BB5D63225A25817C8E44B85533F] - [25/07/2016 11:35:20] - |A| - [63528] - C:\WINDOWS\syswow64\wwapi.dll
[MD5.35383CA7169E12D885B9B553F59E3154] - [25/07/2016 11:47:16] - |A| - [41984] - C:\WINDOWS\syswow64\XblAuthManagerProxy.dll
[MD5.9FE071ED2AAE48A691D234E757297CF3] - [25/07/2016 11:46:21] - |A| - [49152] - C:\WINDOWS\syswow64\XblAuthTokenBrokerExt.dll
[MD5.FC26697351E186D415E53BF83D37DAAD] - [25/07/2016 11:38:42] - |A| - [3555840] - C:\WINDOWS\syswow64\xpsrchvw.exe
[MD5.F459F8A639AE35E8ECA718832BEDDB53] - [25/07/2016 11:49:12] - |A| - [2102272] - C:\WINDOWS\syswow64\xpsservices.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [198144] - C:\WINDOWS\syswow64\zh-CN
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [192000] - C:\WINDOWS\syswow64\zh-HK
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [192000] - C:\WINDOWS\syswow64\zh-TW
[MD5.B18B0885CEFFA800A8C39EBDF41CE5A8] - [25/07/2016 11:40:42] - |A| - [347648] - C:\WINDOWS\syswow64\zipfldr.dll
[MD5.0B247775E6D85763E490BAE3B7CE0CB9] - [25/07/2016 11:43:12] - |A| - [31232] - C:\WINDOWS\syswow64\ztrace_maps.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:32] - |D| - [8704] - C:\WINDOWS\syswow64\Drivers\en-US
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:32] - |D| - [29184] - C:\WINDOWS\syswow64\Drivers\fr-FR
[MD5.00000000000000000000000000000000] - [25/07/2016 18:49:32] - |D| - [3072] - C:\WINDOWS\syswow64\Drivers\UMDF

---------- | Drives


T:

