--------------- QuickDiag | g3n-h@ckm@n | 2_24.07.2016.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 25/07/2016 10:20:36

Updated 24/07/2016 | 08.15 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[jean- (Administrator)] - [DESKTOP-C5ODV86] (S-1-5-21-1818149683-622579324-567972293-1002)

System: Microsoft Windows 10 Famille -  - (10.0.10586) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Extended


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001
HD Webcam C310 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_081B&MI_02\7&4D0A220&0&0002

---------- | Video

AMD Radeon HD 7310 Graphics - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184
Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25344 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 -  Manufacturer: Logitech Inc. - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34632 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27136 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:5 %
Total Overall CPU Usage value:2 %

---------- | Network

Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.30] : SENT:1,076 bytes/sec / RECVD:1,076 bytes/sec
isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec
Connexion au réseau local* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:1,076 bytes/sec,  /  RECEIVE Maximum:1,076 bytes/sec

Microsoft Kernel Debug Network Adapter -  - Microsoft - Status:  - PnPID : ROOT\KDNIC\0000
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status:  - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status:  - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status:  - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

---------- | Memory

RAM = Total (MB) : 3748 | Free (MB) : 1722
Pagefile = Total (MB) : 5189 | Free (MB) : 2907
Virtual = Total (MB) : 4194 | Free (MB) : 3949

Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron        - PartNumber: 8JTF51264AZ-1G6E1  - S/N: DEA02E9

---------- | SID Users

Administrateur : [S-1-5-21-1818149683-622579324-567972293-500]
DefaultAccount : [S-1-5-21-1818149683-622579324-567972293-503]
Invité : [S-1-5-21-1818149683-622579324-567972293-501]
jean- : [S-1-5-21-1818149683-622579324-567972293-1002]
SophosSAUDESKTOP-C50 : [S-1-5-21-1818149683-622579324-567972293-1007]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
AMD FUEL : [S-1-5-21-1818149683-622579324-567972293-1001]
SophosAdministrator : [S-1-5-21-1818149683-622579324-567972293-1005]
SophosOnAccess : [S-1-5-21-1818149683-622579324-567972293-1006]
SophosPowerUser : [S-1-5-21-1818149683-622579324-567972293-1004]
SophosUser : [S-1-5-21-1818149683-622579324-567972293-1003]

---------- | Drives

R:\ -> [Removable] | [FRAMAKEY SA] | Total : 1.86 Go | Free : 0.22 Go -> FAT [USB]
Q:\ -> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 916.44 Go -> NTFS [USB]
P:\ -> [CDROM] | [WD Unlocker] | Total : 0.01 Go | Free : 0 Go -> UDF [USB]
O:\ -> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.37 Go -> FAT32 [USB]
K:\ -> [Removable] | [AUTORAD] | Total : 14.83 Go | Free : 14.57 Go -> FAT32 [USB]
I:\ -> [Removable] | [] | Total : 30.02 Go | Free : 2.11 Go -> FAT32 [USB]
G:\ -> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.54 Go -> FAT32 [USB]
E:\ -> [Removable] | [louvre] | Total : 476.69 Go | Free : 476.69 Go -> exFAT [USB]
D:\ -> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA]
C:\ -> [Fixed] | [OS] | Total : 916.98 Go | Free : 860.89 Go -> NTFS [SATA]

Disk Usage Information [12 total Physical Disks]

Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #3 [L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #4 [M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #5 [N:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #6 [O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #7 [Q:] : Read:243,551 bytes/sec, Written:16,236 bytes/sec Max Read:243,551 bytes/sec, Max Write:16,236 bytes/sec 
Physical Drive #8 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #9 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:243,551 bytes/sec, Write Maximum:16,236 bytes/sec

DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00\20071114173400000&0
DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000
DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0815\000000000004&0
DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9451\7&18D61DD&0
DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_SONY&PROD_CARD_R/W__-SM/XD&REV_2.10\50000007EDC1&1
DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SONY&PROD_CARD_R/W__-MS&REV_2.10\50000007EDC1&3
DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_SONY&PROD_CARD_R/W__-SD&REV_2.10\50000007EDC1&2
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\AC220B280C8CB030D9732DE0&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB -  - 0 Part. - PnPID : USBSTOR\DISK&VEN_SONY&PROD_CARD_R/W__-CF&REV_2.10\50000007EDC1&0
DeviceID: \\.\PHYSICALDRIVE11 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1100\0116000000008682&0
DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_FIXMESTICK&REV_8.07\D2BF4C401E2763FP1289&0

---------- | Windows updates

No detected update !!! 

Windows Is Activated

---------- | Browsers

IE : 11.0.10586.0     (© Microsoft Corporation. Tous droits réservés.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1

---------- | FlashPlayer

FlashPlayer ActiveX : 19.0.0.226

---------- | Security

AV : Sophos Home Enabled
AS : Windows Defender Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

328 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe     [30/10/2015 09:18:03]    CPU Usage:0 %
568 | [Owner :  | Parent : 464() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.0) = C:\Windows\System32\wininit.exe     [30/10/2015 09:17:53]    CPU Usage:0 %
636 | [Owner :  | Parent : 568(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.0) = C:\Windows\System32\services.exe     [30/10/2015 09:18:03]    CPU Usage:0 %
644 | [Owner :  | Parent : 568(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.0) = C:\Windows\System32\lsass.exe     [30/10/2015 09:18:03]    CPU Usage:0 %
676 | [Owner :  | Parent : 560() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.0) = C:\Windows\System32\winlogon.exe     [30/10/2015 09:17:53]    CPU Usage:0 %
800 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
856 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
8 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
452 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
564 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
360 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
820 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
896 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1256 | [Owner :  | Parent : 636(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe     [21/10/2015 02:14:46]    CPU Usage:0 %
1328 | [Owner :  | Parent : 1256(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe     [21/10/2015 02:14:46]    CPU Usage:0 %
1420 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1496 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Sophos Limited - Performs virus scanning and disinfection functions.) - (10.5.0.173) = C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService_IObitDel.exe     [25/07/2016 08:18:17]    CPU Usage:0 %
1504 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe     [01/08/2013 14:12:34]    CPU Usage:0 %
1548 | [Owner :  | Parent : 1504(RtkAudioService64.exe) | ?????] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [01/08/2013 14:12:32]    CPU Usage:0 %
524 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.0) = C:\Windows\System32\spoolsv.exe     [30/10/2015 09:18:09]    CPU Usage:0 %
2248 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2264 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe     [21/08/2015 22:09:14]    CPU Usage:0 %
2344 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2376 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Sophos Limited - Sophos Administrator Service.) - (10.5.0.173) = C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService_IObitDel.exe     [25/07/2016 08:18:12]    CPU Usage:0 %
2424 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
2488 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Sophos Limited - Sophos Web Intelligence.) - (3.5.165.0) = C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter_IObitDel.exe     [22/02/2016 18:17:42]    CPU Usage:0 %
2528 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Sophos Limited - Sophos Web Intelligence.) - (3.5.165.0) = C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service_IObitDel.exe     [22/02/2016 18:17:43]    CPU Usage:0 %
2744 | [Owner :  | Parent : 2488(swi_filter.exe) | ?????] - (.Sophos Limited - Sophos Web Intelligence.) - (3.5.165.0) = C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe     [25/07/2016 08:33:49]    CPU Usage:0 %
3636 | [Owner : jean- | Parent : 452(svchost.exe) | 17.64 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe     [30/10/2015 09:18:01]    CPU Usage:0 %
3736 | [Owner : jean- | Parent : 452(svchost.exe) | 17.42 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe     [30/10/2015 09:17:43]    CPU Usage:0 %
3952 | [Owner : jean- | Parent : 3900() | 91.17 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.0) = C:\Windows\explorer.exe     [30/10/2015 09:18:10]    CPU Usage:4 %
3972 | [Owner : jean- | Parent : 800(svchost.exe) | 38.42 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe     [30/10/2015 09:17:51]    CPU Usage:0 %
3800 | [Owner : jean- | Parent : 800(svchost.exe) | 62.56 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [30/10/2015 09:17:32]    CPU Usage:0 %
3772 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe     [30/10/2015 09:18:01]    CPU Usage:0 %
4236 | [Owner : jean- | Parent : 800(svchost.exe) | 66 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [30/10/2015 09:18:49]    CPU Usage:0 %
4852 | [Owner : jean- | Parent : 800(svchost.exe) | 4.37 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10586.0) = C:\Windows\System32\SettingSyncHost.exe     [30/10/2015 09:17:59]    CPU Usage:0 %
5132 | [Owner : jean- | Parent : 3952(explorer.exe) | 32.35 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6390.509) = C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe     [25/07/2016 08:06:07]    CPU Usage:0 %
5436 | [Owner : jean- | Parent : 5148() | 1.79 Mo] - (.Sophos Limited - Sophos Endpoint Security and Control.) - (5.3.0.516) = C:\Program Files (x86)\Sophos\AutoUpdate\ALMon_IObitDel.exe     [15/01/2016 12:51:08]    CPU Usage:0 %
5492 | [Owner : jean- | Parent : 5344() | 4 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe     [21/08/2015 22:38:30]    CPU Usage:0 %
6048 | [Owner : jean- | Parent : 5492(MOM.exe) | 4.54 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe     [21/08/2015 22:38:26]    CPU Usage:0 %
5964 | [Owner : jean- | Parent : 636(services.exe) | 31.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
3300 | [Owner : jean- | Parent : 800(svchost.exe) | 17.7 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe     [30/10/2015 09:18:16]    CPU Usage:0 %
1244 | [Owner : jean- | Parent : 452(svchost.exe) | 14.08 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe     [30/10/2015 09:17:43]    CPU Usage:0 %
4844 | [Owner : jean- | Parent : 800(svchost.exe) | 17.41 Mo] - (.-.) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe     [25/07/2016 09:06:41]    CPU Usage:0 %
944 | [Owner :  | Parent : 636(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe     [30/10/2015 09:17:49]    CPU Usage:0 %
1336 | [Owner :  | Parent : 636(services.exe) | ?????] - (.TechSmith Corporation - TechSmith Uploader Service.) - (5.0.6.303) = C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe     [14/09/2015 14:51:48]    CPU Usage:0 %
4768 | [Owner : jean- | Parent : 3652() | 133.11 Mo] - (.TechSmith Corporation - Snagit.) - (13.0.1.6326) = C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe     [17/06/2016 17:32:48]    CPU Usage:0 %
4504 | [Owner : jean- | Parent : 4768(Snagit32.exe) | 6.5 Mo] - (.TechSmith Corporation - Snagit RPC Helper.) - (13.0.1.6326) = C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe     [17/06/2016 17:32:48]    CPU Usage:0 %
892 | [Owner : jean- | Parent : 4768(Snagit32.exe) | 107.03 Mo] - (.TechSmith Corporation - Snagit Editor.) - (13.0.1.6326) = C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe     [17/06/2016 17:32:48]    CPU Usage:0 %
1992 | [Owner : jean- | Parent : 800(svchost.exe) | 64.36 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.0) = C:\Windows\explorer.exe     [30/10/2015 09:18:10]    CPU Usage:0 %
3276 | [Owner : jean- | Parent : 1992(explorer.exe) | 11.4 Mo] - (.PortableApps.com - Mozilla Firefox, Portable Edition.) - (2.0.3.0) = Q:\PortableApps\FirefoxPortable\FirefoxPortable.exe     [28/06/2016 19:26:50]    CPU Usage:0 %
4164 | [Owner : jean- | Parent : 3276(FirefoxPortable.exe) | 476.38 Mo] - (.Mozilla Corporation - Firefox.) - (47.0.1.6018) = Q:\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe     [24/06/2016 04:50:36]    CPU Usage:68 %
5064 | [Owner :  | Parent : 3772(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.0) = C:\Windows\System32\SearchProtocolHost.exe     [30/10/2015 09:18:01]    CPU Usage:0 %
192 | [Owner : Système | Parent : 3772(SearchIndexer.exe) | 5.42 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.0) = C:\Windows\System32\SearchFilterHost.exe     [30/10/2015 09:18:01]    CPU Usage:0 %
1016 | [Owner :  | Parent : 360(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.0) = C:\Windows\System32\audiodg.exe     [30/10/2015 09:17:57]    CPU Usage:0 %
5864 | [Owner : jean- | Parent : 3952(explorer.exe) | 29.94 Mo] - (.SosVirus - QuickDiag.) - (24.7.2016.1) = C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe     [25/07/2016 10:19:54]    CPU Usage:0 %