[23/06/2016 07:51:44] - |A| - (.-.) - [1474] - (0.0.0.0) - T:\barrow 2 & widen 100% sécurisé - Raccourci.lnk
[12/05/2016 12:04:54] - |A| - (.Copyright © 1999-2012 - BASS.) - [219136] - (2.4.9.0) - T:\bass.dll
[12/05/2016 12:04:54] - |A| - (.Copyright © 2005-2012 by radio42: Bernd Niedergesaess, Germany. http://www.bass.radio42.com/ - bn@radio42.com - BASS.NET API for .Net.) - [638976] - (2.4.9.1) - T:\Bass.Net.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2003-2009 - BASSCD.) - [35328] - (2.4.3.1) - T:\basscd.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2004-2009 - BASSFLAC.) - [48128] - (2.4.1.0) - T:\bassflac.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2005-2010 - BASSmix.) - [33280] - (2.4.4.0) - T:\bassmix.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2012 - BASSOPUS.) - [103424] - (0.0.0.1) - T:\bassopus.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2002-2010 - BASSWMA.) - [34816] - (2.4.4.0) - T:\basswma.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2007-2009 - BASSWV.) - [59904] - (2.4.1.0) - T:\basswv.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Apple Lossless Audio Codec add-on for the BASS library.) - [9416] - (2.4.3.0) - T:\bass_alac.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Monkey's Audio add-on for the BASS library.) - [81408] - (2.4.0.1) - T:\bass_ape.dll
[12/05/2016 12:04:57] - |A| - (.2003-2006, MaresWEB - Musepack add-on for the BASS library.) - [45056] - (2.4.1.0) - T:\bass_mpc.dll
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBXPExt.) - [68608] - (4.5.7.6229) - T:\CDBXP.dll
[12/05/2016 12:05:09] - |A| - (. - .) - [337408] - (13.0.0.0) - T:\LogicNP.FolderView.dll
[12/05/2016 12:05:15] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2016. - StarBurn  CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3622784] - (15.6.1.1025) - T:\StarBurn.dll
[11/07/2016 08:44:19] - |A| - (.Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [371303208] - (18.0.0.329) - T:\10295_Video-facile-1.exe
[11/07/2016 08:43:51] - |A| - (.Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [371303208] - (18.0.0.329) - T:\10295_Video-facile.exe
[26/07/2016 18:18:34] - |A| - (.-.) - [220130080] - (0.0.0.0) - T:\1_CyberLink_Power2Go10_Platinum_Upgrade_P2G150522-04.exe
[26/07/2016 06:03:37] - |A| - (.-.) - [160160] - (0.0.0.0) - T:\60Second_en_us.exe
[26/07/2016 06:03:38] - |A| - (.-.) - [34010104] - (0.0.0.0) - T:\60Second_x64.exe
[11/07/2016 08:44:52] - |A| - (.-.) - [318714912] - (0.0.0.0) - T:\ABBYY_BCR20Win_ESD.exe
[14/06/2016 07:35:24] - |A| - (.-.) - [368371848] - (0.0.0.0) - T:\ABBYY_FR12_PRO_TRIAL.exe
[09/07/2016 23:53:01] - |A| - (.-.) - [252432728] - (0.0.0.0) - T:\ABBYY_ScreenshotReader_11_ESD.exe
[14/06/2016 07:27:21] - |A| - (.-.) - [71143096] - (0.0.0.0) - T:\ABBYY_Screenshot_Reader_ESD.exe
[16/07/2016 06:47:43] - |A| - (.© 2016 Acelogix Software - System maintenance and Optimizer utility.) - [9138432] - (6.2.0.289) - T:\aceutils.exe
[11/07/2016 08:45:17] - |A| - (.c Lavasoft Limited. - Web Companion Installer.) - [340568] - (2.3.1411.2698) - T:\Ad-Aware Web Companion Pro 2.3.1411.2698.exe
[26/07/2016 18:18:42] - |A| - (.-.) - [1725064] - (11.1.5152.0) - T:\Adaware_Installer.exe
[14/07/2016 14:58:24] - |A| - (.Copyright© 2005-2016                                                                                 - Advanced SystemCare 10                                     .) - [44912008] - (10.0.0.198) - T:\advanced-systemcare-setup-beta.exe
[14/07/2016 11:17:41] - |A| - (.-.) - [42799000] - (0.0.0.0) - T:\any-audio-converter(1).exe
[06/07/2016 18:35:50] - |A| - (.-.) - [42799000] - (0.0.0.0) - T:\any-audio-converter.exe
[15/07/2016 13:48:43] - |A| - (.Copyright (c) Apowersoft Ltd. 2016  All rights reserved                                              - Apowersoft Online Launcher Setup                           .) - [1223336] - (1.4.4.0) - T:\apowersoft-online-launcher (1).exe
[15/07/2016 13:47:19] - |A| - (.Copyright (c) Apowersoft Ltd. 2016  All rights reserved                                              - Apowersoft Online Launcher Setup                           .) - [1223336] - (1.4.4.0) - T:\apowersoft-online-launcher.exe
[11/07/2016 08:45:18] - |A| - (.-.) - [1006637056] - (0.0.0.0) - T:\appstore lfs ultra, power2go 11, & efm du musée de l'homme.exe
[10/07/2016 19:04:24] - |A| - (.                                                                                                    - Ashampoo Backup 2016 Setup                                 .) - [2608520] - (1.0.0.0) - T:\ashampoo_backup_2016_dl.exe
[10/07/2016 19:04:25] - |A| - (.                                                                                                    - Ashampoo Backup Pro 10 Setup                               .) - [2610664] - (1.0.0.0) - T:\ashampoo_backup_pro_10_dl.exe
[11/07/2016 08:48:01] - |A| - (.                                                                                                    - Ashampoo Burning Studio 16 Setup                           .) - [92298344] - (16.0.6.0) - T:\ashampoo_burning_studio_16_e16.0.6_sm.exe
[11/07/2016 08:48:11] - |A| - (.                                                                                                    - Ashampoo Core Tuner 2 Setup                                .) - [2493632] - (1.0.0.0) - T:\ashampoo_core_tuner_2_dl.exe
[11/07/2016 08:48:12] - |A| - (.                                                                                                    - Ashampoo Cover Studio 2 Setup                              .) - [40270904] - (2.2.0.0) - T:\ashampoo_cover_studio_2_2.2.0_sm.exe
[14/07/2016 04:03:31] - |A| - (.                                                                                                    - Ashampoo Media Sync Setup                                  .) - [12641832] - (1.0.2.0) - T:\ashampoo_media_sync_e1.0.2_sm.exe
[09/07/2016 23:58:12] - |A| - (.                                                                                                    - Ashampoo Music Studio 4 Setup                              .) - [43875848] - (4.1.2.0) - T:\ashampoo_music_studio_4_4.1.2_16904.exe
[11/07/2016 08:48:16] - |A| - (.                                                                                                    - Ashampoo Music Studio 5 Setup                              .) - [50101560] - (5.0.7.0) - T:\ashampoo_music_studio_5_e5.0.7_sm.exe
[11/07/2016 08:48:22] - |A| - (.                                                                                                    - Ashampoo Music Studio 6 Setup                              .) - [45366192] - (6.0.2.0) - T:\ashampoo_music_studio_6_e6.0.2_sm.exe
[10/07/2016 19:04:58] - |A| - (.                                                                                                    - Ashampoo Photo Commander Free Setup                        .) - [163570320] - (11.2.0.0) - T:\ashampoo_photo_commander_free_21556.exe
[09/07/2016 23:58:35] - |A| - (.                                                                                                    - Ashampoo Photo Recovery Setup                              .) - [8033992] - (1.0.3.0) - T:\ashampoo_photo_recovery_e1.0.3_sm.exe
[12/07/2016 11:11:22] - |A| - (.                                                                                                    - Ashampoo Slideshow Studio HD 4 Setup                       .) - [53664272] - (4.0.0.0) - T:\ashampoo_slideshow_studio_hd_4_e4.0.0_sm.exe
[10/07/2016 19:05:42] - |A| - (.                                                                                                    - Ashampoo Snap 2017 Setup                                   .) - [52382680] - (1.0.1.0) - T:\ashampoo_snap_2017_23494.exe
[14/07/2016 14:52:15] - |A| - (.                                                                                                    - Ashampoo Snap 9 Setup                                      .) - [56773968] - (9.0.1.0) - T:\ashampoo_snap_9_e9.0.1_sm.exe
[25/07/2016 18:52:26] - |A| - (.                                                                                                    - Ashampoo Snap Business Setup                               .) - [52186504] - (9.0.1.0) - T:\ashampoo_snap_business_9.0.1_demo_sm.exe
[11/07/2016 08:48:27] - |A| - (.                                                                                                    - Ashampoo Undeleter Setup                                   .) - [2493176] - (1.0.0.0) - T:\ashampoo_undeleter_dl.exe
[10/07/2016 07:45:11] - |A| - (.                                                                                                    - Ashampoo UnInstaller 5 Setup                               .) - [21088224] - (5.4.0.0) - T:\ashampoo_uninstaller_5_e5.0.4_sm.exe
[10/07/2016 19:05:58] - |A| - (.                                                                                                    - Ashampoo UnInstaller 5 Setup                               .) - [22345192] - (5.6.0.0) - T:\ashampoo_uninstaller_5_e5.0.6_sm.exe
[17/07/2016 17:17:52] - |A| - (.                                                                                                    - Ashampoo UnInstaller 6 Setup                               .) - [18412280] - (6.0.14.0) - T:\ashampoo_uninstaller_6_e6.00.14_sm.exe
[10/07/2016 07:45:14] - |A| - (.                                                                                                    - Ashampoo Video Styler Setup                                .) - [27869488] - (1.0.1.0) - T:\ashampoo_video_styler_e1.0.1_sm.exe
[11/07/2016 08:48:30] - |A| - (.                                                                                                    - Ashampoo WinOptimizer 14 Setup                             .) - [28220040] - (14.0.0.0) - T:\ashampoo_winoptimizer_14_e14.00.00_sm.exe
[11/07/2016 08:48:33] - |A| - (.Copyright (C) 2004-2012 - Astroburn Audio Setup.) - [6086824] - (1.6.0.47) - T:\AstroburnAudio160-0047.exe
[08/07/2016 07:22:41] - |A| - (.-.) - [4999096] - (0.0.0.0) - T:\ausetup.exe
[09/07/2016 05:48:53] - |A| - (.2007-2015@Auslogics Software Pty Ltd                                                                 - Auslogics BitReplica Installation File                     .) - [6628472] - (2.1.1.0) - T:\auslogics-bitreplica-setup.exe
[05/07/2016 10:02:25] - |A| - (.Copyright (c) 2012 AVAST Software - Avast! Browser Cleanup Sfx.) - [4284888] - (12.1.2272.125) - T:\avast-browser-cleanup-sfx.exe
[10/07/2016 19:07:11] - |A| - (.Copyright 2003 Avery                                         - Création d'étiquettes et de pochettes                      .) - [7744030] - (4.1.100.1332) - T:\AveryDesignPro_FR.exe
[10/07/2016 19:07:13] - |A| - (.Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors - Avira Launcher.) - [4630840] - (1.1.63.21885) - T:\avira_fr_av_57559d7b12d97__wsd.exe
[10/06/2016 11:13:32] - |A| - (.-.) - [13915352] - (0.0.0.0) - T:\BDAntiCryptoWall_Release.exe
[11/07/2016 08:49:00] - |A| - (.Copyright © 1997-2015 Bitdefender                                                                    - BDAntiRansomware Setup                                     .) - [4677896] - (0.0.0.0) - T:\BDAntiRansomwareSetup.exe
[26/07/2016 06:03:41] - |A| - (.-.) - [43968168] - (0.0.0.0) - T:\BDPUARLauncher_FR.exe
[13/07/2016 06:14:25] - |A| - (.Bitdefender LLC.  - Bitdefender USB Immunizer.) - [4071672] - (2.0.1.9) - T:\BDUSBImmunizerLauncher.exe
[05/07/2016 06:10:33] - |A| - (.© Microsoft Corporation. - Win32 Cabinet Self-Extractor                                          .) - [10513112] - (6.0.2800.1168) - T:\BingDesktopSetup.exe
[11/07/2016 08:49:03] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - T:\BitTorrent (1).exe
[10/07/2016 00:00:15] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - T:\BitTorrent (2).exe
[10/07/2016 00:00:16] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - T:\BitTorrent (3).exe
[11/07/2016 08:49:04] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - T:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FAq2NsdKU).exe
[11/07/2016 08:49:04] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - T:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe
[10/07/2016 19:07:22] - |A| - (.Copyright (c) BlueStack Systems Inc. - BlueStacks Thin Installer.) - [319729248] - (0.0.0.0) - T:\BlueStacks2_native_mobile-retention.exe
[14/06/2016 07:47:58] - |A| - (.PortableApps.com Installer Copyright 2007-2010 PortableApps.com. - CamStudio Portable.) - [1433632] - (2.0.0.1) - T:\CamStudioPortable_2.0_English.paf.exe
[11/07/2016 08:50:13] - |A| - (.-.) - [252605800] - (8.1.2.1327) - T:\camtasia_864c253ee677b4609b331d451009a871.exe
[17/07/2016 16:03:37] - |A| - (.2005-2016 COMODO. - COMODO Cloud Antivirus.) - [6113672] - (1.3.1079.265) - T:\ccav_installer.exe
[10/07/2016 19:08:48] - |A| - (.Copyright (C) Piriform 2013-2015 - CCleaner Cloud Installer.) - [6259936] - (1.4.0.1817) - T:\CCleanerCloudSetup_1_4_1817.exe
[10/07/2016 19:08:46] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [6868672] - (2.0.0.0) - T:\ccleaner_5-16_fr_14492.exe
[13/06/2016 14:08:59] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [6868672] - (2.0.0.0) - T:\ccsetup_516.exe
[11/07/2016 08:50:47] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [7033368] - (2.0.0.0) - T:\ccsetup_517.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP command line version.) - [25712] - (4.5.7.6229) - T:\cdbxpcmd.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP.) - [1746544] - (4.5.7.6229) - T:\cdbxpp.exe
[10/07/2016 12:08:39] - |A| - (.2001-2014 Canneverbe Limited                                                                         - CDBurnerXP                                                 .) - [6230152] - (4.5.7.6140) - T:\cdbxp_setup_4.5.7.6139.exe
[20/07/2016 12:27:40] - |A| - (.� 2008-2010 COMODO Security Solutions, Inc. - cDrive setup.) - [14394008] - (1.0.8.84) - T:\cDrive_Setup.exe
[13/07/2016 10:33:25] - |A| - (.Copyright (c) 2009-2016, Comodo Security Solutions, Inc. - Chromodo.) - [53661272] - (50.14.22.468) - T:\chromodosetup.exe
[11/07/2016 08:50:54] - |A| - (.Copyright (C) 2009-2015, Ivo Beltchev - Adds classic shell features to Windows 7 and Windows 8.) - [6968048] - (4.2.5.0) - T:\ClassicShellSetup_4_2_5.exe
[10/06/2016 12:33:10] - |A| - (.-.) - [497903] - (0.0.0.0) - T:\CLCleaner2-PhotoDirector_5.exe
[10/07/2016 00:03:34] - |A| - (.Copyright (c) 2009-2015, Comodo Security Solutions, Inc. - Comodo Dragon.) - [55056152] - (45.8.12.389) - T:\Comodo Dragon 45.8.12.389 + Portable.exe
[10/07/2016 00:04:08] - |A| - (.2005-2014 COMODO. - COMODO Internet Security.) - [230403208] - (7.0.55655.4142) - T:\Comodo Firewall 7.0.317799.4142.exe
[11/07/2016 08:52:47] - |A| - (.2005-2015 COMODO. - COMODO Internet Security.) - [217812544] - (8.2.0.4792) - T:\Comodo Internet Security Premium 8.2.0.4792 Final.exe
[17/07/2016 16:07:35] - |A| - (.© 2008-2012 Comodo Security Solutions, Inc. - COMODO PC TuneUp setup.) - [14863480] - (1.0.3740.46) - T:\cptsetup.exe
[12/07/2016 14:02:20] - |A| - (.Copyright (C) 2008-2010 Comodo Security Solutions, Inc. - COMODO System Utilities setup.) - [13530592] - (4.0.30135.26) - T:\CSU_FREE_Setup.exe
[10/07/2016 19:10:42] - |A| - (.8pecxstudios 2012-2016                                                                               - Cyberfox Web Browser Fibre optics of the web               .) - [50060432] - (45.0.2.0) - T:\Cyberfox-45.0.2.en-US.win64-x86_64.intel.exe
[10/07/2016 00:07:23] - |A| - (.-.) - [1887724608] - (0.0.0.0) - T:\CyberLinkDirectorSuite2.0_DRS131210-01_TR131226-021.part1.exe
[10/07/2016 19:10:55] - |A| - (.-.) - [1048863800] - (0.0.0.0) - T:\CyberLinkMediaSuite12.0_Ultimate_MES140428-01_TR140718-022.part1.exe
[10/07/2016 19:10:55] - |A| - (.-.) - [1048863800] - (0.0.0.0) - T:\cyberlinkmediasuite12.0_ultimate_mes140428-01_tr140718-022.part1.exe
[11/07/2016 12:50:06] - |A| - (.-.) - [1993434200] - (0.0.0.0) - T:\CyberLinkMediaSuite14.0_Trial_MES160530-01_TR160628-024.exe
[16/07/2016 12:28:02] - |A| - (.-.) - [1048870784] - (0.0.0.0) - T:\CyberLinkMediaSuite14.0_Ultimate_MES160511-03_TR160627-004.part1.exe
[16/07/2016 13:46:34] - |A| - (.-.) - [111981936] - (0.0.0.0) - T:\CyberLink_CreativeDesignPack_TravelPack4_CDP160425-01.exe
[10/07/2016 19:10:54] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_Director_Suite_Downloader.exe
[13/05/2016 06:34:57] - |A| - (.-.) - [97557896] - (0.0.0.0) - T:\CyberLink_MediaEspresso7.5_MEX160302-01.exe
[10/07/2016 19:10:54] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_MediaEspresso_Downloader.exe
[11/07/2016 12:49:02] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1089304] - (2.9.1.7801) - T:\CyberLink_Media_Suite_Downloader.exe
[11/07/2016 08:55:24] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PhotoDirector_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PhotoDirector_Downloader_1.exe
[04/07/2016 15:01:26] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1064376] - (2.9.1.7325) - T:\CyberLink_Power2Go_Downloader.exe
[14/06/2016 07:48:31] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PowerDirector_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PowerDirector_Ultimate_Suite_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PowerDirector_Ultimate_Suite_Downloader_1.exe
[14/06/2016 07:33:45] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - T:\CyberLink_PowerDVD_Downloader.exe
[14/06/2016 07:48:33] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [967200] - (2.9.1.3520) - T:\CyberLink_PowerProducer_Downloader.exe
[16/07/2016 12:29:00] - |A| - (.-.) - [78368488] - (0.0.0.0) - T:\CyberLink_TravelPack3_YouCam_CDP150508-01.exe
[16/07/2016 12:29:13] - |A| - (.-.) - [411978176] - (0.0.0.0) - T:\CyberLink_YouCam7_Deluxe_YUC150721-01.exe
[11/07/2016 08:55:26] - |A| - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Setup.) - [19062208] - (10.1.0.74) - T:\DAEMON Tools Lite 10.1.0.74.exe
[10/07/2016 19:32:06] - |A| - (.Copyright © BVRP Software 2004                               -                                                            .) - [60183082] - (4.1.100.1332) - T:\DigitalVideoDuplicator3_FR(1).exe
[14/06/2016 07:26:45] - |A| - (.                                                            -                                                            .) - [61197060] - (4.1.100.1332) - T:\DigitalVideoDuplicator3_FR.exe
[13/07/2016 10:28:14] - |A| - (.Copyright (c) 2009-2016, Comodo Security Solutions, Inc. - Comodo Dragon.) - [56127856] - (50.14.22.465) - T:\dragonsetup.exe
[05/07/2016 17:12:31] - |A| - (.Copyright© 2016 IObit.                                                          - Driver Booster 4 Setup                                     .) - [14201416] - (4.0.0.0) - T:\driver_booster_setup_beta.exe
[15/07/2016 11:47:10] - |A| - (.Copyright (c) 2006-2012 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short). - EaseUS Disk Copy Home Edition 2.3.) - [45470992] - (1.1.0.1) - T:\EaseUS_DiskCopy_Home.exe
[11/07/2016 09:03:40] - |A| - (.Copyright 2003-2015 Emsisoft Ltd.                                                                    - Emsisoft Anti-Malware Setup                                .) - [237135456] - (11.7.0.6394) - T:\EmsisoftAntiMalwareSetup.exe
[11/07/2016 09:04:18] - |A| - (.-.) - [232114840] - (0.0.0.0) - T:\EmsisoftEmergencyKit (1).exe
[19/07/2016 09:36:47] - |A| - (.-.) - [243326440] - (0.0.0.0) - T:\EmsisoftEmergencyKit(1).exe
[19/07/2016 13:32:45] - |A| - (.-.) - [243326440] - (0.0.0.0) - T:\EmsisoftEmergencyKit(2).exe
[14/07/2016 07:34:44] - |A| - (.-.) - [243789992] - (0.0.0.0) - T:\EmsisoftEmergencyKit.exe
[11/07/2016 09:04:37] - |A| - (.Copyright 2003-2015 Emsisoft Ltd.                                                                    - Emsisoft Internet Security Setup                           .) - [226980568] - (11.5.1.6247) - T:\EmsisoftInternetSecuritySetup.exe
[13/07/2016 11:12:33] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Setup                              .) - [48771744] - (11.0.0.0) - T:\epm.exe
[13/07/2016 11:37:53] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Trial Edition Setup                .) - [50340704] - (11.0.0.0) - T:\epm_trial(1).exe
[13/07/2016 11:31:21] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Trial Edition Setup                .) - [50340704] - (11.0.0.0) - T:\epm_trial.exe
[14/06/2016 07:59:26] - |A| - (.Serif WebPlus Starter Edition 4.0.2 © 2014 Serif (Europe) Ltd. Tous droits réservés. - Serif WebPlus Starter Edition Install.) - [175768400] - (1.0.0.0) - T:\ESDPK-WLX7-WebPlusStarterEdition-fr-FR.exe
[11/07/2016 09:06:33] - |A| - (.Serif WebPlus Starter Edition 4.0.2 © 2014 Serif (Europe) Ltd. Tous droits réservés. - Serif WebPlus Starter Edition Install.) - [175768400] - (1.0.0.0) - T:\ESDPK-WLX7-WebPlusStarterEdition-fr-FR_1.exe
[10/07/2016 19:38:19] - |A| - (.Copyright (c) ESET 1992-2011. - ESET Smart Installer.) - [2870984] - (1.0.0.6421) - T:\esetsmartinstaller_enu.exe
[18/07/2016 18:13:42] - |A| - (.Copyright (c) 2014 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).                - EaseUS EverySync Setup                                     .) - [26312616] - (3.0.0.0) - T:\everysync_trial.exe
[11/07/2016 09:06:53] - |A| - (.© 2006 Microsoft Corporation.  -.) - [53610536] - (12.0.6320.5000) - T:\ExcelViewer.exe
[11/07/2016 09:07:05] - |A| - (.© 2013-2016 F-Secure Corporation. - F-Secure Download Tool.) - [524248] - (1.0.265.0) - T:\F-SecureOnlineScanner.exe
[10/06/2016 12:23:44] - |A| - (.-.) - [167034] - (0.0.0.0) - T:\fileassassin-setup-1.06.exe
[14/06/2016 08:08:08] - |A| - (.PortableApps.com Installer Copyright 2007-2011 PortableApps.com. - Mozilla Firefox, Portable Edition (Legacy 3.6).) - [9178672] - (3.6.25.0) - T:\FirefoxPortableLegacy36_3.6.25_English.paf.exe
[25/07/2016 09:25:28] - |A| - (.MindGems, Inc.                                                                                       - Folder Size                                                .) - [2301330] - (3.4.0.0) - T:\FolderSize.exe
[19/07/2016 13:57:07] - |A| - (.MindGems, Inc.                                                                                       - Folder Size                                                .) - [2301330] - (3.4.0.0) - T:\foldersize_2-6_en_18550.exe
[22/08/2013 15:57:30] - |A| - (.-.) - [983040] - (0.8.0.5) - T:\Framakey.exe
[26/07/2016 14:06:39] - |A| - (.2005-2015 © par l'équipe Framakey - Framakey Installer.) - [486775300] - (2.2.0.2) - T:\FramakeyInstaller_2.2.0.2-LaTeX-fr.exe
[10/07/2016 02:11:31] - |A| - (.2005-2007© by Framakey Team - Framakey Installer pour Windows XP et suivants.) - [515917547] - (1.13.0.8) - T:\FramakeyInstaller_Full-1.13.0.8.exe
[11/07/2016 09:07:01] - |A| - (.Copyright © 2016 iSkysoft.                                                      - iSkysoft Free Video Downloader Setup                       .) - [33832392] - (4.9.1.0) - T:\free-video-downloader_full1683.exe
[19/07/2016 13:47:24] - |A| - (.                                                                                                    - Freemake Youtube Mp3 Converter Setup                       .) - [1277416] - (3.5.2.1) - T:\freemake-youtube-mp3-converter-3-5-2-1-es-en-br-fr-de-it-win.exe
[19/07/2016 13:39:42] - |A| - (.                                                                                                    - Freemake Video Converter Setup                             .) - [1866512] - (4.1.9.29) - T:\FreemakeVideoConverterSetup.exe
[05/07/2016 08:16:43] - |A| - (.                                                                                                    - Free Studio Setup                                          .) - [2267896] - (1.0.1.0) - T:\FreeStudio_6.6.24.627_d.exe
[05/07/2016 14:13:23] - |A| - (.                                                                                                    - Free Video to MP3 Converter Setup                          .) - [2267840] - (1.0.1.0) - T:\FreeVideoToMP3Converter_5.0.96.627_o.exe
[26/01/2016 18:30:26] - |A| - (.© Microsoft Corporation. - GWX WEB WINDOWS.) - [7635472] - (6.3.9600.18124) - T:\GetWindows10-Web_Default_Attr(1).exe
[26/01/2016 18:30:27] - |A| - (.© Microsoft Corporation. - GWX WEB WINDOWS.) - [7635472] - (6.3.9600.18124) - T:\GetWindows10-Web_Default_Attr.exe
[10/06/2016 11:27:21] - |A| - (.-.) - [14892728] - (0.0.0.0) - T:\Glary_Utilities_Pro_v5.17.0.30.exe
[11/07/2016 09:07:09] - |A| - (.Copyright Reason Company Software Inc. - herdProtect Anti-Malware Scanner.) - [2873112] - (1.0.3.9) - T:\herdProtectScan_Setup.exe
[11/07/2016 09:07:11] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11441168] - (3.7.14.263) - T:\HitmanPro_x64(1).exe
[15/06/2016 09:06:30] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11438608] - (3.7.14.265) - T:\HitmanPro_x64.exe
[12/07/2016 14:18:31] - |A| - (.Copyright (C) Reason Software Company Inc. - Boost by Reason Setup.) - [7761936] - (1.0.2.0) - T:\installboost.exe
[10/07/2016 17:02:53] - |A| - (.Copyright(c) 2005-2012 - IObit Uninstaller.) - [1688408] - (2.2.0.127) - T:\iobit-uninstaller.exe
[10/07/2016 19:39:30] - |A| - (.Copyright © 1998-2015 KC Softwares                                                                   - KC Softwares KCleaner Setup                                .) - [1414720] - (0.0.0.0) - T:\kcleaner.exe
[10/07/2016 02:20:28] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft Digital Lock                                                                                                                                                                                                                                                                                      .) - [6089248] - (7.7.0.2) - T:\LavasoftDigitalLock_30days.exe
[10/07/2016 02:20:30] - |A| - (.Lavasoft © 2001-2007 - Lavasoft Encrypted File (SFX).) - [126312] - (7.7.0.8) - T:\LavasoftEncryptionReader.exe
[10/07/2016 02:20:30] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft File Shredder                                                                                                                                                                                                                                                                                     .) - [5263480] - (7.7.0.2) - T:\LavasoftFileShredder_30days.exe
[10/07/2016 02:20:31] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft Privacy Toolbox                                                                                                                                                                                                                                                                                   .) - [6443280] - (7.7.0.2) - T:\LavasoftPrivacyToolbox_30days.exe
[11/07/2016 09:23:55] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.2.0.0 - LibreOffice Portable.) - [174042352] - (5.1.3.0) - T:\LibreOfficePortable_5.1.3_MultilingualAll.paf.exe
[10/07/2016 19:39:50] - |A| - (.Copyright (C) 2007 Macrovision Corporation                                         - Setup Launcher                                       .) - [11309264] - (14.0.0.166) - T:\LightScribeTemplateLabeler_1.18.15.1.exe
[15/07/2016 14:11:16] - |A| - (.(c) Malwarebytes.                                                               - Malwarebytes Anti-Malware                                  .) - [22851472] - (2.2.1.1043) - T:\mbam-setup-cnet.35891-2.2.1.1043.exe
[10/07/2016 17:04:21] - |A| - (.Copyright © Malwarebytes Corporation - Malwarebytes Anti-Rootkit.) - [16563352] - (1.9.3.1001) - T:\mbar-1.09.3.1001.exe
[26/07/2016 06:02:43] - |A| - (.-.) - [388227] - (3.3.4.0) - T:\MKV.exe
[10/07/2016 19:40:12] - |A| - (.© MOVAVI. - Movavi Video Suite 11.) - [100766168] - (11.2.0.0) - T:\MovaviVideoSuiteSetup.exe
[10/07/2016 19:40:59] - |A| - (.© Movavi. - Video Suite.) - [140213832] - (15.3.0.0) - T:\MovaviVideoSuiteSetupF(1).exe
[10/07/2016 19:41:26] - |A| - (.© Movavi. - Video Suite.) - [140213832] - (15.3.0.0) - T:\MovaviVideoSuiteSetupF(2).exe
[10/07/2016 19:40:31] - |A| - (.© Movavi. - Video Suite.) - [153857904] - (15.2.0.0) - T:\movavivideosuitesetupf.exe
[10/07/2016 02:27:17] - |A| - (.Copyright 2011 Nero AG and its licensors - Nero Self Extractor.) - [262941032] - (12.0.3.0) - T:\Nero2015-16.0.05500_trial.exe
[10/07/2016 02:27:59] - |A| - (.Copyright 2011 Nero AG and its licensors - Nero Self Extractor.) - [803581360] - (12.0.3.0) - T:\Nero2015_ContentPack-16.0.00300.exe
[10/07/2016 19:41:54] - |A| - (.(c) 2015 Nero AG and its affiliates - NeroInstaller.) - [2559496] - (1.6.0.0) - T:\Nero2016-17.09.2015_stub_trial.exe
[11/07/2016 09:24:27] - |A| - (.(c) 2015 Nero AG and its affiliates - NeroInstaller.) - [2563536] - (1.7.0.8) - T:\Nero_CoverDesigner_3p.exe
[10/07/2016 19:41:55] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [307200] - (0.1.1.986) - T:\Ninite AdAware Classic Start Dropbox Essentials Installer.exe
[20/07/2016 09:03:17] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [307200] - (0.1.1.986) - T:\Ninite Classic Start Installer.exe
[04/07/2016 18:45:35] - |A| - (.(c) 2009 Nitro PDF Software - Installation and setup files for Nitro PDF Reader (fr-FR).) - [56666816] - (2.1.1009.0) - T:\nitro_reader5_64.exe
[25/07/2016 09:25:29] - |A| - (.© Microsoft Corporation. - Microsoft OneDrive Setup.) - [9040072] - (17.3.6390.509) - T:\OneDriveSetup.exe
[14/06/2016 07:43:08] - |A| - (.                                                                                                    - Online Video Recorder Setup                                .) - [16879392] - (3.4.4.1) - T:\OnlineVideoRecorder_3_4_4_AQFR.exe
[11/07/2016 09:24:30] - |A| - (.Copyright 2013 O&O Software GmbH - O&O SafeErase Professional.) - [772296] - (6.0.0.0) - T:\OOSafeEraseProfessional10ENU.exe
[10/07/2016 19:42:18] - |A| - (.© Panda 2016 - Panda Security SFX.) - [2252720] - (15.14.2.0) - T:\PANDAFREEAV.exe
[25/07/2016 11:36:51] - |A| - (.-.) - [2001540] - (0.0.0.0) - T:\pc-decrapifier-3.0.0.exe
[11/07/2016 09:24:33] - |A| - (.© pdfforge GmbH - PDFCreator is the easy way of creating PDFs..) - [27980440] - (2.2.2.0) - T:\PDFCreator_Plus-2_2_2-setup.exe
[14/06/2016 07:32:38] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PhotoFiltre Portable.) - [5878212] - (7.1.2.0) - T:\PhotoFiltrePortable_7.1.2.paf.exe
[25/07/2016 09:25:29] - |A| - (.Copyright (C) 2006 Macrovision Corporation                                                                - Setup Launcher                                                                                                                                                                                                                                                 .) - [53091632] - (12.0.0.49974) - T:\pm14free_x64_eng.exe
[11/07/2016 09:24:37] - |A| - (.Copyright 2011, 2012, 2013, 2014, 2015, 2016 Sony Corporation - PlayMemories Home Installer.) - [16496720] - (8.0.7600.16385) - T:\PMHOME_5100DL.exe
[14/06/2016 09:05:05] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com AppCompactor.) - [895480] - (3.1.0.0) - T:\PortableApps.comAppCompactor_3.1.0_English.paf.exe
[14/06/2016 07:38:15] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com Launcher.) - [767904] - (2.2.0.0) - T:\PortableApps.comLauncher_2.2.paf (1).exe
[14/06/2016 07:44:26] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com Launcher.) - [767904] - (2.2.0.0) - T:\PortableApps.comLauncher_2.2.paf.exe
[14/06/2016 08:06:15] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [3793168] - (12.2.0.0) - T:\PortableApps.com_Platform_Setup_12.2.paf.exe
[11/07/2016 09:24:39] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4409424] - (13.0.0.0) - T:\PortableApps.com_Platform_Setup_13.0.paf.exe
[11/07/2016 09:24:39] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4353008] - (14.0.0.0) - T:\PortableApps.com_Platform_Setup_14.0.paf.exe
[19/07/2016 09:39:56] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4140968] - (14.1.0.0) - T:\PortableApps.com_Platform_Setup_14.1.paf(1).exe
[14/07/2016 07:35:44] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4140968] - (14.1.0.0) - T:\PortableApps.com_Platform_Setup_14.1.paf.exe
[14/06/2016 08:21:22] - |A| - (.PortableApps.com - PortableApps.com Suite.) - [140562568] - (1.6.1.0) - T:\PortableApps.com_Suite_Setup_1.6.1_English (1).exe
[14/06/2016 08:07:07] - |A| - (.PortableApps.com - PortableApps.com Suite.) - [140562568] - (1.6.1.0) - T:\PortableApps.com_Suite_Setup_1.6.1_English.exe
[10/06/2016 11:45:21] - |A| - (.-.) - [258331888] - (0.0.0.0) - T:\Power2Go_10.0.2522.0_Essential_b_Essential_P2G151125-04.exe
[11/07/2016 09:24:42] - |A| - (.© 2010 Microsoft Corporation.  -.) - [63347104] - (14.0.4730.1010) - T:\PowerPointViewer.exe
[14/06/2016 07:57:59] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - Private Browsing by PortableApps.com.) - [1487280] - (3.0.0.0) - T:\PrivateBrowsingByPortableApps_3.0.paf.exe
[21/07/2016 06:18:54] - |A| - (.Copyright Shane Gowland ©  2015 - ProcessAlive.) - [409088] - (0.0.8.0) - T:\ProcessAlive-0.9.1.exe
[23/07/2016 12:57:25] - |A| - (.Copyright (C) 2013-2015 SosVirus Software - Process Killer.) - [988160] - (1.0.0.3) - T:\processclose_1.0.0.3.exe
[25/07/2016 18:52:45] - |A| - (.Copyright © 2009 - 2015 MiniTool Solution Ltd.,                                 - MiniTool Partition Wizard Free Setup                       .) - [32262960] - (9.1.0.0) - T:\pwfree91.exe
[10/07/2016 19:42:55] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.1.1.0 - qBittorrent Portable.) - [9120168] - (3.3.3.0) - T:\qBittorrentPortable_3.3.3.paf.exe
[11/07/2016 09:24:54] - |A| - (.Copyright © 2016 Reason Software Company Inc. - Reason Core Security Setup.) - [3919376] - (1.1.2.0) - T:\reason-core-security-setup (1).exe
[11/07/2016 09:24:53] - |A| - (.Copyright © 2016 Reason Software Company Inc. - Reason Core Security Setup.) - [3919376] - (1.1.2.0) - T:\reason-core-security-setup.exe
[11/07/2016 09:24:54] - |A| - (.Copyright © 2015 Reason Software Company Inc. - Reason Core Security Setup.) - [3855576] - (1.1.1.0) - T:\reason-core-security-setup_1.1.1.0.exe
[10/06/2016 15:20:24] - |A| - (.(c) Malwarebytes - Malwarebytes' RegASSASSIN.) - [65232] - (1.0.0.3) - T:\regassassin-setup-1.03.exe
[09/07/2016 14:19:14] - |A| - (.Copyright © 2008-2014 Auslogics Labs Pty Ltd                                                         - Auslogics Registry Cleaner Installation File               .) - [7253752] - (4.1.0.0) - T:\registry-cleaner-setup.exe
[21/07/2016 06:13:18] - |A| - (.                                                                                                    - Remembr Setup                                              .) - [819850] - (0.0.0.0) - T:\remembr-install-0.5.exe
[11/07/2016 09:24:59] - |A| - (.-.) - [409449] - (1.3.0.0) - T:\rstassociations-version-exe_1.3.exe
[25/07/2016 18:52:47] - |A| - (.© 2011-2016 Pete Batard (GPL v3) - Rufus.) - [937080] - (2.10.973.0) - T:\rufus-2.10.exe
[11/07/2016 09:29:03] - |A| - (.-.) - [487400] - (3.3.9.4) - T:\Search_The_Crack.exe
[10/07/2016 19:44:49] - |A| - (.kastorsoft.com                                                                                       - Free Video Converter Setup                                 .) - [6509896] - (2.3.0.0) - T:\SetupFreeVideoConverter.exe
[26/07/2016 06:02:44] - |A| - (.-.) - [163598920] - (0.0.0.0) - T:\setup_11.0.3.8.x01_2014_12_13_09_36.exe
[11/07/2016 09:29:08] - |A| - (.                                                                                                    - ShadowExplorer Setup                                       .) - [969845] - (0.9.462.0) - T:\ShadowExplorer-0.9-setup.exe
[11/07/2016 09:29:08] - |A| - (.© 2015 simplitec GmbH                                                                                - simplitec setup                                            .) - [21595680] - (2.2.22.27) - T:\simplitec_simpliclean_int.exe
[25/07/2016 09:25:32] - |A| - (.Copyright (c) TechSmith Corporation. - Snagit 13.) - [91067736] - (13.0.1.6326) - T:\snagit.exe
[11/07/2016 09:29:59] - |A| - (.Copyright 1989-2016 Sophos Limited. - Sophos Extractor.) - [196787200] - (1.3.3.7) - T:\SophosInstall.exe
[26/07/2016 18:29:48] - |A| - (.2005-2006© by sarkos and Tuxmouraille (GPL) - Framakey Starter pour Windows XP.) - [188397] - (0.2.2.2) - T:\start.exe
[26/07/2016 06:02:52] - |A| - (.(c) Malwarebytes - Malwarebytes' StartUpLite.) - [204496] - (1.0.0.7) - T:\startuplite-setup-1.07.exe
[09/07/2016 05:50:18] - |A| - (.Stellar Information Technology Pvt Ltd.                                                              - Stellar Information Technology Pvt Ltd.                    .) - [5979488] - (6.0.0.1) - T:\StellarPhoenixWindowsDataRecovery-Professional.exe
[10/07/2016 19:46:38] - |A| - (.1995-2013 Stellar Information Systems Ltd.                                                           - Stellar Information Systems Ltd                            .) - [6471304] - (6.0.0.0) - T:\StellarPhoenixWindowsDataRecovery-ProfessionalV6_AQFR.exe
[14/06/2016 07:25:56] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - Sumatra PDF Portable.) - [2541384] - (2.3.2.0) - T:\SumatraPDFPortable_2.3.2.paf.exe
[05/07/2016 09:39:21] - |A| - (.-.) - [7233888] - (0.0.0.0) - T:\susetupPro.exe
[26/07/2016 06:02:52] - |A| - (.© 1997-2014 Kaspersky Lab ZAO. - TDSS rootkit removing tool.) - [4187592] - (3.0.0.42) - T:\tdsskiller.exe
[11/07/2016 09:30:26] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - TeamViewer Portable.) - [10876344] - (11.0.59518.0) - T:\TeamViewerPortable_11.0.59518.paf.exe
[10/07/2016 19:46:51] - |A| - (.TeamViewer GmbH -.) - [9666224] - (11.0.59518.0) - T:\TeamViewer_Setup_fr.exe
[11/07/2016 09:30:28] - |A| - (.-.) - [23398464] - (0.0.0.0) - T:\tenorshare-android-data-recovery-trial.exe
[14/06/2016 07:43:53] - |A| - (.-.) - [24727614] - (0.0.0.0) - T:\tenorshare-free-video-converter.exe
[11/07/2016 09:30:33] - |A| - (.-.) - [8074734] - (0.0.0.0) - T:\tenorshare-pdf-password-recovery-trial.exe
[11/07/2016 09:30:34] - |A| - (.-.) - [5015718] - (0.0.0.0) - T:\tenorshare-pdf-password-remover-trial.exe
[05/07/2016 13:46:37] - |A| - (.-.) - [25106954] - (0.0.0.0) - T:\tenorshare-samsung-data-recovery-trial.exe
[14/06/2016 07:45:03] - |A| - (.-.) - [24343000] - (0.0.0.0) - T:\tenorshare-video-converter-trial.exe
[14/06/2016 08:03:50] - |A| - (.-.) - [266046792] - (0.0.0.0) - T:\tenorshare-windows-boot-genius-trial.exe
[14/06/2016 08:06:43] - |A| - (.-.) - [32563203] - (0.0.0.0) - T:\tenorshare-windows-video-downloader-trial.exe
[11/07/2016 04:50:20] - |A| - (.-.) - [271572636] - (1.1.3.70) - T:\tentatives lfs ultra finalis efm et didinser.exe
[19/07/2016 19:23:09] - |A| - (.Mozilla - Thunderbird.) - [35165800] - (4.42.0.0) - T:\Thunderbird Setup 45.2.0.exe
[19/07/2016 13:55:05] - |A| - (.© 1996-2016 by Joachim Marder e.K.                                                                   - TreeSize Free Setup                                        .) - [5963008] - (3.4.5.343) - T:\TreeSizeFreeSetup.exe
[11/07/2016 09:31:52] - |A| - (.Copyright ©2011 - 2016 - Setup Application.) - [21382440] - (3.9.0.0) - T:\tweaking.com_windows_repair_aio_setup.exe
[26/07/2016 18:02:08] - |A| - (.-.) - [6848474] - (0.0.0.0) - T:\ultracopier-ultimate-windows-x86_64-1.2.3.2-setup.exe
[11/07/2016 09:31:55] - |A| - (.Copyright - Geza Kovacs - License - GNU GPL v2+ - UNetbootin - Universal Netboot Installer - http://unetbootin.sourceforge.net.) - [4831744] - (1.1.1.1) - T:\unetbootin-windows-613.exe
[10/06/2016 11:10:42] - |A| - (.© 2008/2014 - El Desaparecido - www.SosVirus.net - UsbFix - Remove Malware From Your Drive!.) - [3989160] - (7.8.0.6) - T:\UsbFix-7.806.exe
[10/07/2016 17:04:37] - |A| - (.© 2008/2016 - El Desaparecido - www.SOSVirus.net - UsbFix - Remove Malware From Your Drive!.) - [3124797] - (8.2.2.8) - T:\UsbFix_2016_8.233.exe
[11/07/2016 09:31:58] - |A| - (.Copyright (c) 2016 Steganos Software GmbH - Steganos PortableSafe USB Starter.) - [4127744] - (17.1.3.11700) - T:\usbstarter.exe
[10/07/2016 19:48:12] - |A| - (.                                                                                                    - Panda USB Vaccine Setup                                    .) - [848856] - (1.0.1.4) - T:\USBVaccineSetup.exe
[11/07/2016 09:31:59] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.1.1.0 - uTorrent Portable.) - [2370592] - (3.4.6.42178) - T:\uTorrentPortable_3.4.6.42178_online.paf.exe
[10/07/2016 16:14:51] - |A| - (.Copyright 2015 Wondershare Corporation                                      - videoconverterfree_setup_full1129.exe.) - [800840] - (1.2.1.1) - T:\video-converter-free_setup_full1129.exe
[10/07/2016 19:48:31] - |A| - (.                                                                                                    -                                                            .) - [46736640] - (9.0.18.0) - T:\video-converter-ultimate(1).exe
[10/07/2016 19:48:19] - |A| - (.                                                                                                    -                                                            .) - [46736640] - (9.0.18.0) - T:\video-converter-ultimate.exe
[23/07/2016 05:19:21] - |A| - (.- Video to Picture Setup.) - [12937488] - (1.0.0.0) - T:\video-to-picture.exe
[11/07/2016 09:32:15] - |A| - (.- Professional video watermarking program.) - [16786240] - (5.1.0.0) - T:\video-watermark-pro.exe
[11/07/2016 09:32:13] - |A| - (.- Video watermarking program.) - [16733504] - (5.1.0.0) - T:\video-watermark.exe
[10/07/2016 19:48:17] - |A| - (.Copyright © 2014 UpdateStar                                                                          - Video Converter Setup                                      .) - [8704008] - (7.0.3.91) - T:\VideoConverter.exe
[24/06/2016 11:31:58] - |A| - (.-.) - [89589712] - (0.0.0.0) - T:\VideoMeetingPlus_1.0.1711.0_Beta_VMX160226-03.exe
[10/07/2016 12:33:54] - |A| - (.Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [453686816] - (17.0.0.717) - T:\Video_Explosion_Deluxe_Setup.exe
[10/07/2016 07:41:44] - |A| - (.- Télécharge et installe VirtualBox portable.) - [301259] - (3.3.6.1) - T:\VirtualBoxPortable.exe
[14/06/2016 07:15:38] - |A| - (.2007-2015 PortableApps.com, PortableApps.com Installer 3.0.17.0 - VLC Media Player Portable.) - [26948496] - (2.2.1.0) - T:\VLCPortable_2.2.1.paf.exe
[14/03/2015 03:48:01] - |RA| - (.© 2015 Western Digital Technologies, Inc. - Unlock Utility for WD Encrypted Drive.) - [2081624] - (1.2.0.9) - T:\WD Drive Unlock.exe
[14/06/2016 07:23:56] - |A| - (.tenorshare.com                                                                                       - Windows Care Genius                                        .) - [16035976] - (3.9.4.355) - T:\windows-care-genius-trial.exe
[26/07/2016 06:02:53] - |A| - (.WiseCleaner.com                                                                                      - Wise Care 365                                              .) - [5692408] - (3.4.3.300) - T:\Wise_Care_365_v3.43.exe
[11/07/2016 09:32:28] - |A| - (.© 2006 Microsoft Corporation.  -.) - [25746416] - (12.0.6038.3000) - T:\wordview_fr-fr.exe
[26/07/2016 06:02:54] - |A| - (.WiseVideoSuite.com                                                                                   - Wise Video Downloader                                      .) - [2006472] - (1.6.1.77) - T:\WVDSetup.exe
[11/07/2016 09:32:31] - |A| - (.-.) - [33087576] - (0.0.0.0) - T:\x-audio-maker6-fr.exe
[11/07/2016 09:32:34] - |A| - (.-.) - [16868162] - (0.0.0.0) - T:\x-dailymotion-video-downloader-fr.exe
[11/07/2016 09:32:36] - |A| - (.-.) - [28206392] - (0.0.0.0) - T:\x-download-youtube-video5-fr.exe
[11/07/2016 09:32:39] - |A| - (.-.) - [37509928] - (0.0.0.0) - T:\x-video-converter-ultimate7-fr.exe
[11/07/2016 09:32:43] - |A| - (.-.) - [26640091] - (0.0.0.0) - T:\x-video-editor2-fr.exe
[26/07/2016 17:35:39] - |A| - (.NCH Software - Express Zip.) - [1062432] - (0.0.0.0) - T:\zipplus.exe
[11/07/2016 09:32:49] - |A| - (.Copyright © 1998-2016, Check Point, LTD - ZoneAlarm.) - [3412200] - (14.1.48.0) - T:\zonealarm-free-antivirus-firewall_14-1-048-000_fr_10494.exe
[11/07/2016 09:32:48] - |A| - (.Copyright © 1999-2011 Pro Softnet Corp.                                                              - ZoneAlarm Backup Powered by IDrive Setup                   .) - [9468744] - (0.0.0.0) - T:\ZoneAlarmBackupSetup.exe
[08/07/2016 19:32:32] - |A| - (.-.) - [262] - (0.0.0.0) - T:\.label.info
[10/07/2016 19:01:41] - |A| - (.-.) - [4248] - (0.0.0.0) - T:\0x0404.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7094] - (0.0.0.0) - T:\0x0407.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6129] - (0.0.0.0) - T:\0x0409.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7022] - (0.0.0.0) - T:\0x040a.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7242] - (0.0.0.0) - T:\0x040c.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6897] - (0.0.0.0) - T:\0x0410.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6623] - (0.0.0.0) - T:\0x0411.ini
[10/07/2016 19:01:42] - |A| - (.-.) - [5724] - (0.0.0.0) - T:\0x0412.ini
[10/07/2016 19:01:42] - |A| - (.-.) - [4315] - (0.0.0.0) - T:\0x0804.ini
[11/07/2016 08:44:52] - |A| - (.-.) - [6848] - (0.0.0.0) - T:\a2settings.ini
[11/07/2016 08:44:52] - |A| - (.-.) - [64] - (0.0.0.0) - T:\a2whitelist.ini
[12/05/2016 12:04:59] - |A| - (.-.) - [24] - (0.0.0.0) - T:\Config.ini
[10/07/2016 19:10:42] - |A| - (.-.) - [142] - (0.0.0.0) - T:\Custom.ini
[10/07/2016 19:31:48] - |A| - (.-.) - [40] - (0.0.0.0) - T:\Define.ini
[18/07/2016 18:18:04] - |A| - (.-.) - [282] - (0.0.0.0) - T:\desktop(1).ini
[10/07/2016 19:31:48] - |A| - (.-.) - [282] - (0.0.0.0) - T:\desktop_FromLFS_ULTRA.ini
[27/11/2013 15:14:04] - |A| - (.-.) - [2141] - (0.0.0.0) - T:\Framakey.ini
[10/07/2016 19:39:27] - |A| - (.-.) - [101] - (0.0.0.0) - T:\info.ini
[11/07/2016 09:24:15] - |A| - (.-.) - [0] - (0.0.0.0) - T:\LogAnalyZer.ini
[10/07/2016 19:44:47] - |A| - (.-.) - [1953] - (0.0.0.0) - T:\Setup.ini
[10/07/2016 19:48:12] - |A| - (.-.) - [208] - (0.0.0.0) - T:\ureg.ini
[12/05/2016 12:06:17] - |A| - (.-.) - [1598] - (0.0.0.0) - T:\UserSettings.ini
[11/07/2016 09:32:19] - |A| - (.-.) - [27] - (0.0.0.0) - T:\VTU.ini