---------- | MD5

[MD5.4572EB3DDBD2DFA10DE7A037A6CC6D53] - [30/10/2015 09:18:10] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4397.33 Ko] - (10.0.10586.0) : C:\Windows\Explorer.exe
[MD5.41E25E514D90E9C8BC570484DBAFF62B] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [228.5 Ko] - (10.0.10586.0) : C:\Windows\System32\cmd.exe
[MD5.3E7CCD0F507877C50078205667CE8133] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.10586.0) : C:\Windows\System32\csrss.exe
[MD5.9513834DAC717444F04169EA5D120885] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - COM Surrogate.) - [18.34 Ko] - (10.0.10586.0) : C:\Windows\System32\dllhost.exe
[MD5.1C9C6933A94C594DE7366124B4DD6075] - [30/10/2015 09:17:46] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [689.05 Ko] - (10.0.10586.0) : C:\Windows\System32\Kernel32.dll
[MD5.889459F1FDDC5EC58B437AA6C436F33F] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.55 Ko] - (10.0.10586.0) : C:\Windows\System32\lsass.exe
[MD5.B339861C6A2A86FBCA67C2006B461473] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [883.5 Ko] - (10.0.10586.0) : C:\Windows\System32\rpcss.dll
[MD5.0DCB89B1F3689BC6262FF30BBD603171] - [30/10/2015 09:18:14] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [58 Ko] - (10.0.10586.0) : C:\Windows\System32\rundll32.exe
[MD5.4FC239921A238E7C55934B2B2A73CE9D] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [430.34 Ko] - (10.0.10586.0) : C:\Windows\System32\services.exe
[MD5.8497852ED44AFF902D502015792D315D] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [42.91 Ko] - (10.0.10586.0) : C:\Windows\System32\svchost.exe
[MD5.B6577F66C480E4C509F97D53404DB35A] - [30/10/2015 09:17:58] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1365.43 Ko] - (10.0.10586.0) : C:\Windows\System32\user32.dll
[MD5.8F3ECCB5DC878FA14887B43CD148CBA9] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (10.0.10586.0) : C:\Windows\System32\userinit.exe
[MD5.CAD491DD9EC00BB841EA407D9C498C4A] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [284.04 Ko] - (10.0.10586.0) : C:\Windows\System32\Wininit.exe
[MD5.46C8E60DEDBDA95C102D1B2E74676578] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [571 Ko] - (10.0.10586.0) : C:\Windows\System32\Winlogon.exe
[MD5.F71FCE3C16F5B15FDD84580AA067C749] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [565.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\afd.sys
[MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\atapi.sys
[MD5.B6664965BF346322BBDF286174851476] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [188.34 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ataport.sys
[MD5.7F9C7226D743B232907ED2537B8A574F] - [30/10/2015 09:18:09] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.82D97776BF982AA143BDC7DFB5054EA8] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.C9478D7DB7BE5D7ACE65CB1167F07320] - [30/10/2015 09:17:58] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.84BC034B6BB763733C1949B7B9BAF976] - [30/10/2015 09:17:18] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [78 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.9E5E8F2A1996F23B7E9687846AA81B01] - [30/10/2015 09:17:43] - (.© Microsoft Corporation. - IP Network Address Translator.) - [140 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.61F9F27A8C3D7BCD287FE98A440421CE] - [30/10/2015 09:17:58] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [420.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.AFAECF904F1C343EBD50F91BC8D0DBE8] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1125.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ndis.sys
[MD5.F51C02D992A8D6BC5EC4D990F227D4C7] - [30/10/2015 09:18:08] - (.© Microsoft Corporation. - MBT Transport driver.) - [273 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\netbt.sys
[MD5.F6A2D0EC594A1039B0F9D42BB8EC0BD3] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2102.34 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\parport.sys
[MD5.381B8F2311A0375676B635EA5E7C8AB0] - [30/10/2015 09:17:41] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - [30/10/2015 09:19:42] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [169 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.892F30506DCCF230C5A57019C1D8D31B] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2347.34 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.E94274E6E163B63A12A5242CC8D0B39D] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\tdx.sys
[MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [404.84 Ko] - (10.0.10586.0) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\Windows\System32\CoreUIComponents.dll
(.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\Windows\SYSTEM32\aticfx64.dll
(.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\Windows\SYSTEM32\atiuxp64.dll
(.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\Windows\SYSTEM32\atidxx64.dll
(..-..) - (1.2.502.0) -- C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
(.TechSmith Corporation.-.Snagit Shell Extension DLL.) - (13.0.1.6326) -- C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll
(.TechSmith Corporation.-.Snagit Shell Extension Resources DLL.) - (13.0.1.6326) -- C:\Program Files (x86)\TechSmith\Snagit 13\SnagItShellExtRes.dll
(..-..) - (0.0.0.0) -- 
(..-..) - (0.0.0.0) -- : 1992
(..-..) - (0.0.0.0) -- 
(..-..) - (0.0.0.0) -- 
(..-..) - (0.0.0.0) -- 
(..-..) - (1.2.502.0) -- C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
(.TechSmith Corporation.-.Snagit Shell Extension DLL.) - (13.0.1.6326) -- C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll
(.TechSmith Corporation.-.Snagit Shell Extension Resources DLL.) - (13.0.1.6326) -- C:\Program Files (x86)\TechSmith\Snagit 13\SnagItShellExtRes.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.336) -- C:\Windows\system32\RtkAPO64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
OneDrive - ("C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1818149683-622579324-567972293-1002\...\Run]) - User: DESKTOP-C5ODV86\jean-
Snagit 13 - (C:\PROGRA~2\TECHSM~1\SNAGIT~1\Snagit32.exe  [Common Startup]) - User: Public