R:

[26/07/2016 14:23:27] - |A| - (.2005-2006© by sarkos and Tuxmouraille (GPL) - Framakey Starter pour Windows XP.) - [188397] - (0.2.2.2) - R:\start.exe

I:

[04/05/2011 17:11:58] - |A| - (.-.) - [472466] - (0.8.0.2) - I:\Framakey.exe
[09/05/2011 20:08:50] - |A| - (.- Télécharge et installe VirtualBox portable.) - [301259] - (3.3.6.1) - I:\VirtualBoxPortable.exe
[03/05/2011 11:24:12] - |A| - (.-.) - [2054] - (0.0.0.0) - I:\Framakey.ini

E:


D:

[24/07/2016 18:12:25] - |A| - (.-.) - [44] - (0.0.0.0) - D:\language.ini

---------- | C:

[30/10/2015 09:24:24] - |SHD| - [258] - C:\$Recycle.Bin
[25/07/2016 17:00:41] - |D| - [1208092] - C:\$SysReset
[25/07/2016 18:02:39] - |D| - [74925767] - C:\$Windows.~BT
[24/07/2016 18:59:38] - |D| - [126944772] - C:\AMD
[27/07/2016 04:24:24] - |RASHD| - [3] - C:\Autorun.inf
[02/08/2012 04:02:18] - |SHD| - [18187548] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |N| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[24/07/2016 22:06:29] - |D| - [0] - C:\Config.Msi
[MD5.D42212F6E46F2CB130B561B947649895] - [26/07/2016 08:04:18] - |A| - (.-.) - [1086] - (0.0.0.0) - C:\DelFix.txt
[26/07/2012 09:22:08] - |SHD| - [0] - C:\Documents and Settings
[27/07/2016 03:50:07] - |D| - [76247607] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 18:13:29] - |ASH| - (.-.) - [1535000576] - (0.0.0.0) - C:\hiberfil.sys
[07/01/2013 13:49:41] - |D| - [3776839] - C:\hp
[MD5.C8ED79256982AC5379A024569F7D2813] - [27/07/2016 04:35:24] - |A| - (.-.) - [30029] - (0.0.0.0) - C:\Look_my_hardware.tmp
[26/07/2016 17:23:04] - |D| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 09:30:46] - |N| - (.-.) - [0] - (0.0.0.0) - C:\OS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/07/2016 15:59:40] - |ASH| - (.-.) - [1476395008] - (0.0.0.0) - C:\pagefile.sys
[25/07/2016 18:38:48] - |D| - [0] - C:\PerfLogs
[25/07/2016 18:03:01] - |RD| - [1608827111] - C:\Program Files
[25/07/2016 18:03:01] - |RD| - [195488028] - C:\Program Files (x86)
[25/07/2016 18:38:49] - |HD| - [982944383] - C:\ProgramData
[27/07/2016 04:25:58] - |D| - [262073] - C:\QuickDiag
[MD5.829A1405A9B005D8CD1D6FE209EE4047] - [27/07/2016 04:26:18] - |A| - (.-.) - [481150] - (0.0.0.0) - C:\QuickDiag.txt
[01/08/2012 19:05:35] - |SHD| - [302183547] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/07/2016 15:59:40] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[02/08/2012 05:15:28] - |AD| - [1021167060] - C:\SWSETUP
[24/07/2016 15:59:39] - |SHD| - [0] - C:\System Volume Information
[01/08/2012 11:57:15] - |D| - [5674404] - C:\SYSTEM.SAV
[27/07/2016 04:05:18] - |D| - [8219400] - C:\UsbFix
[25/07/2016 18:03:01] - |RD| - [23052710416] - C:\Users
[25/07/2016 18:03:01] - |D| - [17325641224] - C:\Windows
[25/07/2016 18:59:51] - |D| - [10018750773] - C:\Windows.old
[25/07/2016 08:16:35] - |D| - [57302603831] - C:\Windows.old.000

---------- | C:\WINDOWS

[25/07/2016 18:38:49] - |D| - [802] - C:\WINDOWS\addins
[25/07/2016 18:38:49] - |D| - [1922600] - C:\WINDOWS\appcompat
[25/07/2016 18:38:49] - |D| - [12360910] - C:\WINDOWS\AppPatch
[25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\AppReadiness
[25/07/2016 18:38:48] - |RD| - [516185844] - C:\WINDOWS\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 18:06:57] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin
[25/07/2016 18:38:49] - |D| - [241412] - C:\WINDOWS\bcastdvr
[MD5.DE3C720C11A91557E1DFDFF0DB2AA3C2] - [30/10/2015 09:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.10586.0) - C:\WINDOWS\bfsvc.exe
[25/07/2016 18:38:49] - |D| - [32716961] - C:\WINDOWS\Boot
[MD5.CA4280ED137D666BD7A7A3A9B18B2134] - [25/07/2016 18:04:38] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[25/07/2016 18:38:49] - |D| - [2380376] - C:\WINDOWS\Branding
[25/07/2016 18:21:26] - |D| - [0] - C:\WINDOWS\CbsTemp
[25/07/2016 18:38:49] - |D| - [8970858] - C:\WINDOWS\Cursors
[25/07/2016 18:38:49] - |D| - [404217] - C:\WINDOWS\debug
[25/07/2016 18:38:49] - |RD| - [20934] - C:\WINDOWS\DesktopTileResources
[25/07/2016 18:38:49] - |RD| - [3032320] - C:\WINDOWS\DevicesFlow
[25/07/2016 18:38:49] - |D| - [4217368] - C:\WINDOWS\diagnostics
[25/07/2016 18:49:25] - |D| - [0] - C:\WINDOWS\DigitalLocker
[25/07/2016 18:38:49] - |SD| - [0] - C:\WINDOWS\Downloaded Program Files
[MD5.28DB89668234230CF4FB3E1BDE903D89] - [26/07/2016 16:54:50] - |A| - (.-.) - [9520] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[25/07/2016 18:38:49] - |HD| - [44568] - C:\WINDOWS\ELAMBKUP
[25/07/2016 18:49:25] - |D| - [0] - C:\WINDOWS\en-US
[26/07/2016 08:04:22] - |D| - [83004789] - C:\WINDOWS\ERUNT
[MD5.E396258CFD8F84E8F2C24930E6D88C67] - [25/07/2016 11:44:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4515256] - (10.0.10586.494) - C:\WINDOWS\explorer.exe
[25/07/2016 18:38:49] - |RSD| - [353586676] - C:\WINDOWS\Fonts
[25/07/2016 18:49:25] - |D| - [134144] - C:\WINDOWS\fr-FR
[25/07/2016 18:38:49] - |D| - [20838848] - C:\WINDOWS\Globalization
[25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\Help
[MD5.430DE1635CE173440D34ABA1676113D7] - [25/07/2016 11:40:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [994816] - (10.0.10586.494) - C:\WINDOWS\HelpPane.exe
[MD5.C7228F24B9130C64DCF4C390A04A775C] - [30/10/2015 09:17:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.10586.0) - C:\WINDOWS\hh.exe
[25/07/2016 18:38:49] - |D| - [173194846] - C:\WINDOWS\IME
[25/07/2016 18:38:49] - |RD| - [6840341] - C:\WINDOWS\ImmersiveControlPanel
[25/07/2016 18:34:38] - |D| - [42078735] - C:\WINDOWS\INF
[25/07/2016 19:00:20] - |D| - [931024796] - C:\WINDOWS\InfusedApps
[25/07/2016 18:38:49] - |D| - [36258450] - C:\WINDOWS\InputMethod
[25/07/2016 18:38:49] - |SHD| - [93394194] - C:\WINDOWS\Installer
[25/07/2016 18:38:49] - |D| - [89407] - C:\WINDOWS\L2Schemas
[25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[25/07/2016 18:38:49] - |D| - [41877165] - C:\WINDOWS\Logs
[25/07/2016 18:38:49] - |RSD| - [20145669] - C:\WINDOWS\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 09:17:40] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[25/07/2016 18:38:48] - |D| - [589031655] - C:\WINDOWS\Microsoft.NET
[25/07/2016 18:38:49] - |D| - [2371] - C:\WINDOWS\Migration
[25/07/2016 18:38:49] - |RD| - [470257] - C:\WINDOWS\MiracastView
[25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.60336413E419C2EA5E215F1A32061E40] - [30/10/2015 09:19:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [244736] - (10.0.10586.0) - C:\WINDOWS\notepad.exe
[25/07/2016 18:50:34] - |D| - [199124] - C:\WINDOWS\OCR
[25/07/2016 18:38:49] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[25/07/2016 19:00:19] - |DC| - [32036674] - C:\WINDOWS\Panther
[25/07/2016 18:38:49] - |D| - [28867244] - C:\WINDOWS\Performance
[MD5.800BA5E9AB4E88249D838003E0E58D3C] - [26/07/2016 15:26:31] - |A| - (.-.) - [7888] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[25/07/2016 18:38:49] - |D| - [1136442] - C:\WINDOWS\PLA
[25/07/2016 18:38:49] - |D| - [2566565] - C:\WINDOWS\PolicyDefinitions
[25/07/2016 18:38:49] - |D| - [15469164] - C:\WINDOWS\prefetch
[25/07/2016 18:38:49] - |RD| - [1963312] - C:\WINDOWS\PrintDialog
[25/07/2016 18:38:49] - |D| - [1297393] - C:\WINDOWS\Provisioning
[25/07/2016 18:38:49] - |RD| - [770223] - C:\WINDOWS\PurchaseDialog
[MD5.D9D56AFAA121BD6B4206F7FF3DA84BBA] - [30/10/2015 09:17:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.10586.0) - C:\WINDOWS\regedit.exe
[25/07/2016 18:38:49] - |D| - [22588] - C:\WINDOWS\Registration
[25/07/2016 18:38:49] - |D| - [3417523] - C:\WINDOWS\rescache
[25/07/2016 18:38:49] - |D| - [3728883] - C:\WINDOWS\Resources
[25/07/2016 18:38:49] - |D| - [0] - C:\WINDOWS\SchCache
[25/07/2016 18:38:49] - |D| - [121229] - C:\WINDOWS\schemas
[25/07/2016 18:38:49] - |D| - [3637248] - C:\WINDOWS\security
[25/07/2016 18:56:13] - |D| - [37758079] - C:\WINDOWS\ServiceProfiles
[25/07/2016 18:03:01] - |D| - [69300443] - C:\WINDOWS\servicing
[25/07/2016 18:54:14] - |D| - [42] - C:\WINDOWS\Setup
[MD5.8C125C21AAB6794B1360D7584C9496D2] - [26/07/2016 13:04:44] - |A| - (.-.) - [10894] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2016 13:04:44] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[25/07/2016 18:38:49] - |D| - [4544] - C:\WINDOWS\ShellNew
[25/07/2016 18:38:49] - |D| - [3070736] - C:\WINDOWS\SKB
[25/07/2016 18:06:30] - |D| - [370658254] - C:\WINDOWS\SoftwareDistribution
[25/07/2016 18:38:49] - |D| - [103543755] - C:\WINDOWS\Speech
[25/07/2016 18:38:49] - |D| - [50814701] - C:\WINDOWS\Speech_OneCore
[MD5.3BB80AF91D069F97006DCCC031164903] - [30/10/2015 09:18:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128000] - (10.0.10586.0) - C:\WINDOWS\splwow64.exe
[25/07/2016 18:38:49] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [25/07/2016 18:38:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[25/07/2016 18:03:01] - |D| - [3751148484] - C:\WINDOWS\System32
[25/07/2016 18:38:50] - |D| - [155460814] - C:\WINDOWS\SystemApps
[25/07/2016 18:38:51] - |D| - [18175861] - C:\WINDOWS\SystemResources
[25/07/2016 18:38:51] - |D| - [1321862758] - C:\WINDOWS\syswow64
[25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\TAPI
[25/07/2016 18:38:51] - |D| - [6] - C:\WINDOWS\Tasks
[25/07/2016 18:38:51] - |D| - [458208] - C:\WINDOWS\Temp
[25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\tracing
[25/07/2016 18:38:51] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 09:19:30] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[25/07/2016 18:38:51] - |D| - [12420] - C:\WINDOWS\Vss
[25/07/2016 18:38:51] - |D| - [10685945] - C:\WINDOWS\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [25/07/2016 18:38:57] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 09:18:16] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [25/07/2016 19:32:17] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 09:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\WINDOWS\winhlp32.exe
[25/07/2016 18:03:01] - |D| - [8356119728] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 09:18:41] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E9C22DCE95A6E5B6C37FED42B3749E32] - [30/10/2015 09:18:14] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.10586.0) - C:\WINDOWS\write.exe

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[28/08/2015 20:06:24] - C:\WINDOWS\Installer\5dd65.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 10:49:56] - C:\WINDOWS\Installer\5dd6b.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:16] - C:\WINDOWS\Installer\5dd71.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:22] - C:\WINDOWS\Installer\5dd77.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:30] - C:\WINDOWS\Installer\5dd7d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:36] - C:\WINDOWS\Installer\5dd83.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:44] - C:\WINDOWS\Installer\5dd89.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:52] - C:\WINDOWS\Installer\5dd8f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:00] - C:\WINDOWS\Installer\5dd95.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:06] - C:\WINDOWS\Installer\5dd9b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:16] - C:\WINDOWS\Installer\5dda1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:22] - C:\WINDOWS\Installer\5dda7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:30] - C:\WINDOWS\Installer\5ddad.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:38] - C:\WINDOWS\Installer\5ddb3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:46] - C:\WINDOWS\Installer\5ddb9.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:54] - C:\WINDOWS\Installer\5ddbf.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:02] - C:\WINDOWS\Installer\5ddc5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:10] - C:\WINDOWS\Installer\5ddcb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:18] - C:\WINDOWS\Installer\5ddd1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:26] - C:\WINDOWS\Installer\5ddd7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:34] - C:\WINDOWS\Installer\5dddd.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:42] - C:\WINDOWS\Installer\5dde3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:50] - C:\WINDOWS\Installer\5dde9.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:58] - C:\WINDOWS\Installer\5ddef.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:06] - C:\WINDOWS\Installer\5ddf5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:40] - C:\WINDOWS\Installer\5ddfb.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:07:30] - C:\WINDOWS\Installer\5de01.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:12] - C:\WINDOWS\Installer\5de07.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2016 18:09:02] - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:48] - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:42] - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:29] - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:33] - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:40] - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:43] - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:54] - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:45] - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:41] - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:59] - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:23] - [88102] - C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:38] - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:09:01] - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:46] - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:58] - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:55] - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:51] - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:56] - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:09:30] - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:53] - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:47] - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:35] - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:49] - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:09:05] - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:52] - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:39] - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 18:08:36] - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe     () - ()

---------- | %System%\*.in*

[30/10/2015 09:18:41] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[26/10/2012 16:42:24] - [29494] - C:\WINDOWS\System32\lvcoin64.ini
[25/07/2016 18:22:02] - [1758862] - C:\WINDOWS\System32\PerfStringBackup.INI
[30/10/2015 09:18:09] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[30/10/2015 09:17:49] - [2269] - C:\WINDOWS\System32\WimBootCompress.ini
[30/10/2015 09:19:39] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[30/10/2015 09:18:25] - [2269] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | [jean-]