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=notepad\1   
"MRUList"=a   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   


---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=9d83927b-8d5d-461f-a159-4530459   
"GlassSessionId"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"PendingFileRenameOperations"=\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAdapter_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClientApi_IObitDel.dll

\??\C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsAgent.log

\??\C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\McsClient.log

\??\C:\Windows\Installer\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}\Sophos_MCS_Icon_IObitDel

\??\C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\

\??\C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\

\??\C:\ProgramData\Sophos\Management Communications System\Endpoint\

\??\C:\Program Files (x86)\Sophos\AutoUpdate\ALMon_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\AutoUpdate\en\almonres_IObitDel.dll

\??\C:\ProgramData\Sophos\AutoUpdate\Logs\ALMon.sess1.20160725T084417.2141680.log

\??\C:\ProgramData\Sophos\AutoUpdate\Logs\ALSvc20160725T083646.7295540.log

\??\C:\Users\jean-\AppData\Local\Temp\DEL65E5.tmp

\??\C:\Windows\Installer\{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520}\Icon_IObitDel.ico

\??\C:\Program Files (x86)\Sophos\AutoUpdate\en\

\??\C:\Program Files (x86)\Sophos\AutoUpdate\

\??\C:\ProgramData\Sophos\AutoUpdate\Logs\

\??\C:\ProgramData\Sophos\AutoUpdate\

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\AuthorisedLists_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanning_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BHOManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Configuration_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DCManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DesktopMessaging_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DetectionFeedback_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\DriveProcessor_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\EEConsumer_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\FilterProcessors_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\FSDecomposer_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ICAdapter_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ICManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ICProcessors_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\LegacyConsumers_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Localisation_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Logging_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\OSDP_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Persistance_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVI_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavNeutralRes_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavResEng_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavSecurity_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ScanEditFacade_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ScanManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SIPSManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophtainerAdapter_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SWIManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SystemInformation_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\TamperProtectionManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ThreatDetection_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\ThreatManagement_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Translators_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Veex_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\VirusDetection_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\WebControlMessaging_IObitDel.dll

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service_IObitDel.exe

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Cache\00bf906e38db4eaebfa7604808a2dbe4_IObitDel.cache

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Cache\a2a913d14ed54cc6831be38530b8f49e_IObitDel.cache

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Config\C.C

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Config\interchk.chk

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\logs\oaScannerWatchdog.txt

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\logs\SAV.txt

\??\C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\ARPPRODUCTICON_IObitDel.exe

\??\C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\InternetShortcut_IObitDel.exe

\??\C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\MainGUIShortcut1_IObitDel.exe

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\

\??\C:\Program Files (x86)\Sophos\Sophos Anti-Virus\

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Config\

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\Cache\

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\logs\

\??\C:\ProgramData\Sophos\Sophos Anti-Virus\

\??\C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\ARPPRODUCTICON_IObitDel.exe

\??\C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\NewShortcut1_985F828E0E98429F9C05EF3BDE7568F7_1_IObitDel.exe

\??\C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\NewShortcut2_985F828E0E98429F9C05EF3BDE7568F7_IObitDel.exe

\??\C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7_IObitDel.exe
   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0xC0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [25/07/2016 07:57:36]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"LsaPid"=644   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   


---------- | .LNK

C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk        (shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk        (shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk        (shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk        (shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk        (/0) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk        (::{7007ACC7-3202-11D1-AAD2-00805FC1270E}) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk        (/name Microsoft.DeviceManager) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk        (/name Microsoft.System) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk        (/name Microsoft.PowerOptions) 
C:\Users\jean-\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk        (/name Microsoft.ProgramsAndFeatures) 
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk        (page=SettingsPagePCSystemDevices) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk        (-sta {C90FB8CA-3295-4462-A721-2935E83694BA}) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk        (-SpeechUX) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk        (/prefetch:1) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk        (/res) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk        (Start Help -help) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Snagit 13.lnk        () GIT~1D	��H:�H):.�5
�|Snagit 13f28o�H| Snagit32.exeJ	��H|�H$:.P=
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk        (/name Microsoft.DefaultPrograms) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk        (/7) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free\TreeSize Free.lnk        (/NOADMIN) 

---------- | AppCertDlls | AppInit_DLLs


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"ScreenSaveActive"=1   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\jean-\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\2016-07-24.jpg   [25/07/2016 08:10:34]
"ActiveWndTrkTimeout"=0   
"MaxVirtualDesktopDimension"=1280   
"MaxMonitorDimension"=1280   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC3010052D8090080070000B004000088F963413BE6D10143003A005C00550073006500720073005C006A00650061006E002D005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C0052006F0061006D00650064005400680065006D006500460069006C00650073005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C0032003000310036002D00300037002D00320034002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoColorization"=1   
"ImageColor"=2561889590   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003E28000000000000000000000000000001000000130000000000000063000000   
"UserSignedIn"=1   
"SlowContextMenuEntries"=0xEE21215E0003D4118D3B4445535400004C0300006078A409B011A54DAFA526D86198A780D20400006024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E232823C03000044F8271D1F3A104485AC14651078412D13020000   
"TelemetrySalt"=2   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"GlobalAssocChangedCounter"=39   
"AppReadinessLogonComplete"=1   
"FirstRunTelemetryComplete"=1   

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=1   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StoreAppsOnTaskbar"=1   
"EnableStartMenu"=1   
"StartMenuInit"=11   
"TaskbarSizeMove"=0   
"DisablePreviewDesktop"=0   
"TaskbarGlomLevel"=0   
"ReindexedProfile"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=RequireAdmin   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=9   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=10586   
"FirstLogon"=0   
"PUUActive"=0xF1DAF9C10100000002000200110E0000070F0000B0130000D0000000020003003383FB2E0414000004140000B60400003A0300007F01000000000000B8130000560100000D000000355A37E245E6D101   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DefaultUserName"=jean-marie.carribon@wanadoo.fr   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"DisableCAD"=1   
"ShutdownStartTime"=131139025446010669   
"UserSessionShutdownStopTime"=131139025494955169   
"ShutdownFlags"=135   
"AutoAdminLogon"=0   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-1818149683-622579324-567972293-1002   
"LastUsedUsername"=jean-marie.carribon@wanadoo.fr   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [30/10/2015 09:18:39]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [30/10/2015 09:18:39]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=1FC3C6 WD Drive Unlock.exe"=0x534143500100000000000000070000002800000058C31F008AC51F0001000000000000000000000A7122000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000032650000000000000200000002000000
"C:\Users\jean-\Downloads\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\Downloads\SophosInstall.exe"=0x534143500100000000000000070000002800000000BCBA0BAE3CBB0B0100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000074311300000000000100000001000000
"C:\Users\jean-\Downloads\pm14free_x64_eng.exe"=0x5341435001000000000000000700000028000000301D2A0300142B030100000000000000000000067102000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B0870300000000000100000001000000
"C:\Users\jean-\Downloads\FolderSize.exe"=0x5341435001000000000000000700000028000000921D2300000000000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000789D0000000000000100000001000000
"C:\Users\jean-\Downloads\TreeSizeFreeSetup.exe"=0x534143500100000000000000070000002800000000FD5A006C8A5B0001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008A730000000000000100000001000000
"C:\Program Files\Paragon Software\Partition Manager 14 Free\program\launcher.exe"=0x5341435001000000000000000700000028000000082D0800FD9F08000100000000000000000003060001000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000019020200000000000100000001000000
"C:\Users\jean-\Downloads\snagit.exe"=0x534143500100000000000000070000002800000058956D05DE866E0501000000000000000000000A0021000019B4C529E312D1010000000000000000
"Q:\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E74C2E00000000000100000001000000
"C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe"=0x5341435001000000000000000700000028000000087E3D0059313E0001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004BDF0F00000000000100000001000000
"C:\Program Files (x86)\Folder Size\FolderSize.exe"=0x534143500100000000000000070000002800000000EE4A00000000000100000000000000000003067122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000800000000000000000000000029391200000000000100000001000000
"SIGN.MEDIA=4335B1C boot\dd.exe"=0x534143500100000000000000070000002800000000A00000000000000100000000000000000001057100000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003F340000000000000100000001000000
"Q:\PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x534143500100000000000000070000002800000068370300CC4103000100000000000000000001060001000019B4C529E312D1010000000000000000
"C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=0x5341435001000000000000000700000028000000A8E12000F13E210001000000000000000000000A0021000019B4C529E312D1010000000000000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5daa288f-522a-11e6-83b2-4c72b9f956a2}] : "P:\WD Drive Unlock.exe" autoplay=true     (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131138987353150482