[25/07/2016 18:15:19] - |HD| - [2038836088] - C:\Users\jean-\AppData
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\Application Data
[25/07/2016 08:00:46] - |RD| - [412] - C:\Users\jean-\Contacts
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\Cookies
[25/07/2016 07:57:36] - |RD| - [13965353] - C:\Users\jean-\Desktop
[25/07/2016 07:57:36] - |RD| - [444250388] - C:\Users\jean-\Documents
[25/07/2016 07:57:36] - |RD| - [3440981975] - C:\Users\jean-\Downloads
[25/07/2016 07:57:36] - |RD| - [2431] - C:\Users\jean-\Favorites
[25/07/2016 07:57:36] - |RD| - [1953] - C:\Users\jean-\Links
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\Local Settings
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\Menu Démarrer
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\Mes documents
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\Modèles
[25/07/2016 07:57:36] - |RD| - [504] - C:\Users\jean-\Music
[25/07/2016 18:15:19] - |ASH| - [1048576] - C:\Users\jean-\NTUSER.DAT
[26/07/2016 15:57:26] - |ASH| - [313344] - C:\Users\jean-\ntuser.dat.LOG1
[26/07/2016 15:57:26] - |ASH| - [313344] - C:\Users\jean-\ntuser.dat.LOG2
[25/07/2016 18:15:21] - |ASH| - [65536] - C:\Users\jean-\NTUSER.DAT{130ae43f-5281-11e6-ae42-9fe7f2bdbdbd}.TM.blf
[25/07/2016 18:15:21] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{130ae43f-5281-11e6-ae42-9fe7f2bdbdbd}.TMContainer00000000000000000001.regtrans-ms
[25/07/2016 18:15:21] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{130ae43f-5281-11e6-ae42-9fe7f2bdbdbd}.TMContainer00000000000000000002.regtrans-ms
[25/07/2016 18:17:56] - |SH| - [20] - C:\Users\jean-\ntuser.ini
[25/07/2016 08:06:08] - |RD| - [16040321074] - C:\Users\jean-\OneDrive
[25/07/2016 07:57:36] - |RD| - [73512666] - C:\Users\jean-\Pictures
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\Recent
[25/07/2016 07:57:36] - |RD| - [282] - C:\Users\jean-\Saved Games
[25/07/2016 18:18:12] - |RD| - [1872] - C:\Users\jean-\Searches
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\SendTo
[26/07/2016 16:07:41] - |D| - [0] - C:\Users\jean-\ultracopier
[25/07/2016 07:57:36] - |RD| - [504] - C:\Users\jean-\Videos
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\Voisinage d'impression
[25/07/2016 18:15:20] - |SHD| - [0] - C:\Users\jean-\Voisinage réseau
[25/07/2016 18:18:09] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Adobe
[25/07/2016 18:24:54] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ATI
[26/07/2016 16:05:21] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Framasoft
[25/07/2016 18:55:22] - |D| - [506] - C:\Users\jean-\AppData\Roaming\Macromedia
[25/07/2016 18:15:19] - |SD| - [485860] - C:\Users\jean-\AppData\Roaming\Microsoft
[26/07/2016 07:07:15] - |D| - [10] - C:\Users\jean-\AppData\Roaming\Mozilla
[27/07/2016 04:00:21] - |D| - [2441219] - C:\Users\jean-\AppData\Roaming\ZHP
[25/07/2016 18:21:22] - |D| - [0] - C:\Users\jean-\AppData\Local\ActiveSync
[25/07/2016 18:25:25] - |D| - [8] - C:\Users\jean-\AppData\Local\AMD
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Application Data
[25/07/2016 18:24:54] - |D| - [66104] - C:\Users\jean-\AppData\Local\ATI
[25/07/2016 18:24:12] - |D| - [18882584] - C:\Users\jean-\AppData\Local\Comms
[26/07/2016 16:09:10] - |D| - [1619000200] - C:\Users\jean-\AppData\Local\Ethash
[26/07/2016 16:05:20] - |D| - [0] - C:\Users\jean-\AppData\Local\Framasoft
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Historique
[26/07/2016 15:22:43] - |AH| - [21557] - C:\Users\jean-\AppData\Local\IconCache.db
[25/07/2016 18:15:19] - |D| - [255069907] - C:\Users\jean-\AppData\Local\Microsoft
[26/07/2016 06:24:02] - |D| - [87469] - C:\Users\jean-\AppData\Local\MicrosoftEdge
[25/07/2016 18:18:09] - |D| - [121567098] - C:\Users\jean-\AppData\Local\Packages
[25/07/2016 19:12:55] - |D| - [0] - C:\Users\jean-\AppData\Local\Programs
[25/07/2016 18:21:59] - |D| - [0] - C:\Users\jean-\AppData\Local\Publishers
[25/07/2016 18:15:19] - |D| - [9683911] - C:\Users\jean-\AppData\Local\Temp
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Temporary Internet Files
[25/07/2016 18:18:07] - |D| - [11345920] - C:\Users\jean-\AppData\Local\TileDataLayer
[25/07/2016 18:18:27] - |D| - [0] - C:\Users\jean-\AppData\Local\VirtualStore
[25/07/2016 18:18:11] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[25/07/2016 18:15:21] - |SHD| - [0] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[25/07/2016 18:15:19] - |RD| - [25651] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[25/07/2016 18:15:19] - |RD| - [3888] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[25/07/2016 18:15:19] - |RD| - [2927] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[25/07/2016 18:18:12] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[25/07/2016 18:18:11] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/07/2016 18:32:45] - |A| - [1198] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security Guard.lnk
[25/07/2016 18:15:19] - |D| - [170] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[25/07/2016 18:27:28] - |A| - [2409] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[25/07/2016 18:18:12] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[25/07/2016 18:15:19] - |RD| - [5318] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[26/07/2016 17:55:52] - |D| - [1981] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
[25/07/2016 18:15:19] - |RSD| - [7238] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[25/07/2016 18:18:12] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[25/07/2016 08:00:46] - |RHD| - [196] - C:\Users\Public\AccountPictures
[30/10/2015 09:24:24] - |RHD| - [3578] - C:\Users\Public\Desktop
[25/07/2016 18:38:57] - |ASH| - [174] - C:\Users\Public\desktop.ini
[30/10/2015 09:24:24] - |RD| - [13494782] - C:\Users\Public\Documents
[30/10/2015 09:24:24] - |RD| - [174] - C:\Users\Public\Downloads
[25/07/2016 18:38:49] - |RHD| - [1135] - C:\Users\Public\Libraries
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Music
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Pictures
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[25/07/2016 18:09:06] - |D| - [456] - C:\ProgramData\AMD
[25/07/2016 18:17:18] - |SHD| - [10574345388] - C:\ProgramData\Application Data
[25/07/2016 18:24:54] - |D| - [186] - C:\ProgramData\ATI
[25/07/2016 18:17:18] - |SHD| - [3578] - C:\ProgramData\Bureau
[25/07/2016 18:38:49] - |D| - [0] - C:\ProgramData\Comms
[25/07/2016 18:17:18] - |SHD| - [13494782] - C:\ProgramData\Documents
[26/07/2016 03:27:20] - |D| - [20116] - C:\ProgramData\Emsisoft
[25/07/2016 18:17:18] - |SHD| - [68086] - C:\ProgramData\Menu Démarrer
[25/07/2016 18:38:49] - |SD| - [968588044] - C:\ProgramData\Microsoft
[25/07/2016 18:24:48] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[26/07/2016 18:04:47] - |D| - [0] - C:\ProgramData\MindGems
[25/07/2016 18:17:18] - |SHD| - [0] - C:\ProgramData\Modèles
[26/07/2016 17:36:04] - |D| - [78734] - C:\ProgramData\NCH Software
[25/07/2016 18:07:59] - |D| - [14060333] - C:\ProgramData\Package Cache
[25/07/2016 18:38:49] - |D| - [1000] - C:\ProgramData\regid.1991-06.com.microsoft
[25/07/2016 18:38:49] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[25/07/2016 18:38:49] - |D| - [4455] - C:\ProgramData\USOPrivate
[25/07/2016 18:06:50] - |D| - [221184] - C:\ProgramData\USOShared
[25/07/2016 18:37:44] - |D| - [3035] - C:\ProgramData\Western Digital

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[25/07/2016 18:38:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[25/07/2016 18:17:18] - |SHD| - [67912] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[25/07/2016 18:38:49] - |RD| - [67912] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[25/07/2016 18:38:49] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[25/07/2016 18:38:49] - |RD| - [15666] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[25/07/2016 18:38:49] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[25/07/2016 18:09:31] - |D| - [4373] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[25/07/2016 19:17:53] - |D| - [1608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Bureau
[25/07/2016 18:38:57] - |ASH| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[30/10/2015 09:18:13] - |AS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[30/10/2015 09:19:28] - |AS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
[25/07/2016 19:15:35] - |D| - [4917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Internet Security
[26/07/2016 17:53:18] - |A| - [1233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[26/07/2016 17:36:05] - |A| - [1221] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[30/10/2015 09:19:28] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[25/07/2016 18:38:49] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/10/2015 09:17:57] - |AS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[30/10/2015 09:19:28] - |AS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[30/10/2015 09:18:07] - |AS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[25/07/2016 18:38:49] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[25/07/2016 18:38:49] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[25/07/2016 18:38:49] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[25/07/2016 18:38:57] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[25/07/2016 18:08:23] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies
[25/07/2016 18:03:01] - |D| - [23928840] - C:\Program Files (x86)\Common Files
[25/07/2016 18:38:56] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[25/07/2016 18:38:49] - |D| - [2154939] - C:\Program Files (x86)\Internet Explorer
[25/07/2016 19:17:33] - |D| - [28382294] - C:\Program Files (x86)\Microsoft
[25/07/2016 18:38:49] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[26/07/2016 17:36:04] - |D| - [7674231] - C:\Program Files (x86)\NCH Software
[25/07/2016 18:38:49] - |D| - [1465856] - C:\Program Files (x86)\Windows Defender
[25/07/2016 18:38:49] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail
[25/07/2016 18:38:49] - |D| - [3342927] - C:\Program Files (x86)\Windows Media Player
[25/07/2016 18:38:49] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform
[25/07/2016 18:38:49] - |D| - [7575610] - C:\Program Files (x86)\Windows NT
[25/07/2016 18:38:49] - |D| - [5484224] - C:\Program Files (x86)\Windows Photo Viewer
[25/07/2016 18:38:49] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices
[25/07/2016 18:38:49] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[25/07/2016 18:38:49] - |SD| - [2685232] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[25/07/2016 18:06:40] - |D| - [96636696] - C:\Program Files\AMD
[25/07/2016 18:09:04] - |D| - [5595872] - C:\Program Files\ATI Technologies
[25/07/2016 18:03:01] - |D| - [49125199] - C:\Program Files\Common Files
[25/07/2016 18:38:55] - |ASH| - [174] - C:\Program Files\desktop.ini
[25/07/2016 19:13:40] - |D| - [370192043] - C:\Program Files\Emsisoft Internet Security
[25/07/2016 18:17:18] - |SHD| - [49125199] - C:\Program Files\Fichiers communs
[25/07/2016 18:38:49] - |D| - [2776230] - C:\Program Files\Internet Explorer
[25/07/2016 18:07:11] - |D| - [35377120] - C:\Program Files\Realtek
[26/07/2016 16:06:39] - |D| - [23239516] - C:\Program Files\Ultracopier
[25/07/2016 18:06:57] - |HD| - [0] - C:\Program Files\Uninstall Information
[25/07/2016 18:38:49] - |D| - [11400666] - C:\Program Files\Windows Defender
[25/07/2016 18:38:49] - |D| - [8974456] - C:\Program Files\Windows Journal
[25/07/2016 18:38:49] - |D| - [6322176] - C:\Program Files\Windows Mail
[25/07/2016 18:38:49] - |D| - [5394547] - C:\Program Files\Windows Media Player
[25/07/2016 18:38:49] - |D| - [258280] - C:\Program Files\Windows Multimedia Platform
[25/07/2016 18:38:49] - |D| - [7862330] - C:\Program Files\Windows NT
[25/07/2016 18:38:49] - |D| - [6381248] - C:\Program Files\Windows Photo Viewer
[25/07/2016 18:38:49] - |D| - [258280] - C:\Program Files\Windows Portable Devices
[25/07/2016 18:38:49] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[25/07/2016 18:38:49] - |HD| - [976176145] - C:\Program Files\WindowsApps
[25/07/2016 18:38:49] - |SD| - [2856133] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[25/07/2016 18:07:51] - |D| - [337630] - C:\Program Files (x86)\Common Files\logishrd
[25/07/2016 18:38:49] - |D| - [13911825] - C:\Program Files (x86)\Common Files\Microsoft Shared
[25/07/2016 18:38:49] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[25/07/2016 18:38:49] - |D| - [9676683] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[25/07/2016 18:07:41] - |D| - [1022022] - C:\Program Files\Common files\logishrd
[25/07/2016 18:38:49] - |D| - [37594864] - C:\Program Files\Common files\microsoft shared
[25/07/2016 18:38:49] - |D| - [2702] - C:\Program Files\Common files\Services
[25/07/2016 18:38:49] - |D| - [10505611] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [25/07/2016 18:04:02] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.7EBD0B9D18A4AB6AB0477B9DCDE55262] - [26/07/2016 06:40:25] - |A| - [3656] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask         :   C:\WINDOWS\explorer.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:50] - |D| - [445854] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [26/07/2016 17:36:10] - |D| - [3638] - C:\WINDOWS\System32\Tasks\NCH Software
[MD5.CA198FEB51D3372F2CC162CBE483F74B] - [25/07/2016 18:55:29] - |A| - [4174] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BC315E3F-6CF7-4A79-921D-D94FD3B0DE61}         :   C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 18:38:51] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"TCP Query User{43DC65B3-0835-413A-9381-4FC76DB2EADE}F:\data copy tool for power2go 11 & lfs ultra finalis gift by portableapps\portableapps\utorrentportable\app\utorrent\utorrent.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=F:\data copy tool for power2go 11 & lfs ultra finalis gift by portableapps\portableapps\utorrentportable\app\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=TRUE|Defer=App|
"UDP Query User{5944382A-F643-4FAD-986C-9F37FECDFD7F}F:\data copy tool for power2go 11 & lfs ultra finalis gift by portableapps\portableapps\utorrentportable\app\utorrent\utorrent.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=F:\data copy tool for power2go 11 & lfs ultra finalis gift by portableapps\portableapps\utorrentportable\app\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=TRUE|Defer=App|
"{CC75D935-3955-4F0F-92F6-21CCC1E57B4F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{331DB3DC-20F2-4D61-A3BC-4B5F1E0F8E87}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{6D2CE1AD-9BAD-4101-B03D-DCED034BE8A4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{6CB0B55D-BB0E-4E43-91E7-CEBF7A00EC7C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{E7DBF15E-E21E-4723-B7C3-FB9837712312}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{2C9F295D-F519-440D-BC24-54B276DB2620}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{AFF829D6-85FF-491F-8D51-513D51571AC6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{6B22F8D4-A334-4263-A89F-5E1F697D950F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{DBA83165-1ECD-42D3-8B61-F9A11B623B45}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|
"{54605FC0-6FA1-40F9-B4D0-FAB559BFE865}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F8BCA6B9-2234-4ADD-A1F4-3D4C57EE34CF}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{77CE64D0-79ED-4597-86D1-3EE4E95E0151}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{28476334-7948-4893-9EAA-F758C746B38B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{513C4D58-37AD-4C06-81EB-F14393B1EFB2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{27BA2C07-ACA0-4840-B7B8-A80639734B71}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{5F10A9E6-1CA1-478F-A727-9679C92D615D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{EBC000A8-E68F-4BC1-91E3-1378965C6592}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{79E32ED1-2C51-42C7-BB7E-AAA9B57B91B8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1AC4E4EC-37D3-47F7-BEEC-B954426409C2}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{C0F1D793-7EE1-4E8D-922F-A4D4192D5456}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{4040E18C-1791-4461-9B35-46C25173D6EC}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{E5815705-9A15-4388-8D28-2789D58B4881}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{557ACDC7-ACFF-4EE8-B008-8C37AF94F66F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{89ECBC8D-68CE-4127-86F3-5EF7F9E98D37}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{11A0AE20-B6DA-4E07-9541-3EFF4200C74B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{B4E88EFF-A1A4-42EB-9D62-C2E33C9F9EC6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{0F50B54B-25EE-4F8D-814E-6E17A76570DB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{F31E1204-B550-4523-8D16-C9761F7FFF08}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{FE2F3882-0CEA-442F-87FD-34D52E1C0A47}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ|
"{BB2BB8EC-37A2-4254-86C0-5E8401FD0C85}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{958C6575-8127-4F17-AF5B-1DC477BE213C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{E591367E-FE6F-4A61-8FBF-229BEABB3EA4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{4A6F71DC-CF1D-4A8D-8109-A6208B2D4AC6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{AB4852AE-1450-414C-B61F-C19298C6EB23}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{A3752EFC-E4DC-4097-A5F5-FF170910B89E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{365DCBA3-3D7A-4B59-BC96-A7E8AC42FD13}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{CFBB90C6-89A3-4570-BADD-176AD021D191}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ|
"{EECFCC76-2180-4980-BCB2-B0B689D19559}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{F86BF903-EE18-40F0-9BBB-DEB958C7F198}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{1127636F-DF6E-4667-9441-5B79BCC2C2BA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{3BA81030-271B-4725-B1CF-212DD4E9DEAE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{2FCB34D9-F151-4932-AF33-17F7DE45964E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{1E5CA4D7-AA40-4879-97E9-20027FB0F458}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E9546BF3-27CA-44A6-A95E-B2271364E23D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D7C56B90-435F-4377-969B-7D63AA02BF79}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{204D6E5C-C67B-4491-9FE2-D4B5D6F671E0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{F5C2F573-04C2-40A9-969C-D8FAEB44E1CA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E682B820-324F-49DF-B879-0EFC2CC0EB48}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{4D1333A8-922A-4298-9C81-8622CADB51D9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{424AAE03-1DBF-4863-BDFF-9C1A4CCC655F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{DC4AC1CD-1850-49BF-98CB-95087FF14CD4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.23041.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{5D98FBEA-9C2C-41DD-83F7-1B2A6C75316F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{72621B7C-3CF5-4751-9BE5-109E72F307BF}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|
"UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list]
"C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe:*:Enabled:quickdiag_2_24.07.2016.1