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallTime"=0xD8D7817D36E6D101
"ManagedDefenderProductType"=0
"ProductStatus"=0
"OOBEInstallTime"=0x762C5ADC39E6D101
"DisableAntiSpyware"=1
"DisableAntiVirus"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | @

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://fr.yahoo.com?fr=fp-comodo&type=33220001005_1.2.392126.236_u_hp
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"FormSuggest Passwords"=no
"FormSuggest PW Ask"=no
"Use FormSuggest"=no
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000004100000083086B075225C5012F3C7BDFEBD7170C54B0E7157192B3480AD56DEAEE248F7845AF6B576D81B8739380DE88F138376966965E5FE9B06ECEEC9A0E8B15DCC291E302000000100000007663585725326233636639496F253364
"OperationalData"=1
"EdgeSwitchingOSBuildNumber"=10586.th2_release.151029-1700
"ImageStoreRandomFolder"=7t9jnh6

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=0
"SecureProtocols"=2688
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"CertificateRevocation"=1
"ZonesSecurityUpgrade"=0x192FEA5B35E6D101
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | SSODL | SEH | URLSH | STS


---------- | Toolbar

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | ElevationPolicy

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings


---------- | Ext\Stats


---------- | Browser Helper Objects


---------- | Chrome



---------- | Opera


---------- | Firefox




---------- | Active Connections

  TCP    127.0.0.1:12080        DESKTOP-C5ODV86:51871  ESTABLISHED     2744
  TCP    127.0.0.1:51865        DESKTOP-C5ODV86:12080  TIME_WAIT       0
  TCP    127.0.0.1:51867        DESKTOP-C5ODV86:12080  TIME_WAIT       0
  TCP    127.0.0.1:51871        DESKTOP-C5ODV86:12080  ESTABLISHED     4164
  TCP    192.168.1.11:49691     msnbot-191-232-139-62.search.msn.com:https  ESTABLISHED     3952
  TCP    192.168.1.11:51623     198.41.214.186:http    CLOSE_WAIT      4844
  TCP    192.168.1.11:51624     111.221.77.161:40009   CLOSE_WAIT      4844
  TCP    192.168.1.11:51633     68.232.34.200:https    CLOSE_WAIT      4844
  TCP    192.168.1.11:51635     91.190.218.59:12350    CLOSE_WAIT      4844
  TCP    192.168.1.11:51636     104.16.25.216:http     CLOSE_WAIT      4844
  TCP    192.168.1.11:51640     104.16.25.216:http     CLOSE_WAIT      4844
  TCP    192.168.1.11:51868     a88-221-52-152.deploy.akamaitechnologies.com:http  TIME_WAIT       0
  TCP    192.168.1.11:51869     ec2-54-247-167-86.eu-west-1.compute.amazonaws.com:http  TIME_WAIT       0
  TCP    192.168.1.11:51870     ec2-54-247-167-86.eu-west-1.compute.amazonaws.com:http  TIME_WAIT       0
  TCP    192.168.1.11:51872     hosting1.crdf.fr:https  ESTABLISHED     2744
  TCP    192.168.1.11:51873     ec2-54-247-167-86.eu-west-1.compute.amazonaws.com:http  ESTABLISHED     2528
  TCP    192.168.1.11:51874     ec2-54-247-167-86.eu-west-1.compute.amazonaws.com:http  ESTABLISHED     2528

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c4db465e-759a-4f74-bd97-d0b85436d439}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c4db465e-759a-4f74-bd97-d0b85436d439}]
"DhcpNameServer"=192.168.1.1 192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [10,0,10586,0] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,10011,16384] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [10,0,10586,0] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [11,0,10586,0] -  -> 
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,10586,0] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{583AC46A-4A6F-39BC-AEFD-1BC2759FFA51}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [10,0,10586,0] - @%SystemRoot%\system32\shell32.dll,-32969 -> U
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [11,0,10586,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,10586,0] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{600AC0DF-B614-36F9-9E10-28896BD4ACCA}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,10586,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\SnagitEditor.exe] : "C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SnagitEditor.exe] : "C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168}
Name: wpnservice - AppID: {077869D3-D0DE-4586-882B-359F80009D0C}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: DCManagement - AppID: {0FFBB064-77DA-4316-898C-1ACCBCB39ABA}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: BackgroundScanning - AppID: {150CE928-DB5A-4091-ACF3-3869F6A42040}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97}
Name: SIPSManagement - AppID: {24CFB081-3E9F-422B-A2E0-68066E6F8AC1}
Name: SnagItET - AppID: {26088EFC-500F-4fff-AD37-323880CD1656}
Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B}
Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C}
Name: SnagItShellExt - AppID: {37AD3083-3787-41DC-944D-32CDEECFDB75}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: LegacyConsumers - AppID: {3FAFC35D-42AF-4F6C-9A0B-AF360F843897}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: RadioManagement Lib Class - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: SystemInformation - AppID: {4FC90E3D-AE2D-4E66-8745-F61411816F81}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6}
Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: %SystemRoot%\System32\wsclient.dll - AppID: {5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Out of proc server to enable Insider Hub and Feedback App scenarios to be reached from inside of its appcontainer - AppID: {7006698d-2974-4091-a424-85dd0b909e23}
Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: swc_service - AppID: {752B5BD1-9128-47B7-9934-E6DE5C5397D0}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: SNAGIT - AppID: {7AEB324B-D844-4633-AEF7-4D9417DFF5E0}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: ComponentManager - AppID: {86D00E13-C7DF-4fa6-A24A-E0AA517354A9}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {8B8C2776-594E-41EA-90D0-8013CACBB9A7}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2}
Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A}
Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41}
Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755}
Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF}
Name: ScanEditExports - AppID: {C1B29AE4-8EC0-4D25-8716-8B2991DC5FA2}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}
Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5}
Name: DataControlPlugin - AppID: {C6A24AFA-EDFF-492b-A92A-0590D1BACF81}
Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
Name: LockScreen Application Notification Broker - AppID: {C89FC3EF-A0DC-4feb-BFBC-F13A9C334D4F}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886}
Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: SAVService - AppID: {EEA3D6A3-3AEE-4BF4-B8EF-8A190CADD9B1}
Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {F7CDD0DF-887D-463F-AF57-0E442B5C233B}
Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{077869D3-D0DE-4586-882B-359F80009D0C}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{26088EFC-500F-4fff-AD37-323880CD1656}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{26088EFC-500F-4fff-AD37-323880CD1656}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{26088EFC-500F-4fff-AD37-323880CD1656}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544"

---------- | Svchost - Netsvcs (Whitelisted)

NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs
UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software







[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\AppDataLow]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\ATI]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\JAM Software]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Macromedia]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Mozilla]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Policies]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\RegisteredApplications]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Sophos]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\SyncEngines]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\sysinternals]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\TechSmith]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Wow6432Node]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1818149683-622579324-567972293-1002\Software\Microsoft\Windows NT\CurrentVersion]




[HKLM\Software\AMD]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Clients]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Sophos]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\Trolltech]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice]

[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\CodeGear]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Sophos]
[HKLM\Software\WOW6432Node\TechSmith]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]