---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) []  -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) []  -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) []  -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) []  -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) []  -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) []  -> @c_sslaccel.inf,%ClassName%;Security Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) []  -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) []  -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) []  -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) []  -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) []  -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) []  -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) []  -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) []  -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) []  -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) []  -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) []  -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) []  -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) []  -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) []  -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) []  -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) []  -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) []  -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) []  -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) []  -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) []  -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) []  -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) []  -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) []  -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) []  -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) []  -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) []  -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) []  -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) []  -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) []  -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) []  -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) []  -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) []  -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) []  -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) []  -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) []  -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) []  -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) []  -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) []  -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) []  -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) []  -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) []  -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) []  -> @oem7.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) []  -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) []  -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) []  -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) []  -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) []  -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) []  -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) []  -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) []  -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) []  -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) []  -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) []  -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) []  -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) []  -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) []  -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) []  -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) []  -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) []  -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) []  -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) []  -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) []  -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) []  -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) []  -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) []  -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5]  -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[25/07/2016 19:14:14] - (1.0.0.876) - (Emsisoft Ltd - Emsisoft Protection Platform Driver) - C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys
[25/07/2016 19:13:51] - (1.0.0.1227) - ( -) - C:\WINDOWS\system32\DRIVERS\fwndislwf64.sys
[30/10/2015 09:17:23] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[12/11/2015 22:50:10] - (1.1.0.0) - (Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver) - C:\WINDOWS\System32\drivers\wdcsam64.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: extendedbase - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: NetworkService - DriverEnabled: False - GroupOrder: 74 - Status: OK
Name: Early-Launch - DriverEnabled: False - GroupOrder: 75 - Status: OK
Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 76 - Status: OK
Name: LocalService - DriverEnabled: False - GroupOrder: 77 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="PNP_TDI" - Service.Name="a2AntiMalware"
LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="TDI" - Service.Name="icssvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="PlugPlay" - Service.Name="RtkAudioService"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist"
LoadOrderGroup.Name="extendedbase" - SystemDriver.Name="CompFilter64"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="epp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="fcvsc"
LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="FWNDIS_LWF"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx"
LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea"
LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6"
LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wpcfltr"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip"
LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - 3ware () -> System32\drivers\3ware.sys
R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys
R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys
S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS
S0 - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys
S0 - amdsata () -> System32\drivers\amdsata.sys
S0 - amdsbs () -> System32\drivers\amdsbs.sys
S0 - amdxata () -> System32\drivers\amdxata.sys
S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys
S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys
S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys
R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys
R0 - CNG () -> System32\Drivers\cng.sys
R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys
S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys
S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys
S0 - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys
R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys
R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys
S0 - Fs_Rec () -> (?)
R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys
S0 - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys
S0 - HpSAMD () -> System32\drivers\HpSAMD.sys
S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys
S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys
S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys
S0 - intelide () -> System32\drivers\intelide.sys
S0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys
S0 - isapnp () -> System32\drivers\isapnp.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys
S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys
S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys
S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys
S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys
S0 - megasas () -> System32\drivers\megasas.sys
S0 - megasr () -> System32\drivers\megasr.sys
R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys
R0 - msisadrv () -> System32\drivers\msisadrv.sys
R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys
S0 - mvumis () -> System32\drivers\mvumis.sys
R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys
S0 - nvraid () -> System32\drivers\nvraid.sys
S0 - nvstor () -> System32\drivers\nvstor.sys
S0 - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys
R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys
R0 - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys
S0 - pciide () -> System32\drivers\pciide.sys
S0 - pcmcia () -> System32\drivers\pcmcia.sys
R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys
R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys
S0 - percsas2i () -> System32\drivers\percsas2i.sys
S0 - percsas3i () -> System32\drivers\percsas3i.sys
R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys
S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys
S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys
S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys
R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys
S0 - stexstor () -> System32\drivers\stexstor.sys
R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys
S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys
S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys
S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys
S0 - storvsc () -> System32\drivers\storvsc.sys
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys
S0 - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys
S0 - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys
R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys
S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys
R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys
R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys
R0 - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys
S0 - vsmraid () -> System32\drivers\vsmraid.sys
S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys
S0 - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys
R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys
R0 - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys
R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys
R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys
R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys
R0 - Wof (Windows Overlay File System Filter Driver) -> (?)
R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys
R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys
R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys
R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys
R1 - Beep (Beep) -> (?)
R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys
S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys
R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys
R1 - epp (epp) -> \??\C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys
R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys
R1 - FWNDIS_LWF (@oem9.inf,%NdisLwFlt_Desc%;Emsisoft NDIS packet filter) -> \SystemRoot\system32\DRIVERS\fwndislwf64.sys
S1 - fwwfp (Emsisoft Firewall WFP Filter) -> \??\C:\Program Files\Emsisoft Internet Security\fwwfp764.sys
R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys
R1 - Msfs () -> (?)
R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys
R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys
R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys
R1 - Npfs () -> (?)
R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys
R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys
R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys
R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys
R2 - a2AntiMalware (Emsisoft Protection Service) -> "C:\Program Files\Emsisoft Internet Security\a2service.exe"
S2 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe
S2 - AMD FUEL Service (AMD FUEL Service) -> "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
S2 - BingDesktopUpdate (Bing Desktop Update service) -> "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe"
R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
S2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys
R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys
S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys
R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys
R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R2 - OneSyncSvc_35c2e (Hôte de synchronisation_35c2e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS
R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys
S2 - RtkAudioService (Realtek Audio Service) -> C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe
R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WinDefend (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310) -> "%ProgramFiles%\Windows Defender\MsMpEng.exe"
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding
S3 - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys
S3 - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys
S3 - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys
S3 - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys
S3 - AJRouter (@%SystemRoot%\system32\AJRouter.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) -> %SystemRoot%\System32\alg.exe
S3 - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys
R3 - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys
R3 - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys
R3 - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys
S3 - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys
S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - AppReadiness (@%SystemRoot%\System32\AppReadiness.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k AppReadiness
S3 - AppXSvc (@%SystemRoot%\system32\appxdeploymentserver.dll,-1) -> %systemroot%\system32\svchost.exe -k wsappx
S3 - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys
S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) -> %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
S3 - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys
S3 - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys
S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys
R3 - Browser (@%systemroot%\system32\browser.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys
S3 - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys
S3 - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys
S3 - BthHFSrv (@%SystemRoot%\System32\BthHFSrv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys
S3 - bthserv (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys
S3 - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys
S3 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys
S3 - ClipSVC (@%SystemRoot%\system32\ClipSVC.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx
S3 - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys
S3 - CompFilter64 (UVCCompositeFilter) -> \SystemRoot\System32\drivers\lvbflt64.sys
R3 - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
S3 - COMSysApp (@comres.dll,-947) -> %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R3 - condrv (Console Driver) -> System32\drivers\condrv.sys
S3 - DcpSvc (@%SystemRoot%\system32\dcpsvc.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k defragsvc
S3 - DeviceInstall (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - DevQueryBroker (@%SystemRoot%\system32\DevQueryBroker.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - diagnosticshub.standardcollector.service (@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000) -> %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
S3 - DmEnrollmentSvc (@%systemroot%\system32\Windows.Internal.Management.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys
S3 - dmwappushservice (@%SystemRoot%\system32\dmwappushsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\System32\drivers\drmkaud.sys
S3 - DsmSvc (@%SystemRoot%\system32\DeviceSetupManager.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - DsSvc (@%SystemRoot%\system32\dssvc.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys
S3 - Eaphost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe
S3 - embeddedmode (@%SystemRoot%\system32\embeddedmodesvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - EntAppSvc (@EnterpriseAppMgmtSvc.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
S3 - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys
S3 - exfat (exFAT File System Driver) -> (?)
R3 - fastfat (FAT12/16/32 File System Driver) -> (?)
S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) -> %systemroot%\system32\fxssvc.exe
S3 - fcvsc () -> \SystemRoot\System32\drivers\fcvsc.sys
S3 - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys
R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - fhsvc (@%systemroot%\system32\fhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys
S3 - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys
S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys
S3 - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys
S3 - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys
S3 - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys
R3 - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys
S3 - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys
S3 - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys
S3 - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys
S3 - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys
S3 - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys
R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys
S3 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys
S3 - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys
S3 - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys
S3 - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys
S3 - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
S3 - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
S3 - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
S3 - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys
S3 - icssvc (@%SystemRoot%\System32\tetheringservice.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - IEEtwCollectorService (@%SystemRoot%\system32\ieetwcollectorres.dll,-1000) -> %SystemRoot%\system32\IEEtwCollector.exe /V
R3 - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys
S3 - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys
S3 - IoQos (@%SystemRoot%\system32\drivers\ioqos.sys,-100) -> system32\drivers\ioqos.sys
S3 - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys
S3 - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys
S3 - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys
S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys
S3 - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys
R3 - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys
R3 - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys
R3 - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys
R3 - KeyIso (@keyiso.dll,-100) -> %SystemRoot%\system32\lsass.exe
R3 - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys
S3 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
R3 - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys
R3 - lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - LicenseManager (@%SystemRoot%\system32\licensemanagersvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalService
R3 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R3 - LVRS64 (@oem6.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys
R3 - LVUVC64 (@oem5.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys
S3 - MessagingService (@%SystemRoot%\system32\MessagingService.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - MessagingService_35c2e (MessagingService_35c2e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys
S3 - Modem () -> system32\drivers\modem.sys
R3 - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys
R3 - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys
R3 - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys
R3 - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys
S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys
S3 - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys
S3 - MSDTC (@comres.dll,-2797) -> %SystemRoot%\System32\msdtc.exe
S3 - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys
S3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys
S3 - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys
S3 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V
S3 - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys
S3 - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys
S3 - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys
S3 - MsRPC () -> (?)
S3 - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys
S3 - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys
S3 - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys
S3 - NcaSvc (@%SystemRoot%\system32\ncasvc.dll,-3009) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R3 - NcbService (@%SystemRoot%\system32\ncbservice.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - NcdAutoSetup (@%SystemRoot%\system32\NcdAutoSetup.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
S3 - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys
S3 - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys
S3 - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys
S3 - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> System32\DRIVERS\ndistapi.sys
S3 - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys
R3 - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys
S3 - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys
S3 - ndiswanlegacy (@%systemroot%\system32\rascfg.dll,-32014) -> System32\DRIVERS\ndiswan.sys
S3 - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys
S3 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe
S3 - Netman (@%SystemRoot%\system32\netman.dll,-109) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - NetSetupSvc (@%SystemRoot%\system32\NetSetupSvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - NgcCtnrSvc (@%SystemRoot%\System32\NgcCtnrSvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - NgcSvc (@%SystemRoot%\System32\ngcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - NTFS () -> (?)
S3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys
S3 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) -> %SystemRoot%\SysWow64\perfhost.exe
S3 - PhoneSvc (@%SystemRoot%\system32\PhoneserviceRes.dll,-10000) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - PimIndexMaintenanceSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-15001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - PimIndexMaintenanceSvc_35c2e (Données de contacts_35c2e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - pla (@%systemroot%\system32\pla.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R3 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-200) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
S3 - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys
S3 - PrintNotify (@C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll,-1) -> %SystemRoot%\system32\svchost.exe -k print
S3 - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys
S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) -> %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys
S3 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
S3 - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys
S3 - RasAuto (@%Systemroot%\system32\rasauto.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys
S3 - RasMan (@%Systemroot%\system32\rasmans.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> System32\DRIVERS\raspppoe.sys
S3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys
R3 - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys
S3 - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys
S3 - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys
S3 - ReFSv1 () -> (?)
S3 - RetailDemo (@%SystemRoot%\System32\RDXService.dll,-256) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) -> %SystemRoot%\system32\locator.exe
S3 - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys
S3 - ScDeviceEnum (@%SystemRoot%\System32\ScDeviceEnum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys
S3 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys
S3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) -> %SystemRoot%\system32\svchost.exe -k SDRSVC
S3 - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys
R3 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs
S3 - SensorDataService (@%SystemRoot%\system32\SensorDataService.exe,-101) -> %SystemRoot%\System32\SensorDataService.exe
S3 - SensorService (@%SystemRoot%\System32\sensorservice.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys
S3 - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys
S3 - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys
S3 - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys
S3 - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys
S3 - SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys
S3 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - smphost (@%SystemRoot%\System32\smphost.dll,-102) -> %SystemRoot%\System32\svchost.exe -k smphost
S3 - SmsRouter (@%SystemRoot%\System32\SmsRouterSvc.dll,-10001) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) -> %SystemRoot%\System32\snmptrap.exe
S3 - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys
R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys
R3 - srvnet () -> System32\DRIVERS\srvnet.sys
R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - StateRepository (@%SystemRoot%\system32\windows.staterepository.dll,-1) -> %SystemRoot%\system32\svchost.exe -k appmodel
S3 - StorSvc (@%SystemRoot%\System32\StorSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - svsvc (@%SystemRoot%\system32\svsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys
S3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k swprv
S3 - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys
S3 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys
S3 - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys
S3 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - TieringEngineService (@%SystemRoot%\system32\TieringEngineService.exe,-702) -> %SystemRoot%\system32\TieringEngineService.exe
R3 - TimeBroker (@%windir%\system32\TimeBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys
S3 - TrustedInstaller (@%SystemRoot%\servicing\TrustedInstaller.exe,-100) -> %SystemRoot%\servicing\TrustedInstaller.exe
S3 - TsUsbFlt () -> system32\drivers\tsusbflt.sys
S3 - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys
R3 - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys
S3 - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys
S3 - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys
S3 - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys
S3 - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys
S3 - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys
S3 - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys
S3 - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys
S3 - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys
S3 - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys
S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) -> %SystemRoot%\system32\UI0Detect.exe
R3 - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys
R3 - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys
S3 - UmRdpService (@%SystemRoot%\system32\umrdp.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - UnistoreSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup
R3 - UnistoreSvc_35c2e (Stockage des données utilisateur_35c2e) -> C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
S3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys
S3 - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys
S3 - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys
R3 - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;Pilote USB audio (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys
R3 - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Pilote parent générique USB Microsoft) -> \SystemRoot\System32\drivers\usbccgp.sys
S3 - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys
R3 - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys
R3 - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys
S3 - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys
R3 - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys
S3 - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys
S3 - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys
R3 - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS
S3 - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys
S3 - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS
S3 - UserDataSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-14001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - UserDataSvc_35c2e (Accès aux données utilisateur_35c2e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
S3 - UsoSvc (@%systemroot%\system32\usocore.dll,-102) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) -> %SystemRoot%\system32\lsass.exe
S3 - vds (@%SystemRoot%\system32\vds.exe,-100) -> %SystemRoot%\System32\vds.exe
S3 - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys
S3 - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys
S3 - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys
S3 - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys
S3 - vmicguestinterface (@%systemroot%\system32\icsvc.dll,-801) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicheartbeat (@%systemroot%\system32\icsvc.dll,-101) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmickvpexchange (@%systemroot%\system32\icsvc.dll,-201) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicrdv (@%systemroot%\system32\icsvc.dll,-601) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmicshutdown (@%systemroot%\system32\icsvc.dll,-301) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmictimesync (@%systemroot%\system32\icsvc.dll,-401) -> %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - vmicvmsession (@%systemroot%\system32\icsvc.dll,-901) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicvss (@%systemroot%\system32\icsvc.dll,-501) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys
S3 - VSS (@%systemroot%\system32\vssvc.exe,-102) -> %systemroot%\system32\vssvc.exe
S3 - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys
S3 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys
S3 - WalletService (@%SystemRoot%\System32\WalletService.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k appmodel
S3 - wanarp (@%systemroot%\system32\rascfg.dll,-32011) -> System32\DRIVERS\wanarp.sys
S3 - wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> System32\DRIVERS\wanarp.sys
S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) -> "%systemroot%\system32\wbengine.exe"
S3 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - WcsPlugInService (@%SystemRoot%\system32\WcsPlugInService.dll,-200) -> %SystemRoot%\system32\svchost.exe -k wcssvc
R3 - WDC_SAM (@oem7.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys
R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys
R3 - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys
R3 - WdNisSvc (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320) -> "%ProgramFiles%\Windows Defender\NisSrv.exe"
S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k NetworkService
S3 - WEPHOSTSVC (@%systemroot%\system32\wephostsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k WepHostSvcGroup
S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
S3 - WiaRpc (@%SystemRoot%\system32\wiarpc.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WIMMount (WIMMount) -> system32\drivers\wimmount.sys
R3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys
S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS
S3 - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys
S3 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - wlidsvc (@%SystemRoot%\system32\wlidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys
S3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) -> %systemroot%\system32\wbem\WmiApSrv.exe
S3 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
S3 - workfolderssvc (@%systemroot%\system32\workfolderssvc.dll,-102) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - wpcfltr (Family Safety Filter Driver) -> system32\DRIVERS\wpcfltr.sys
S3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys
S3 - WpnService (@%SystemRoot%\system32\wpnservice.dll,-1) -> %systemroot%\system32\svchost.exe -k wswpnservice
S3 - WSService (@%SystemRoot%\system32\WSService.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx
R3 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys
R3 - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> system32\drivers\WudfRd.sys
S3 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
S3 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
S3 - XblAuthManager (@%systemroot%\system32\XblAuthManager.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - XblGameSave (@%systemroot%\system32\XblGameSave.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys
S3 - XboxNetApiSvc (@%systemroot%\system32\XboxNetApiSvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys
R4 - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys
S4 - CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S4 - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys
S4 - NetTcpPortSharing (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - RemoteRegistry (@regsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k localService
S4 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S4 - tzautoupdate (@%SystemRoot%\system32\tzautoupdate.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S4 - udfs (udfs) -> system32\DRIVERS\udfs.sys
S4 - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys

---------- | System files (Microsoft Files whitelisted)