---------- | FeatureControl

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"SnagitEditor.exe"="1"
"Snagit32.exe"="1"
"SnagPriv.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"SnagitEditor.exe"="11000"
"Snagit32.exe"="11000"
"SnagPriv.exe"="11000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:18] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies
[MD5.00000000000000000000000000000000] - [25/07/2016 08:39:39] - |D| - [5939373] - C:\Program Files (x86)\Folder Size
[MD5.00000000000000000000000000000000] - [25/07/2016 08:41:02] - |D| - [5910723] - C:\Program Files (x86)\JAM Software
[MD5.00000000000000000000000000000000] - [25/07/2016 08:20:47] - |D| - [33303336] - C:\Program Files (x86)\Sophos
[MD5.00000000000000000000000000000000] - [25/07/2016 09:16:14] - |D| - [143273941] - C:\Program Files (x86)\TechSmith
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:53:17] - |A| - [0] - C:\Windows\ativpsrm.bin
[MD5.2DC62B7C43464F3A2B89D3BF48B64501] - [25/07/2016 07:26:01] - |AS| - [67584] - C:\Windows\bootstat.dat
[MD5.853EC0DCF549C5B5000D67D253390817] - [25/07/2016 07:25:25] - |A| - [1340] - C:\Windows\lsasetup.log
[MD5.00000000000000000000000000000000] - [25/07/2016 08:24:16] - |D| - [3874134] - C:\Windows\Panther
[MD5.311389FB5A2C8C2BFC01CA0C1FAF67B0] - [25/07/2016 08:43:04] - |A| - [1634] - C:\Windows\PFRO.log
[MD5.00000000000000000000000000000000] - [25/07/2016 07:25:59] - |D| - [8293845] - C:\Windows\Prefetch
[MD5.DE784EEF581A7B47B2629ADC4FE82FC4] - [25/07/2016 07:25:39] - |A| - [15048] - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:25:39] - |A| - [0] - C:\Windows\setuperr.log
[MD5.00000000000000000000000000000000] - [25/07/2016 07:36:54] - |D| - [672217033] - C:\Windows\SoftwareDistribution
[MD5.038356387332650843BCB352BB89A101] - [25/07/2016 07:36:54] - |A| - [275] - C:\Windows\WindowsUpdate.log
[MD5.7EAF754FD2525D58043DFD3F93E1595B] - [25/07/2016 08:39:48] - |A| - [41922560] - C:\Windows\Installer\3775a4.msi
[MD5.00000000000000000000000000000000] - [25/07/2016 09:15:53] - |D| - [0] - C:\Windows\Installer\MSI2847.tmp-
[MD5.00000000000000000000000000000000] - [25/07/2016 09:15:54] - |D| - [0] - C:\Windows\Installer\MSI2D3A.tmp-
[MD5.B239EBA1CA7838405D886279E50CA084] - [25/07/2016 07:54:51] - |A| - [20480] - C:\Windows\Installer\SourceHash{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.30FBACFECD3A8A8FE28D710A17025F79] - [25/07/2016 07:54:38] - |A| - [20480] - C:\Windows\Installer\SourceHash{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.E0C1A4C4384FB4AF136D7B20651182F7] - [25/07/2016 07:54:31] - |A| - [20480] - C:\Windows\Installer\SourceHash{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.2B42E11A9338C5AA69EAE2B324C1FEB7] - [25/07/2016 07:54:19] - |A| - [20480] - C:\Windows\Installer\SourceHash{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.4FE45A4E3E2CD9CB50732685DD675372] - [25/07/2016 08:39:19] - |A| - [20480] - C:\Windows\Installer\SourceHash{196BB40D-1578-3D01-B289-BEFC77A11A1E}
[MD5.29770E68EEEFEDAD2FE11CE479343B9D] - [25/07/2016 07:54:21] - |A| - [20480] - C:\Windows\Installer\SourceHash{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.56BDC1CA12203DEF5B51EB3F670B459B] - [25/07/2016 07:54:29] - |A| - [20480] - C:\Windows\Installer\SourceHash{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.248E37D1664BBF8F4D684FC64E7E668C] - [25/07/2016 07:54:33] - |A| - [20480] - C:\Windows\Installer\SourceHash{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.944B06F446E0D516738744A80F4998F8] - [25/07/2016 08:24:04] - |A| - [28672] - C:\Windows\Installer\SourceHash{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}
[MD5.2154806157984D7D514A770643F87A31] - [25/07/2016 07:54:44] - |A| - [20480] - C:\Windows\Installer\SourceHash{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.2D5F91580BF1FF1A6432F04C8192583E] - [25/07/2016 07:54:34] - |A| - [20480] - C:\Windows\Installer\SourceHash{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.53937BE701B0271C700C2853853601F2] - [25/07/2016 07:54:08] - |A| - [20480] - C:\Windows\Installer\SourceHash{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
[MD5.0FA9C65EEB1E4BFD4FC05FBC279000A6] - [25/07/2016 07:54:30] - |A| - [20480] - C:\Windows\Installer\SourceHash{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.9E19916DC9F98A498CE56BE167EC7760] - [25/07/2016 07:54:49] - |A| - [20480] - C:\Windows\Installer\SourceHash{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.CBDD2F7B7276D18E5C31B96FA7DDB299] - [25/07/2016 08:41:35] - |A| - [20480] - C:\Windows\Installer\SourceHash{47E5588F-C3A0-11DE-9857-005056C00008}
[MD5.D02E6E94C7EAAD4638A90C8F1EAF7250] - [25/07/2016 07:54:17] - |A| - [20480] - C:\Windows\Installer\SourceHash{64D5A142-BD50-726E-ED9E-D2508D2A17E2}
[MD5.D5AE5C69FFDBAA66E09927335D928902] - [25/07/2016 07:54:27] - |A| - [20480] - C:\Windows\Installer\SourceHash{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.7B37456D4599AFB8F8DBC3D6DBA00672] - [25/07/2016 07:54:50] - |A| - [20480] - C:\Windows\Installer\SourceHash{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.101201D2A57DC46CD53F317C771C42D5] - [25/07/2016 07:54:35] - |A| - [20480] - C:\Windows\Installer\SourceHash{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.E6251D66164B54CB461C938C0E23252E] - [25/07/2016 07:54:48] - |A| - [20480] - C:\Windows\Installer\SourceHash{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.79B8352E8E96DBD2AFE8C7F6DEF12EBF] - [25/07/2016 07:54:45] - |A| - [20480] - C:\Windows\Installer\SourceHash{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.CE7CD731E53406B7B52DF85837CF2972] - [25/07/2016 08:36:10] - |A| - [28672] - C:\Windows\Installer\SourceHash{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520}
[MD5.265E7E9ED5CA01A0AB6EA340FD5F6124] - [25/07/2016 07:54:13] - |A| - [20480] - C:\Windows\Installer\SourceHash{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
[MD5.5D5E03F48771935ED29FF57AD471834B] - [25/07/2016 07:54:40] - |A| - [20480] - C:\Windows\Installer\SourceHash{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.4C83F185643665433673C6661E7D7981] - [25/07/2016 07:54:46] - |A| - [20480] - C:\Windows\Installer\SourceHash{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.EC7B72748401A045085DF4B04B46E8A2] - [25/07/2016 07:54:15] - |A| - [20480] - C:\Windows\Installer\SourceHash{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
[MD5.8AF788A855BF01D7330C4E596746FF24] - [25/07/2016 07:54:56] - |A| - [20480] - C:\Windows\Installer\SourceHash{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.C80DAA0BF01D0A87570058687D942327] - [25/07/2016 07:54:43] - |A| - [20480] - C:\Windows\Installer\SourceHash{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.5662B9D181D626313BD83DB2EF0B41E0] - [25/07/2016 07:54:37] - |A| - [20480] - C:\Windows\Installer\SourceHash{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.752CEE0605FEB69272B819204616C67C] - [25/07/2016 07:54:24] - |A| - [20480] - C:\Windows\Installer\SourceHash{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.CF8FCF2A9099138B603481414207518D] - [25/07/2016 07:54:39] - |A| - [20480] - C:\Windows\Installer\SourceHash{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.3A062709241250F9975C7F6826DF823E] - [25/07/2016 08:19:56] - |A| - [40960] - C:\Windows\Installer\SourceHash{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}
[MD5.9A05D6A75998C9FAC7DA3D6998C3897B] - [25/07/2016 08:38:57] - |A| - [20480] - C:\Windows\Installer\SourceHash{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
[MD5.C72FBB382E33F1FB3F5439140C6F702B] - [25/07/2016 09:15:55] - |A| - [20480] - C:\Windows\Installer\SourceHash{DD0F148B-9556-4508-B48E-0EBA13122B0F}
[MD5.3FEBCC23772695D3D2B4A0CB60E405D6] - [25/07/2016 07:54:53] - |A| - [20480] - C:\Windows\Installer\SourceHash{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.7121EC8B78772894BB941A2BAEDBAE45] - [25/07/2016 07:54:42] - |A| - [20480] - C:\Windows\Installer\SourceHash{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.DF388F29780AC896700F026ABE7D6644] - [25/07/2016 07:54:28] - |A| - [20480] - C:\Windows\Installer\SourceHash{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.EBEAE724222749799A1E7D4BC91E632D] - [25/07/2016 07:54:25] - |A| - [20480] - C:\Windows\Installer\SourceHash{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.584E880C7CB851C6181F05BD2D1C5177] - [25/07/2016 07:54:10] - |A| - [20480] - C:\Windows\Installer\SourceHash{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
[MD5.10523246BBBCDF63BF3A74CF89475FF6] - [25/07/2016 08:24:12] - |A| - [192] - C:\Windows\Installer\wix{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}.SchedServiceConfig.rmi
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:52] - |D| - [88102] - C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:38] - |D| - [88102] - C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:32] - |D| - [88102] - C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:20] - |D| - [10134] - C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:23] - |D| - [88102] - C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:30] - |D| - [88102] - C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:33] - |D| - [88102] - C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.00000000000000000000000000000000] - [25/07/2016 08:32:23] - |D| - [376022] - C:\Windows\Installer\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:44] - |D| - [88102] - C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:35] - |D| - [88102] - C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:31] - |D| - [88102] - C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:49] - |D| - [88102] - C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.00000000000000000000000000000000] - [25/07/2016 08:41:55] - |D| - [280617] - C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:18] - |D| - [88102] - C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:27] - |D| - [88102] - C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:50] - |D| - [88102] - C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:36] - |D| - [88102] - C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:48] - |D| - [88102] - C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:46] - |D| - [88102] - C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.00000000000000000000000000000000] - [25/07/2016 08:36:45] - |D| - [360958] - C:\Windows\Installer\{9D1B8594-5DD2-4CDC-A5BD-98E7E9D75520}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:41] - |D| - [88102] - C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:47] - |D| - [88102] - C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:55:03] - |D| - [88102] - C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:43] - |D| - [88102] - C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:37] - |D| - [88102] - C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:25] - |D| - [88102] - C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:39] - |D| - [88102] - C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.00000000000000000000000000000000] - [25/07/2016 08:21:56] - |D| - [76282] - C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}
[MD5.00000000000000000000000000000000] - [25/07/2016 09:17:21] - |D| - [14981744] - C:\Windows\Installer\{DD0F148B-9556-4508-B48E-0EBA13122B0F}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:54] - |D| - [4846] - C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:42] - |D| - [88102] - C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:28] - |D| - [88102] - C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.00000000000000000000000000000000] - [25/07/2016 07:54:26] - |D| - [88102] - C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.00000000000000000000000000000000] - [25/07/2016 08:22:52] - |DC| - [87769] - C:\Windows\system32\DRVSTORE
[MD5.DA348070AF8775C1078EF6FF788CCA18] - [25/07/2016 07:25:11] - |A| - [189304] - C:\Windows\system32\FNTCACHE.DAT
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - [25/07/2016 07:29:01] - |A| - [50650] - C:\Windows\system32\license.rtf
[MD5.77E384B00CB470F66111B70B8EAB2DAE] - [25/07/2016 07:47:58] - |A| - [6938] - C:\Windows\system32\lvcoinst.log
[MD5.00000000000000000000000000000000] - [25/07/2016 07:25:24] - |SD| - [1920] - C:\Windows\system32\Microsoft
[MD5.BCA0F41A104D7520DCA66B62023EC1C7] - [25/07/2016 07:45:41] - |A| - [1758862] - C:\Windows\system32\PerfStringBackup.INI
[MD5.AD89958C33762CB43D7B385F567C27C5] - [25/07/2016 08:18:03] - |A| - [176120] - C:\Windows\system32\sdccoinstaller.dll
[MD5.B91F5CE90A0A02CA7EE9790790F1EDC2] - [25/07/2016 08:21:01] - |A| - [35624] - C:\Windows\system32\SophosBootTasks.exe
[MD5.00000000000000000000000000000000] - [25/07/2016 07:55:52] - |D| - [2177408] - C:\Windows\system32\SRSLabs
[MD5.BF958EB7B11F5B2D353B85E0E80D823E] - [25/07/2016 08:41:56] - |A| - [34056] - C:\Windows\system32\Drivers\hotcore3.sys
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:25:40] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:25:55] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[MD5.389609560D81988DA2B78F7AFE1384F0] - [25/07/2016 08:18:41] - |A| - [161024] - C:\Windows\system32\Drivers\savonaccess.sys
[MD5.75B98959013B22F8F40C08095B8AB73C] - [25/07/2016 08:18:04] - |A| - [38144] - C:\Windows\system32\Drivers\sdcfilter.sys
[MD5.FFD056D55C46946ACA218F0A61DA2743] - [25/07/2016 08:18:43] - |A| - [27904] - C:\Windows\system32\Drivers\SophosBootDriver.sys
[MD5.6E08BD408572E27A6BD1ED615A2AFA84] - [25/07/2016 08:33:50] - |A| - [32512] - C:\Windows\system32\Drivers\swi_callout.sys
[MD5.B4E3ADBC1B7DF2F0E49D55EBF42FEC26] - [25/07/2016 07:55:20] - |A| - [61917] - C:\Windows\syswow64\CCCInstall_201607250755200278.log
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - [25/07/2016 07:29:01] - |A| - [50650] - C:\Windows\syswow64\license.rtf
[MD5.42DE22BB4E675AE8DADD9038B26F8EFE] - [25/07/2016 07:37:28] - |A| - [2718208] - C:\Windows\syswow64\PrintConfig.dll
[MD5.00000000000000000000000000000000] - [25/07/2016 07:55:48] - |D| - [2125808] - C:\Windows\syswow64\RTCOM