[MD5.2C5B3035B86770ADD2FE9BFBAF5B35A4] - [30/10/2015 09:17:22] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys
[MD5.F7D0CD345D2DA42E7042ABCD73662403] - [30/10/2015 09:17:22] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys
[MD5.5B30BCFE6E02E45D3EE268FF001BC5E0] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys
[MD5.F20B30F35A5C7888441B4DCA001ECF8E] - [30/10/2015 09:17:22] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys
[MD5.AFE838D7576C581D6483529621AB10CC] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys
[MD5.E3FE8F610B1CC12BC3B2E6BC43DC97E2] - [30/10/2015 09:17:22] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys
[MD5.D1F059A530620DCF71303B525D52CA97] - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [21141.48 Ko] - (8.1.1.1500) - C:\WINDOWS\System32\Drivers\atikmdag.sys
[MD5.AD96CC96B6A0CEE8910A13679426C970] - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [658.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\Drivers\atikmpag.sys
[MD5.3F5523DCEFE42B385659C5CB46A6B810] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys
[MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys
[MD5.6447BA6FA709514B6C803D159B4C7D1E] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\WINDOWS\System32\Drivers\bxvbda.sys
[MD5.491275B864B704B54EC08168344E0F38] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2014-2015 QLogic Corporation - QLogic 10 GigE VBD.) - [3356.34 Ko] - (7.12.2.3) - C:\WINDOWS\System32\Drivers\evbda.sys
[MD5.1480F5E5EB49487F8B040F4340561928] - [25/07/2016 19:13:51] - (.-.) - [199.89 Ko] - (1.0.0.1227) - C:\WINDOWS\System32\Drivers\fwndislwf64.sys
[MD5.FF442DCDCE1F6E9FAA9C8AD0CD1D199B] - [30/10/2015 09:17:22] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys
[MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [30/10/2015 09:17:18] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys
[MD5.59A20F5AD9F4AE54098154359519408E] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [162 Ko] - (30.63.1519.7) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys
[MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.EB82A11613326691508D9ED9A4FE29E7] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys
[MD5.6B0029A0253098CCE28EACCFDB9E7208] - [30/10/2015 09:17:22] - (.Copyright (C), Intel Corporation.  - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys
[MD5.9652E1E35A92D8C75710C17A63B15796] - [30/10/2015 09:17:22] - (.Copyright(C) Intel Corporation 1994-2008  - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys
[MD5.FFADF691F7BF727AF5C863454A372723] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [414.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ibbus.sys
[MD5.4E444F41E69BBE2E0BAE34D5DFCB5732] - [30/10/2015 09:17:23] - (.2001-2012 Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller.) - [118.5 Ko] - (2.1.0.16) - C:\WINDOWS\System32\Drivers\L1C63x64.sys
[MD5.961F28D879D345BFA50AF51285C90F2E] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys
[MD5.6BFB8D1B3407518BE06B6F81F92FA0F5] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [102.34 Ko] - (2.0.76.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys
[MD5.BE0E47988D78F731DEC2C0CB03E765CB] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [96.84 Ko] - (2.50.96.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys
[MD5.F99BF02BE9219986817BF094981EEB18] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys
[MD5.81F2B52C47B8AD32CC4FF967FC8D73DA] - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech USB Video Class Filter Driver.) - [26.16 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvbflt64.sys
[MD5.A0A527569856B9814E8920F52EBB67F5] - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Kernel Audio Improvement Filter Driver.) - [343.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvrs64.sys
[MD5.415E344294D1C0D04627B29146F68481] - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech USB Video Class Driver.) - [4646.66 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvuvc64.sys
[MD5.2ED29B635F35E31A1C0D3DDB7DD2AD03] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys
[MD5.22E3CB85870879CBAE13C5095A8B12E3] - [30/10/2015 09:17:23] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys
[MD5.D41920FBFFF2BBCBBC69A5B383AD022E] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [688.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys
[MD5.218705233D02776AE4D19CC37D985C1B] - [30/10/2015 09:17:23] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys
[MD5.B57CE307DA101C739885B7CC0678077F] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [74.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys
[MD5.604D27CC38CC23493F218D0BB834B3FF] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys
[MD5.8B50D897657AB4A15FD9E251BBF7D107] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys
[MD5.1398A85E59698067CBBE1D66A9C13ADF] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2014 - MEGASAS RAID Controller Driver for Windows.) - [56.84 Ko] - (6.803.21.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys
[MD5.35F7C7AD709D909D618D9EDF987FC3ED] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.602.12.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys
[MD5.E9740A3BC0AE6EA035FF7ECE3A1B27B6] - [01/08/2013 14:12:34] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3480.84 Ko] - (6.0.1.7004) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys
[MD5.ABBE803FE0BDAE0E5BE74DDEFBE62F23] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys
[MD5.6043DF55CFE3C7ACF477645FA64DEA98] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys
[MD5.CCDA497C880AD16D87EDFAEFCFB2EDF5] - [30/10/2015 09:17:23] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys
[MD5.D48ED0A08BD2FD25A833E6AC99623091] - [30/10/2015 09:17:23] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys
[MD5.6990D4AFDF545669D4E6C232F26DE1FB] - [30/10/2015 09:17:23] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS
[MD5.A556768CC1FA4F36022BEE2F0EDE2566] - [12/11/2015 22:50:10] - (.© 2006-2015 Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver.) - [26.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\Drivers\wdcsam64.sys
[MD5.4A53441C1C4D2878BEF27E381138BB2D] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [26.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winmad.sys
[MD5.40A3E8D729F458B2C9A8BD9380FF83D5] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [57.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winverbs.sys

---------- | Uninstall

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1] : (Emsisoft Internet Security.-.Emsisoft Ltd.) -> "C:\Program Files\Emsisoft Internet Security\unins000.exe"
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ExpressBurn] : (Express Burn.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ExpressZip] : (Express Zip.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ultracopier] : (Ultracopier 1.2.3.2.-.Ultracopier) -> C:\Program Files\Ultracopier\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix.-.El Desaparecido - www.usb-antivirus.com - www.sosvirus.net) -> C:\UsbFix\Un-UsbFix.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WUCCCApp] : (AMD Catalyst Control Center.-.AMD) -> "C:\AMD\WU-CCC2\ccc2_install\WULaunchApp.exe" -uninstall
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 

---------- | Ports 


---------- | Microsoft Specifications


---------- | CLSID


---------- | Listing No Microsoft signed files | system32 (Not necessary Malwares)

[MD5.C65F3DD5C512B0E73984DB406B5512F7] - |D| - [30/10/2015 09:17:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@edptoastimage.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |D| - [30/10/2015 09:18:12] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@language_notification_icon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |D| - [30/10/2015 09:18:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@optionalfeatures.png
[MD5.9971B035154F5C54948B73A86D6C6874] - |D| - [30/10/2015 09:18:14] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@TileEmpty1x1Image.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |D| - [30/10/2015 09:17:39] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@WiFiNotificationIcon.png
[MD5.4B10D8998C824DD84AD597F9E058F6F0] - |D| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amde31a.dat
[MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |D| - [21/10/2015 02:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdgfxinfo64.dll
[MD5.AF1928F5E15921A29877C2E18626F80E] - |D| - [21/10/2015 02:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdhdl64.dll
[MD5.DDEB20626133878B0CE79CCE29B031B9] - |D| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdicdxx.dat
[MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |D| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\WINDOWS\system32\amdlvr64.dll
[MD5.C366C5A2EE8F1F586691E4511AB56040] - |D| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\system32\amdmantle64.dll
[MD5.3960C946E67311C9831550AEDC649C3A] - |D| - [21/10/2015 02:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdmiracast.dll
[MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |D| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\system32\amdmmcl6.dll
[MD5.7BA9A6BBF176D945D7B201865897E158] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\WINDOWS\system32\amdocl12cl64.dll
[MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\system32\amdocl64.dll
[MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |D| - [21/10/2015 02:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdocl_as64.exe
[MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |D| - [21/10/2015 02:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdocl_ld64.exe
[MD5.2B79CD2445F85D54959702583ECBCC04] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\system32\amdpcom64.dll
[MD5.926C753C058B5E589CF38AAC72166702] - |D| - [30/10/2015 09:17:41] - (.-.) - [404.84 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ApnDatabase.xml
[MD5.9B034D049D1C6EC9BED55D2F27D86ED9] - |D| - [25/07/2016 11:39:40] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\system32\AppxProvisioning.xml
[MD5.28DF09388444100467873AC906FD6CB2] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\system32\atiadlxx.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |D| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiapfxx.blb
[MD5.CC2470CA903EA355A24F05520D79BDB8] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\system32\atiapfxx.exe
[MD5.279066332FA267076E3BEE81C4297F87] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticalcl64.dll
[MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticaldd64.dll
[MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticalrt64.dll
[MD5.BE92AD0155D4A23D0073AF51BE808B29] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\system32\aticfx64.dll
[MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |D| - [21/10/2015 02:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\WINDOWS\system32\atidemgy.dll
[MD5.8700278344BED8D4A3A5AC2875359584] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\system32\atidxx64.dll
[MD5.69F82C40A189962A65F6D5A02DF8599F] - |D| - [21/10/2015 02:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atieah64.exe
[MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\system32\atieclxx.exe
[MD5.521248FA26458669BAAE6AB7DB21F3AC] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\system32\atiesrxx.exe
[MD5.E4F96DFF0501430BF7C6E90841A7282D] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atig6pxx.dll
[MD5.86F2AE002AF9222F34937823B98753C2] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atig6txx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |D| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiicdxx.dat
[MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\system32\atimpc64.dll
[MD5.C84C24F13663EF5A59C1E598A350C8C3] - |D| - [21/10/2015 02:14:46] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\system32\atimuixx.dll
[MD5.7D9CCB5DD8837D6AC954956A5812112C] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\WINDOWS\system32\atio6axx.dll
[MD5.0E89795F721B2BC02D0A12C470750DF6] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\system32\ATIODCLI.exe
[MD5.C7A506822BE45CD42415710979CDAE7F] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\system32\ATIODE.exe
[MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |D| - [21/10/2015 02:14:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\system32\atitmm64.dll
[MD5.067CED045532C58B46E6527BCE3CB47F] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiu9p64.dll
[MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\system32\atiumd64.dll
[MD5.486D6985E7B7826DBBEAE12755851027] - |D| - [22/08/2015 01:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiumd6a.cap
[MD5.0A9CA09952D768F768D2903F984102DC] - |D| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\system32\atiumd6a.dll
[MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiuxp64.dll
[MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |D| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativce02.dat
[MD5.B974290EEE645249EE212FF62DD0824A] - |D| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativce03.dat
[MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |D| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cik.dat
[MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |D| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cik_nd.dat
[MD5.0770A5AB5218E6D3134A7A7239B9A216] - |D| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cz_nd.dat
[MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |D| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_FJ.dat
[MD5.7EE8F6853798F7A900DB15F3054A0277] - |D| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
[MD5.11355CAC5334C8999211C09CAAE194EF] - |D| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_vi.dat
[MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |D| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |D| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |D| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvsvl.dat
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |D| - [25/07/2016 18:39:04] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\system32\AutoWorkplace.exe.config
[MD5.22D9945B4AAE36DD59620A918F2E65F4] - |D| - [30/10/2015 09:17:46] - (.-.) - [3096 Ko] - (0.0.0.0) - C:\WINDOWS\system32\boot.sdi
[MD5.405E1EF8E3C88E9BCD2853382BB12430] - |D| - [30/10/2015 09:19:28] - (.-.) - [22.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\bopomofo.uce
[MD5.6EC6A5D8C388FCE5792805DC8C736E87] - |D| - [30/10/2015 09:17:40] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [92 Ko] - (1.0.0.1) - C:\WINDOWS\system32\BthpanContextHandler.dll
[MD5.6E5DAEBB08D93B3630F2DA9B4FACC05B] - |D| - [30/10/2015 09:18:10] - (.Copyright (C) 2008 - Application ContextH.) - [54 Ko] - (1.0.0.1) - C:\WINDOWS\system32\BWContextHandler.dll
[MD5.CCEAEFAA4DF2F399E9A179D942FEB23C] - |D| - [30/10/2015 09:18:01] - (.-.) - [163.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\chs_singlechar_pinyin.dat
[MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |D| - [21/10/2015 02:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\clinfo.exe
[MD5.A0E91D21C945781D03EA0BA1C95F821E] - |D| - [21/10/2015 02:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\system32\coinst_15.20.dll
[MD5.A797EED94B22B29D3974CB20B66BE6C6] - |D| - [01/08/2013 14:12:30] - (.2012 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [108 Ko] - (1.0.0.2) - C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
[MD5.B2241C7E71A7CA5B4CE86FB28FA97373] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-appcmd.searchconnector-ms
[MD5.2B405BCB2A2BDEC47D35D0A921E5B10B] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-contacts.searchconnector-ms
[MD5.8A063B4755E352DD772D43D5E8123BBB] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-history.searchconnector-ms
[MD5.A727FC8376E18F7506A6BB6BC389E602] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-music.searchconnector-ms
[MD5.80CC9D3D6A70AAA255C0FEDB4C7BB692] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-paths.searchconnector-ms
[MD5.1420FE34B31CBD3B81011E03ACAD94F2] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-protocol.searchconnector-ms
[MD5.E7B53AF004BEE5112F787A6E5B04D737] - |D| - [30/10/2015 09:18:06] - (.-.) - [10.85 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
[MD5.ACB02726235DF588BF8D5A4FF54379DF] - |D| - [30/10/2015 09:18:06] - (.-.) - [7.6 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-suggestions.searchconnector-ms
[MD5.0E3D116A4DC1D2ABDD0692C6173E09E6] - |D| - [30/10/2015 09:18:06] - (.-.) - [6.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\connectedsearch-zeroinput.searchconnector-ms
[MD5.A71D446195E2B8090621C884D5DC3532] - |D| - [25/07/2016 11:37:14] - (.-.) - [2594.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\CoreUIComponents.dll
[MD5.306B90493D00011EB635E161C6C024B8] - |D| - [30/10/2015 09:17:57] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |D| - [25/07/2016 18:39:05] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DefaultQuestions.json
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |D| - [26/10/2012 16:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\system32\DevManagerCore.dll
[MD5.F938469DAF278EE42E32CE2ED5400172] - |D| - [30/10/2015 09:17:46] - (.-.) - [90.05 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DiskSnapshot.conf
[MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - |D| - [25/07/2016 18:39:05] - (.-.) - [210.88 Ko] - (0.0.0.0) - C:\WINDOWS\system32\dssec.dat
[MD5.30B4EC182373056C7AE758B72B83E8D5] - |D| - [30/10/2015 09:17:52] - (.-.) - [166.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\EditionUpgradeHelper.dll
[MD5.33D9CB37446952603C170F80B2C897BB] - |D| - [30/10/2015 09:17:52] - (.-.) - [28 Ko] - (0.0.0.0) - C:\WINDOWS\system32\efsext.dll
[MD5.93E76CF7B04EC33A1E9E0FD7546D3603] - |D| - [30/10/2015 09:17:45] - (.-.) - [17.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\EventViewer_EventDetails.xsl
[MD5.2EE93E4D4AA57ED4793C7F0B3404799E] - |D| - [26/07/2016 15:26:39] - (.-.) - [189.68 Ko] - (0.0.0.0) - C:\WINDOWS\system32\FNTCACHE.DAT
[MD5.7EB29DBB6CB2CACD1C7027B8E050DED8] - |D| - [30/10/2015 09:18:09] - (.-.) - [24.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\GamePanelExternalHook.dll
[MD5.0FEE8DB559981D7F06E26042ECD8D671] - |D| - [30/10/2015 09:17:39] - (.-.) - [73.87 Ko] - (0.0.0.0) - C:\WINDOWS\system32\gatherNetworkInfo.vbs
[MD5.4FDED87068052EEB9B72A97FDBC141DB] - |D| - [30/10/2015 09:19:28] - (.-.) - [23.44 Ko] - (0.0.0.0) - C:\WINDOWS\system32\gb2312.uce
[MD5.E635EEC491CBD436095B4300C3E9C4C9] - |D| - [30/10/2015 09:17:57] - (.-.) - [340.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\HrtfApo.dll
[MD5.77071BF934BEF16D5F02E31624258A91] - |D| - [21/10/2015 02:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\hsa-thunk64.dll
[MD5.ECD81B99477AB4A93D7838EB40B870D0] - |D| - [25/07/2016 18:39:06] - (.-.) - [8.59 Ko] - (0.0.0.0) - C:\WINDOWS\system32\icrav03.rat
[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - |D| - [30/10/2015 09:19:28] - (.-.) - [59.04 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ideograf.uce
[MD5.6B31D08801D3A3F51B59FB1DB14E4A01] - |D| - [30/10/2015 09:18:41] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ieuinit.inf
[MD5.652C6CF73BE7AD53D8EECB92D37F3EDE] - |D| - [30/10/2015 09:18:01] - (.-.) - [181.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ism32k.dll
[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - |D| - [30/10/2015 09:19:28] - (.-.) - [6.79 Ko] - (0.0.0.0) - C:\WINDOWS\system32\kanji_1.uce
[MD5.529BBD63519BBD654EF328454019693F] - |D| - [30/10/2015 09:19:28] - (.-.) - [8.29 Ko] - (0.0.0.0) - C:\WINDOWS\system32\kanji_2.uce
[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - |D| - [30/10/2015 09:19:28] - (.-.) - [12.57 Ko] - (0.0.0.0) - C:\WINDOWS\system32\korean.uce
[MD5.251C002837808A2F421A73CB9F8E2239] - |D| - [30/10/2015 09:17:36] - (.Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS - MPEG Layer-3 Audio Codec for MSACM.) - [85 Ko] - (1.9.0.401) - C:\WINDOWS\system32\l3codeca.acm
[MD5.9C0B73FE241261A8C447407DDA4EC7F3] - |D| - [30/10/2015 09:17:36] - (.Copyright © 2004 Fraunhofer IIS - MPEG Audio Layer-3 Codec for MSACM.) - [180 Ko] - (3.4.0.0) - C:\WINDOWS\system32\l3codecp.acm
[MD5.050BC9351A3386458B696F8BCA78B27B] - |D| - [30/10/2015 09:17:57] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\LargeRoom.bin
[MD5.531FE5A2634D87A078017259F21D9736] - |D| - [30/10/2015 09:18:19] - (.-.) - [206.97 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lcphrase.tbl
[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - |D| - [30/10/2015 09:18:19] - (.-.) - [23.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lcptr.tbl
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - |D| - [25/07/2016 19:01:04] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\WINDOWS\system32\license.rtf
[MD5.B65E8E52916A527F88486875EE291AA8] - |D| - [26/10/2012 16:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\system32\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |D| - [26/10/2012 16:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\system32\LogiDPPApp.exe
[MD5.4D4248F6D008D86D5575EE5B154971AE] - |D| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\system32\lvco1380853.dll
[MD5.FF510CF2A7FA73192E7DB06D7C311799] - |D| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech.  - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\system32\lvcod64.dll
[MD5.1A8AE8A66B6C289046276453768EF270] - |D| - [26/10/2012 16:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lvcoin64.ini
[MD5.0D0B7EF3E52F5F39BC6A4A882BF7A2F4] - |D| - [25/07/2016 18:07:42] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lvcoinst.log
[MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |D| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech.  - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\system32\LVUI64.dll
[MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |D| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\system32\LVUIRC64.dll
[MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\system32\mantle64.dll
[MD5.EA33454E28EE1F3CA432DA87203DA24F] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\system32\mantleaxl64.dll
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |D| - [30/10/2015 09:17:57] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\MediumRoom.bin
[MD5.ED434A3EBE29070A7E0138C42482EB93] - |D| - [30/10/2015 09:18:14] - (.-.) - [657.31 Ko] - (0.0.0.0) - C:\WINDOWS\system32\mlang.dat
[MD5.AB416599057FFDC84E28BBB6DA69EADC] - |D| - [25/07/2016 11:43:58] - (.-.) - [229.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\MTF.dll
[MD5.72534830694CCABA9A5CBA33F9771C63] - |D| - [25/07/2016 11:43:59] - (.-.) - [254.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\MTFServer.dll
[MD5.86166DAA04A6C154826508304CC6D4AC] - |D| - [30/10/2015 09:17:40] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NdfEventView.xml
[MD5.C146E873B22C3B300B21A859FE66C27A] - |D| - [30/10/2015 09:17:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NetTrace.PLA.Diagnostics.xml
[MD5.79BD0E63A9E54ED8AFFD19F43B5B83F2] - |D| - [25/07/2016 11:39:42] - (.Copyright (C) Nokia 2013 - master branch.) - [258 Ko] - (8.1.0.65535) - C:\WINDOWS\system32\NmaDirect.dll
[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - |D| - [25/07/2016 18:39:07] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NOISE.DAT
[MD5.5D27362AF3BCAA75A418F5416A35934E] - |D| - [30/10/2015 09:17:55] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\WINDOWS\system32\odbcconf.rsp
[MD5.DE4FA2E0FBF5D7CAF54977DE21949EC2] - |D| - [25/07/2016 18:39:07] - (.-.) - [15.33 Ko] - (0.0.0.0) - C:\WINDOWS\system32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\system32\onlinesetup.cmd
[MD5.F192E1998A5F6826BE6955F6EAE7CDA1] - |D| - [21/10/2015 02:14:42] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [71.98 Ko] - (2.0.4.0) - C:\WINDOWS\system32\OpenCL.dll
[MD5.42D2360079B1DF3230024AE920737367] - |D| - [30/10/2015 09:17:57] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\system32\OutdoorAudioEnvironment.bin
[MD5.66D58077CC739E4B8166E33AB0BA4639] - |D| - [30/10/2015 09:18:09] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\pcl.sep
[MD5.D4098EBBED6B5F27CECEE7BAE59AF434] - |D| - [25/07/2016 18:43:33] - (.-.) - [127.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfc009.dat
[MD5.51E5C851B06265B6A7FE78B6B18343FA] - |D| - [25/07/2016 18:50:07] - (.-.) - [144.31 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfc00C.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |D| - [25/07/2016 18:43:33] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |D| - [25/07/2016 18:50:07] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfd00C.dat
[MD5.9E4490CF02EFB89AC7C36D144083F890] - |D| - [25/07/2016 18:43:33] - (.-.) - [682.62 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfh009.dat
[MD5.B55A524733D85D8E54A44260829A01B9] - |D| - [25/07/2016 18:50:07] - (.-.) - [769.37 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfh00C.dat
[MD5.E6463EDEC3A5771E48128131057DBFAC] - |D| - [25/07/2016 18:22:02] - (.-.) - [1717.64 Ko] - (0.0.0.0) - C:\WINDOWS\system32\PerfStringBackup.INI
[MD5.C09741B9886EF0D15EC3B1443352FB62] - |D| - [30/10/2015 09:18:09] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\system32\pscript.sep
[MD5.007893E8374C766471239EB291BA8C17] - |D| - [30/10/2015 09:17:45] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\system32\psmodulediscoveryprovider.mof
[MD5.3A77C18665A4C8428768CE186A5BC1EF] - |D| - [30/10/2015 09:17:39] - (.-.) - [1.78 Ko] - (0.0.0.0) - C:\WINDOWS\system32\rasctrnm.h
[MD5.C6CA43573C21CA6392F57F238C8391FC] - |D| - [26/10/2012 16:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\Repository.reg
[MD5.226BBC4490EA49B69B407742A85A2D92] - |D| - [30/10/2015 09:19:26] - (.-.) - [8.72 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ResPriHMImageList
[MD5.7153DD25B2D727B7281780A3DF33C877] - |D| - [30/10/2015 09:19:26] - (.-.) - [8.16 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ResPriImageList
[MD5.43E7D0AB6A8564F5BF375FBF0934FAD1] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\system32\RestartManager.mof
[MD5.3F75A221A01F68D6CE67FE99A868BD8F] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\system32\RestartManagerUninstall.mof
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |D| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\system32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |D| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\system32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |D| - [30/10/2015 09:19:26] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ScavengeSpace.xml
[MD5.00E5FCFD833151F7CBDE607E2F7AFEB4] - |D| - [30/10/2015 09:19:28] - (.-.) - [5.66 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance.png
[MD5.5719BFC9CFDA7A9C059A71A47A0E6383] - |D| - [30/10/2015 09:19:28] - (.-.) - [2.56 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance_Alert.png
[MD5.099BA37F81C044F6B2609537FDB7D872] - |D| - [30/10/2015 09:19:28] - (.-.) - [6.72 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance_Error.png
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |D| - [30/10/2015 09:17:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\system32\settings.dat
[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - |D| - [30/10/2015 09:19:28] - (.-.) - [16.35 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ShiftJIS.uce
[MD5.3903BCAB32A4A853DFA54962112D4D02] - |D| - [30/10/2015 09:17:53] - (.-.) - [139.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\slmgr.vbs
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |D| - [30/10/2015 09:17:57] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SmallRoom.bin
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |D| - [30/10/2015 09:17:46] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\system32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |D| - [01/08/2013 14:12:36] - (.(c) 2007 SRS Labs, Inc.  - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\system32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |D| - [01/08/2013 14:12:36] - (.Copyright (c) 2006 SRS Labs, Inc..  - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\system32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |D| - [01/08/2013 14:12:36] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\system32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |D| - [01/08/2013 14:12:36] - (.(c) 2006 SRS Labs, Inc.  - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\system32\SRSWOW64.dll
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |D| - [30/10/2015 09:18:42] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\WINDOWS\system32\staticurllist.bin
[MD5.30F5568679A54042F99CA9EC1102EBCD] - |D| - [30/10/2015 09:19:28] - (.-.) - [91.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SubRange.uce
[MD5.81B14F1AD906AC1CF9102796C97A54FE] - |D| - [30/10/2015 09:18:09] - (.-.) - [3.24 Ko] - (0.0.0.0) - C:\WINDOWS\system32\sysprint.sep
[MD5.58A67EC6B00A54A69DC364194CA171E0] - |D| - [30/10/2015 09:18:09] - (.-.) - [3.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\sysprtj.sep
[MD5.31B010EF50D54D548B4B8B211F421318] - |D| - [30/10/2015 09:18:10] - (.-.) - [1.63 Ko] - (0.0.0.0) - C:\WINDOWS\system32\tcpbidi.xml
[MD5.D602CA245CC6774A0981B607F0675609] - |D| - [30/10/2015 09:18:09] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\tcpmon.ini
[MD5.6D21D0A95286DCD09E354B612F592EB7] - |D| - [25/07/2016 18:39:09] - (.-.) - [1.94 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ticrf.rat
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |D| - [30/10/2015 09:17:47] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WdsUnattendTemplate.xml
[MD5.039C8233D4FCE424F5CA9427EF771942] - |D| - [30/10/2015 09:18:19] - (.-.) - [213.34 Ko] - (0.0.0.0) - C:\WINDOWS\system32\weretw.dll
[MD5.D87FB0D2599BAE25F3A6D29589AF0D98] - |D| - [30/10/2015 09:17:49] - (.-.) - [2.22 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WimBootCompress.ini
[MD5.2BA7DF05213968EFC98867E03687CEDB] - |D| - [30/10/2015 09:17:59] - (.-.) - [401.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\Windows.Perception.Stub.dll
[MD5.E0974EE3F592223A950B3B0C04797212] - |D| - [30/10/2015 09:19:39] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WindowsCodecsRaw.txt
[MD5.7EF8F3CADE2DE177F96B5A5B581D73FF] - |D| - [30/10/2015 09:17:43] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\system32\winrm.cmd
[MD5.9D7684F978EBD77E6A3EA7EF1330B946] - |D| - [30/10/2015 09:17:43] - (.-.) - [199.32 Ko] - (0.0.0.0) - C:\WINDOWS\system32\winrm.vbs
[MD5.965E1F4E54E12010DDDC7F71950C9C53] - |D| - [30/10/2015 09:17:50] - (.http://www.sqlite.org/copyright.html - SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - [642.46 Ko] - (3.8.8.3) - C:\WINDOWS\system32\winsqlite3.dll
[MD5.C30C621748C66CE751B19B2788559A3E] - |D| - [30/10/2015 09:18:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wpcmon.png
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |D| - [30/10/2015 09:18:42] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WpcNBModel.bin
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |D| - [30/10/2015 09:18:03] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wpr.config.xml
[MD5.930423065AB3F5DB52D5726C7FC66385] - |D| - [30/10/2015 09:17:43] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wsmanconfig_schema.xml
[MD5.D6CBFA113B69C491DE370E85EBAC80E9] - |D| - [30/10/2015 09:17:43] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WsmPty.xsl
[MD5.B2EDF82825D979928AE07CBE9C7A2160] - |D| - [30/10/2015 09:17:43] - (.-.) - [2.37 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WsmTxt.xsl
[MD5.9D6B8FC71167D22849424084F0F3D9E9] - |D| - [30/10/2015 09:19:41] - (.-.) - [74.28 Ko] - (0.0.0.0) - C:\WINDOWS\system32\xpsrchvw.xml
[MD5.684DDBD6ED4066B10660A3A06655B59A] - |D| - [30/10/2015 09:17:42] - (.-.) - [3.92 Ko] - (0.0.0.0) - C:\WINDOWS\system32\xwizard.dtd