---------- | Drives


R:

[24/07/2016 22:23:23] - |A| - (.2005-2006© by sarkos and Tuxmouraille (GPL) - Framakey Starter pour Windows XP.) - [188397] - (0.2.2.2) - R:\start.exe
[24/07/2016 22:22:20] - |A| - (.-.) - [163] - (0.0.0.0) - R:\autorun.inf
[24/07/2016 22:23:24] - |A| - (.-.) - [1531] - (0.0.0.0) - R:\start.ini

Q:

[14/07/2016 11:22:44] - |A| - (.-.) - [1274] - (0.0.0.0) - Q:\Any Audio Converter.lnk
[13/06/2016 08:43:05] - |A| - (.-.) - [1154] - (0.0.0.0) - Q:\Avast Browser Cleanup.lnk
[23/06/2016 07:51:44] - |A| - (.-.) - [1474] - (0.0.0.0) - Q:\barrow 2 & widen 100% sécurisé - Raccourci.lnk
[05/07/2016 10:06:16] - |A| - (.-.) - [1301] - (0.0.0.0) - Q:\Dropbox.lnk
[22/07/2016 15:55:52] - |A| - (.-.) - [2101] - (0.0.0.0) - Q:\FileHippo App Manager.lnk
[19/07/2016 15:18:12] - |A| - (.-.) - [1113] - (0.0.0.0) - Q:\Folder Size.lnk
[22/07/2016 15:55:52] - |A| - (.-.) - [1073] - (0.0.0.0) - Q:\IM-Magic Partition Resizer Free.lnk
[22/07/2016 15:55:52] - |A| - (.-.) - [1059] - (0.0.0.0) - Q:\Internet Explorer.lnk
[17/07/2016 15:45:35] - |A| - (.-.) - [1316] - (0.0.0.0) - Q:\mov Audio Extractor.lnk
[22/07/2016 15:55:54] - |A| - (.-.) - [1308] - (0.0.0.0) - Q:\TreeSize Free.lnk
[23/07/2016 05:21:55] - |A| - (.-.) - [1441] - (0.0.0.0) - Q:\Video to Picture.lnk
[22/07/2016 15:55:54] - |A| - (.-.) - [668] - (0.0.0.0) - Q:\Wondershare 1-Click PC Care Restore Center.lnk
[12/05/2016 12:04:54] - |A| - (.Copyright © 1999-2012 - BASS.) - [219136] - (2.4.9.0) - Q:\bass.dll
[12/05/2016 12:04:54] - |A| - (.Copyright © 2005-2012 by radio42: Bernd Niedergesaess, Germany. http://www.bass.radio42.com/ - bn@radio42.com - BASS.NET API for .Net.) - [638976] - (2.4.9.1) - Q:\Bass.Net.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2003-2009 - BASSCD.) - [35328] - (2.4.3.1) - Q:\basscd.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2004-2009 - BASSFLAC.) - [48128] - (2.4.1.0) - Q:\bassflac.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2005-2010 - BASSmix.) - [33280] - (2.4.4.0) - Q:\bassmix.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2012 - BASSOPUS.) - [103424] - (0.0.0.1) - Q:\bassopus.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2002-2010 - BASSWMA.) - [34816] - (2.4.4.0) - Q:\basswma.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2007-2009 - BASSWV.) - [59904] - (2.4.1.0) - Q:\basswv.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Apple Lossless Audio Codec add-on for the BASS library.) - [9416] - (2.4.3.0) - Q:\bass_alac.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Monkey's Audio add-on for the BASS library.) - [81408] - (2.4.0.1) - Q:\bass_ape.dll
[12/05/2016 12:04:57] - |A| - (.2003-2006, MaresWEB - Musepack add-on for the BASS library.) - [45056] - (2.4.1.0) - Q:\bass_mpc.dll
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBXPExt.) - [68608] - (4.5.7.6229) - Q:\CDBXP.dll
[12/05/2016 12:05:09] - |A| - (. - .) - [337408] - (13.0.0.0) - Q:\LogicNP.FolderView.dll
[12/05/2016 12:05:15] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2016. - StarBurn  CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3622784] - (15.6.1.1025) - Q:\StarBurn.dll
[11/07/2016 08:44:19] - |A| - (.Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [371303208] - (18.0.0.329) - Q:\10295_Video-facile-1.exe
[11/07/2016 08:43:51] - |A| - (.Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [371303208] - (18.0.0.329) - Q:\10295_Video-facile.exe
[11/07/2016 08:44:52] - |A| - (.-.) - [318714912] - (0.0.0.0) - Q:\ABBYY_BCR20Win_ESD.exe
[14/06/2016 07:35:24] - |A| - (.-.) - [368371848] - (0.0.0.0) - Q:\ABBYY_FR12_PRO_TRIAL.exe
[09/07/2016 23:53:01] - |A| - (.-.) - [252432728] - (0.0.0.0) - Q:\ABBYY_ScreenshotReader_11_ESD.exe
[14/06/2016 07:27:21] - |A| - (.-.) - [71143096] - (0.0.0.0) - Q:\ABBYY_Screenshot_Reader_ESD.exe
[16/07/2016 06:47:43] - |A| - (.© 2016 Acelogix Software - System maintenance and Optimizer utility.) - [9138432] - (6.2.0.289) - Q:\aceutils.exe
[11/07/2016 08:45:17] - |A| - (.c Lavasoft Limited. - Web Companion Installer.) - [340568] - (2.3.1411.2698) - Q:\Ad-Aware Web Companion Pro 2.3.1411.2698.exe
[14/07/2016 14:58:24] - |A| - (.Copyright© 2005-2016                                                                                 - Advanced SystemCare 10                                     .) - [44912008] - (10.0.0.198) - Q:\advanced-systemcare-setup-beta.exe
[14/07/2016 11:17:41] - |A| - (.-.) - [42799000] - (0.0.0.0) - Q:\any-audio-converter(1).exe
[06/07/2016 18:35:50] - |A| - (.-.) - [42799000] - (0.0.0.0) - Q:\any-audio-converter.exe
[15/07/2016 13:48:43] - |A| - (.Copyright (c) Apowersoft Ltd. 2016  All rights reserved                                              - Apowersoft Online Launcher Setup                           .) - [1223336] - (1.4.4.0) - Q:\apowersoft-online-launcher (1).exe
[15/07/2016 13:47:19] - |A| - (.Copyright (c) Apowersoft Ltd. 2016  All rights reserved                                              - Apowersoft Online Launcher Setup                           .) - [1223336] - (1.4.4.0) - Q:\apowersoft-online-launcher.exe
[11/07/2016 08:45:18] - |A| - (.-.) - [1006637056] - (0.0.0.0) - Q:\appstore lfs ultra, power2go 11, & efm du musée de l'homme.exe
[10/07/2016 19:04:24] - |A| - (.                                                                                                    - Ashampoo Backup 2016 Setup                                 .) - [2608520] - (1.0.0.0) - Q:\ashampoo_backup_2016_dl.exe
[10/07/2016 19:04:25] - |A| - (.                                                                                                    - Ashampoo Backup Pro 10 Setup                               .) - [2610664] - (1.0.0.0) - Q:\ashampoo_backup_pro_10_dl.exe
[11/07/2016 08:48:01] - |A| - (.                                                                                                    - Ashampoo Burning Studio 16 Setup                           .) - [92298344] - (16.0.6.0) - Q:\ashampoo_burning_studio_16_e16.0.6_sm.exe
[11/07/2016 08:48:11] - |A| - (.                                                                                                    - Ashampoo Core Tuner 2 Setup                                .) - [2493632] - (1.0.0.0) - Q:\ashampoo_core_tuner_2_dl.exe
[11/07/2016 08:48:12] - |A| - (.                                                                                                    - Ashampoo Cover Studio 2 Setup                              .) - [40270904] - (2.2.0.0) - Q:\ashampoo_cover_studio_2_2.2.0_sm.exe
[14/07/2016 04:03:31] - |A| - (.                                                                                                    - Ashampoo Media Sync Setup                                  .) - [12641832] - (1.0.2.0) - Q:\ashampoo_media_sync_e1.0.2_sm.exe
[09/07/2016 23:58:12] - |A| - (.                                                                                                    - Ashampoo Music Studio 4 Setup                              .) - [43875848] - (4.1.2.0) - Q:\ashampoo_music_studio_4_4.1.2_16904.exe
[11/07/2016 08:48:16] - |A| - (.                                                                                                    - Ashampoo Music Studio 5 Setup                              .) - [50101560] - (5.0.7.0) - Q:\ashampoo_music_studio_5_e5.0.7_sm.exe
[11/07/2016 08:48:22] - |A| - (.                                                                                                    - Ashampoo Music Studio 6 Setup                              .) - [45366192] - (6.0.2.0) - Q:\ashampoo_music_studio_6_e6.0.2_sm.exe
[10/07/2016 19:04:58] - |A| - (.                                                                                                    - Ashampoo Photo Commander Free Setup                        .) - [163570320] - (11.2.0.0) - Q:\ashampoo_photo_commander_free_21556.exe
[09/07/2016 23:58:35] - |A| - (.                                                                                                    - Ashampoo Photo Recovery Setup                              .) - [8033992] - (1.0.3.0) - Q:\ashampoo_photo_recovery_e1.0.3_sm.exe
[12/07/2016 11:11:22] - |A| - (.                                                                                                    - Ashampoo Slideshow Studio HD 4 Setup                       .) - [53664272] - (4.0.0.0) - Q:\ashampoo_slideshow_studio_hd_4_e4.0.0_sm.exe
[10/07/2016 19:05:42] - |A| - (.                                                                                                    - Ashampoo Snap 2017 Setup                                   .) - [52382680] - (1.0.1.0) - Q:\ashampoo_snap_2017_23494.exe
[14/07/2016 14:52:15] - |A| - (.                                                                                                    - Ashampoo Snap 9 Setup                                      .) - [56773968] - (9.0.1.0) - Q:\ashampoo_snap_9_e9.0.1_sm.exe
[11/07/2016 08:48:27] - |A| - (.                                                                                                    - Ashampoo Undeleter Setup                                   .) - [2493176] - (1.0.0.0) - Q:\ashampoo_undeleter_dl.exe
[10/07/2016 07:45:11] - |A| - (.                                                                                                    - Ashampoo UnInstaller 5 Setup                               .) - [21088224] - (5.4.0.0) - Q:\ashampoo_uninstaller_5_e5.0.4_sm.exe
[10/07/2016 19:05:58] - |A| - (.                                                                                                    - Ashampoo UnInstaller 5 Setup                               .) - [22345192] - (5.6.0.0) - Q:\ashampoo_uninstaller_5_e5.0.6_sm.exe
[17/07/2016 17:17:52] - |A| - (.                                                                                                    - Ashampoo UnInstaller 6 Setup                               .) - [18412280] - (6.0.14.0) - Q:\ashampoo_uninstaller_6_e6.00.14_sm.exe
[10/07/2016 07:45:14] - |A| - (.                                                                                                    - Ashampoo Video Styler Setup                                .) - [27869488] - (1.0.1.0) - Q:\ashampoo_video_styler_e1.0.1_sm.exe