---------- | Installer

[HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\554590D7179DC4D4E9DFA96F6A85F4A3] : Bing Bureau -> C:\WINDOWS\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}\icon.ico
[HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  954G   No    No             1  953,525,167

---------- | MBR

Windows Version:		
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer:		AMI
System Manufacturer:		Hewlett-Packard
System Product Name:		CQ2904EF
Logical Drives Mask:		0x000a03fc

Analysis of file "C:\QuickDiag\MBR.bin":
Unknown MBR code

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de l’application défaillante svchost.exe_DeviceAssociationService, version : 10.0.10586.0, horodatage : 0x5632d7ba
Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb
Code d’exception : 0xc0000409
Décalage d’erreur : 0x000000000002144b
ID du processus défaillant : 0x35c
Heure de début de l’application défaillante : 0x01d1e7515e6124d8
Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll
ID de rapport : 5242b74c-9e96-4445-ac94-a7875733ac79
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.10586.494, horodatage : 0x5775e715
Nom du module défaillant : eModel.dll, version : 11.0.10586.494, horodatage : 0x5775e561
Code d’exception : 0xc0000409
Décalage d’erreur : 0x0000000000129baf
ID du processus défaillant : 0x1b50
Heure de début de l’application défaillante : 0x01d1e7ab5b88c079
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
ID de rapport : 94d2f2f4-24f1-4d93-a074-0ccf08305fc2
Nom complet du package défaillant : Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe
ID de l’application relative au package défaillant : MicrosoftEdge
------------

Le programme LiberKeyMenu.exe version 5.8.0.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 ID de processus : aec
 Heure de début : 01d1e751f69c0255
 Heure de fin : 4294967295
 Chemin d'accès de l'application : T:\LiberKey\LiberKeyTools\LiberKeyMenu\LiberKeyMenu.exe
 ID de rapport : 219138ce-5346-11e6-ae47-4c72b9f956a2
 Nom complet du package défaillant : 
 ID de l'application relative au package défaillant : 

------------

Le programme infrarecorder.exe version 0.53.0.0 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 ID de processus : 5f4
 Heure de début : 01d1e75292cc47c7
 Heure de fin : 4294967295
 Chemin d'accès de l'application : T:\LiberKey\Apps\InfraRecorder\App\InfraRecorder\x64\infrarecorder.exe
 ID de rapport : 1c494b8f-5346-11e6-ae47-4c72b9f956a2
 Nom complet du package défaillant : 
 ID de l'application relative au package défaillant : 

------------

Le package Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{344073a0-c247-4943-b21e-1c1b719c0bbf} a été interrompu, car sa suspension a été trop longue.
------------

Nom de l’application défaillante ultracopier.exe, version : 1.2.3.0, horodatage : 0x573db3ef
Nom du module défaillant : ntdll.dll, version : 10.0.10586.306, horodatage : 0x571af2eb
Code d’exception : 0xc0000374
Décalage d’erreur : 0x00000000000ee6fc
ID du processus défaillant : 0x13d0
Heure de début de l’application défaillante : 0x01d1e755cf8e8247
Chemin d’accès de l’application défaillante : C:\Program Files\Ultracopier\ultracopier.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll
ID de rapport : 2d411e84-9c66-4937-89de-bddbb3501fd6
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.0, horodatage : 0x5632d93d
Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.10586.0, horodatage : 0x5632d920
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000006fcd2b
ID du processus défaillant : 0x374
Heure de début de l’application défaillante : 0x01d1e747386641e9
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll
ID de rapport : 060d3b00-1545-48e7-9cf9-267cb913c9b6
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Le package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App a été interrompu, car sa suspension a été trop longue.
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.0, horodatage : 0x5632d93d
Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.10586.0, horodatage : 0x5632d920
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000006fcd2b
ID du processus défaillant : 0x740
Heure de début de l’application défaillante : 0x01d1e74680a81dd8
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll
ID de rapport : 49ae6729-c78b-4bd9-aaa6-892d6b319d93
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante a2start.exe, version : 11.10.0.6556, horodatage : 0x5772c63e
Nom du module défaillant : a2framework.dll_unloaded, version : 11.9.0.6513, horodatage : 0x5772c622
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000617099
ID du processus défaillant : 0x634
Heure de début de l’application défaillante : 0x01d1e7467d8d646a
Chemin d’accès de l’application défaillante : C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\a2start.exe
Chemin d’accès du module défaillant: a2framework.dll
ID de rapport : aa69accb-4327-47ba-ba78-14ff68004eb1
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante a2service.exe, version : 11.10.0.6556, horodatage : 0x5772c632
Nom du module défaillant : ntdll.dll, version : 10.0.10586.0, horodatage : 0x5632d193
Code d’exception : 0xc0000374
Décalage d’erreur : 0x00000000000edfac
ID du processus défaillant : 0x7b8
Heure de début de l’application défaillante : 0x01d1e7415f6afc17
Chemin d’accès de l’application défaillante : C:\Program Files\Emsisoft Internet Security\a2service.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll
ID de rapport : 3bbd6024-c200-45cc-a19c-2002b008f1d9
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.0, horodatage : 0x5632d93d
Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.10586.0, horodatage : 0x5632d920
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000006fcd2b
ID du processus défaillant : 0x1334
Heure de début de l’application défaillante : 0x01d1e746456cb637
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll
ID de rapport : ba611ec9-e16d-41e4-acc5-b8f198bac9d5
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.0, horodatage : 0x5632d93d
Nom du module défaillant : Windows.UI.Xaml.dll, version : 10.0.10586.0, horodatage : 0x5632d920
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000006fcd2b
ID du processus défaillant : 0xb80
Heure de début de l’application défaillante : 0x01d1e745fe39df5a
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\Windows.UI.Xaml.dll
ID de rapport : d526089d-49f9-4366-ad93-94d3582b404c
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante regsvr32.exe, version : 10.0.10586.0, horodatage : 0x5632d864
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000a4993a90
ID du processus défaillant : 0x430
Heure de début de l’application défaillante : 0x01d1e74636e7b3d2
Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\regsvr32.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : b370ac40-2b01-4e67-87e2-028f59ba2740
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante VBoxSVC.exe, version : 4.0.6.0, horodatage : 0x4db006da
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000a4993a90
ID du processus défaillant : 0x12f4
Heure de début de l’application défaillante : 0x01d1e746335e307b
Chemin d’accès de l’application défaillante : R:\VirtualBox\Portable-VirtualBox\app64\VBoxSVC.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : 4cbb7526-0376-4896-a254-7747e29fc99a
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante VBoxManage.exe, version : 0.0.0.0, horodatage : 0x4db006fa
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000a4993a90
ID du processus défaillant : 0x374
Heure de début de l’application défaillante : 0x01d1e7463097b6d2
Chemin d’accès de l’application défaillante : R:\VirtualBox\Portable-VirtualBox\app64\VBoxManage.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : aa7afa4f-c0ec-41ee-a736-c6ab69c9e5b9
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante VBoxManage.exe, version : 0.0.0.0, horodatage : 0x4db006fa
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000a4993a90
ID du processus défaillant : 0x1398
Heure de début de l’application défaillante : 0x01d1e745fd17256b
Chemin d’accès de l’application défaillante : R:\VirtualBox\Portable-VirtualBox\app64\VBoxManage.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : a1d1b751-70e6-40ca-8374-55ebb8946607
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Le package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App a été interrompu, car sa suspension a été trop longue.
------------


----------( EOF)---------- - 7176 | 05:25:36