[11/07/2016 08:48:30] - |A| - (.                                                                                                    - Ashampoo WinOptimizer 14 Setup                             .) - [28220040] - (14.0.0.0) - Q:\ashampoo_winoptimizer_14_e14.00.00_sm.exe
[11/07/2016 08:48:33] - |A| - (.Copyright (C) 2004-2012 - Astroburn Audio Setup.) - [6086824] - (1.6.0.47) - Q:\AstroburnAudio160-0047.exe
[08/07/2016 07:22:41] - |A| - (.-.) - [4999096] - (0.0.0.0) - Q:\ausetup.exe
[09/07/2016 05:48:53] - |A| - (.2007-2015@Auslogics Software Pty Ltd                                                                 - Auslogics BitReplica Installation File                     .) - [6628472] - (2.1.1.0) - Q:\auslogics-bitreplica-setup.exe
[05/07/2016 10:02:25] - |A| - (.Copyright (c) 2012 AVAST Software - Avast! Browser Cleanup Sfx.) - [4284888] - (12.1.2272.125) - Q:\avast-browser-cleanup-sfx.exe
[10/07/2016 19:07:11] - |A| - (.Copyright 2003 Avery                                         - Création d'étiquettes et de pochettes                      .) - [7744030] - (4.1.100.1332) - Q:\AveryDesignPro_FR.exe
[10/07/2016 19:07:13] - |A| - (.Copyright © 2015 Avira Operations GmbH & Co. KG and its Licensors - Avira Launcher.) - [4630840] - (1.1.63.21885) - Q:\avira_fr_av_57559d7b12d97__wsd.exe
[13/07/2016 11:47:54] - |A| - (.                                                                                                    -                                                            .) - [82786072] - (3.5.0.0) - Q:\BackupperFull.exe
[10/06/2016 11:13:32] - |A| - (.-.) - [13915352] - (0.0.0.0) - Q:\BDAntiCryptoWall_Release.exe
[11/07/2016 08:49:00] - |A| - (.Copyright © 1997-2015 Bitdefender                                                                    - BDAntiRansomware Setup                                     .) - [4677896] - (0.0.0.0) - Q:\BDAntiRansomwareSetup.exe
[13/07/2016 06:14:25] - |A| - (.Bitdefender LLC.  - Bitdefender USB Immunizer.) - [4071672] - (2.0.1.9) - Q:\BDUSBImmunizerLauncher.exe
[05/07/2016 06:10:33] - |A| - (.© Microsoft Corporation. - Win32 Cabinet Self-Extractor                                          .) - [10513112] - (6.0.2800.1168) - Q:\BingDesktopSetup.exe
[11/07/2016 08:49:03] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - Q:\BitTorrent (1).exe
[10/07/2016 00:00:15] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - Q:\BitTorrent (2).exe
[10/07/2016 00:00:16] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - Q:\BitTorrent (3).exe
[11/07/2016 08:49:04] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - Q:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FAq2NsdKU).exe
[11/07/2016 08:49:04] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - Q:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe
[10/07/2016 19:07:22] - |A| - (.Copyright (c) BlueStack Systems Inc. - BlueStacks Thin Installer.) - [319729248] - (0.0.0.0) - Q:\BlueStacks2_native_mobile-retention.exe
[14/06/2016 07:47:58] - |A| - (.PortableApps.com Installer Copyright 2007-2010 PortableApps.com. - CamStudio Portable.) - [1433632] - (2.0.0.1) - Q:\CamStudioPortable_2.0_English.paf.exe
[11/07/2016 08:50:13] - |A| - (.-.) - [252605800] - (8.1.2.1327) - Q:\camtasia_864c253ee677b4609b331d451009a871.exe
[17/07/2016 16:03:37] - |A| - (.2005-2016 COMODO. - COMODO Cloud Antivirus.) - [6113672] - (1.3.1079.265) - Q:\ccav_installer.exe
[10/07/2016 19:08:48] - |A| - (.Copyright (C) Piriform 2013-2015 - CCleaner Cloud Installer.) - [6259936] - (1.4.0.1817) - Q:\CCleanerCloudSetup_1_4_1817.exe
[10/07/2016 19:08:46] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [6868672] - (2.0.0.0) - Q:\ccleaner_5-16_fr_14492.exe
[13/06/2016 14:08:59] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [6868672] - (2.0.0.0) - Q:\ccsetup_516.exe
[11/07/2016 08:50:47] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [7033368] - (2.0.0.0) - Q:\ccsetup_517.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP command line version.) - [25712] - (4.5.7.6229) - Q:\cdbxpcmd.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP.) - [1746544] - (4.5.7.6229) - Q:\cdbxpp.exe
[10/07/2016 12:08:39] - |A| - (.2001-2014 Canneverbe Limited                                                                         - CDBurnerXP                                                 .) - [6230152] - (4.5.7.6140) - Q:\cdbxp_setup_4.5.7.6139.exe
[20/07/2016 12:27:40] - |A| - (.� 2008-2010 COMODO Security Solutions, Inc. - cDrive setup.) - [14394008] - (1.0.8.84) - Q:\cDrive_Setup.exe
[13/07/2016 10:33:25] - |A| - (.Copyright (c) 2009-2016, Comodo Security Solutions, Inc. - Chromodo.) - [53661272] - (50.14.22.468) - Q:\chromodosetup.exe
[11/07/2016 08:50:54] - |A| - (.Copyright (C) 2009-2015, Ivo Beltchev - Adds classic shell features to Windows 7 and Windows 8.) - [6968048] - (4.2.5.0) - Q:\ClassicShellSetup_4_2_5.exe
[10/06/2016 12:33:10] - |A| - (.-.) - [497903] - (0.0.0.0) - Q:\CLCleaner2-PhotoDirector_5.exe
[10/07/2016 00:03:34] - |A| - (.Copyright (c) 2009-2015, Comodo Security Solutions, Inc. - Comodo Dragon.) - [55056152] - (45.8.12.389) - Q:\Comodo Dragon 45.8.12.389 + Portable.exe
[10/07/2016 00:04:08] - |A| - (.2005-2014 COMODO. - COMODO Internet Security.) - [230403208] - (7.0.55655.4142) - Q:\Comodo Firewall 7.0.317799.4142.exe
[11/07/2016 08:52:47] - |A| - (.2005-2015 COMODO. - COMODO Internet Security.) - [217812544] - (8.2.0.4792) - Q:\Comodo Internet Security Premium 8.2.0.4792 Final.exe
[17/07/2016 16:07:35] - |A| - (.© 2008-2012 Comodo Security Solutions, Inc. - COMODO PC TuneUp setup.) - [14863480] - (1.0.3740.46) - Q:\cptsetup.exe
[12/07/2016 14:02:20] - |A| - (.Copyright (C) 2008-2010 Comodo Security Solutions, Inc. - COMODO System Utilities setup.) - [13530592] - (4.0.30135.26) - Q:\CSU_FREE_Setup.exe
[10/07/2016 19:10:42] - |A| - (.8pecxstudios 2012-2016                                                                               - Cyberfox Web Browser Fibre optics of the web               .) - [50060432] - (45.0.2.0) - Q:\Cyberfox-45.0.2.en-US.win64-x86_64.intel.exe
[10/07/2016 00:07:23] - |A| - (.-.) - [1887724608] - (0.0.0.0) - Q:\CyberLinkDirectorSuite2.0_DRS131210-01_TR131226-021.part1.exe
[10/07/2016 19:10:55] - |A| - (.-.) - [1048863800] - (0.0.0.0) - Q:\CyberLinkMediaSuite12.0_Ultimate_MES140428-01_TR140718-022.part1.exe
[10/07/2016 19:10:55] - |A| - (.-.) - [1048863800] - (0.0.0.0) - Q:\cyberlinkmediasuite12.0_ultimate_mes140428-01_tr140718-022.part1.exe
[11/07/2016 12:50:06] - |A| - (.-.) - [1993434200] - (0.0.0.0) - Q:\CyberLinkMediaSuite14.0_Trial_MES160530-01_TR160628-024.exe
[16/07/2016 12:28:02] - |A| - (.-.) - [1048870784] - (0.0.0.0) - Q:\CyberLinkMediaSuite14.0_Ultimate_MES160511-03_TR160627-004.part1.exe
[16/07/2016 13:46:34] - |A| - (.-.) - [111981936] - (0.0.0.0) - Q:\CyberLink_CreativeDesignPack_TravelPack4_CDP160425-01.exe
[10/07/2016 19:10:54] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_Director_Suite_Downloader.exe
[13/05/2016 06:34:57] - |A| - (.-.) - [97557896] - (0.0.0.0) - Q:\CyberLink_MediaEspresso7.5_MEX160302-01.exe
[10/07/2016 19:10:54] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_MediaEspresso_Downloader.exe
[11/07/2016 12:49:02] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1089304] - (2.9.1.7801) - Q:\CyberLink_Media_Suite_Downloader.exe
[11/07/2016 08:55:24] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PhotoDirector_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PhotoDirector_Downloader_1.exe
[04/07/2016 15:01:26] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1089304] - (2.9.1.7801) - Q:\CyberLink_Power2Go_Downloader.exe
[14/06/2016 07:48:31] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PowerDirector_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PowerDirector_Ultimate_Suite_Downloader.exe
[11/07/2016 08:55:25] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PowerDirector_Ultimate_Suite_Downloader_1.exe
[14/06/2016 07:33:45] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - Q:\CyberLink_PowerDVD_Downloader.exe
[14/06/2016 07:48:33] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [967200] - (2.9.1.3520) - Q:\CyberLink_PowerProducer_Downloader.exe
[16/07/2016 12:29:00] - |A| - (.-.) - [78368488] - (0.0.0.0) - Q:\CyberLink_TravelPack3_YouCam_CDP150508-01.exe
[16/07/2016 12:29:13] - |A| - (.-.) - [411978176] - (0.0.0.0) - Q:\CyberLink_YouCam7_Deluxe_YUC150721-01.exe
[11/07/2016 08:55:26] - |A| - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Setup.) - [19062208] - (10.1.0.74) - Q:\DAEMON Tools Lite 10.1.0.74.exe
[10/07/2016 19:32:06] - |A| - (.Copyright © BVRP Software 2004                               -                                                            .) - [60183082] - (4.1.100.1332) - Q:\DigitalVideoDuplicator3_FR(1).exe
[14/06/2016 07:26:45] - |A| - (.                                                            -                                                            .) - [61197060] - (4.1.100.1332) - Q:\DigitalVideoDuplicator3_FR.exe
[13/07/2016 10:28:14] - |A| - (.Copyright (c) 2009-2016, Comodo Security Solutions, Inc. - Comodo Dragon.) - [56127856] - (50.14.22.465) - Q:\dragonsetup.exe
[05/07/2016 17:12:31] - |A| - (.Copyright© 2016 IObit.                                                          - Driver Booster 4 Setup                                     .) - [14201416] - (4.0.0.0) - Q:\driver_booster_setup_beta.exe
[15/07/2016 11:47:10] - |A| - (.Copyright (c) 2006-2012 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short). - EaseUS Disk Copy Home Edition 2.3.) - [45470992] - (1.1.0.1) - Q:\EaseUS_DiskCopy_Home.exe
[11/07/2016 09:03:40] - |A| - (.Copyright 2003-2015 Emsisoft Ltd.                                                                    - Emsisoft Anti-Malware Setup                                .) - [237135456] - (11.7.0.6394) - Q:\EmsisoftAntiMalwareSetup.exe
[11/07/2016 09:04:18] - |A| - (.-.) - [232114840] - (0.0.0.0) - Q:\EmsisoftEmergencyKit (1).exe
[19/07/2016 09:36:47] - |A| - (.-.) - [243326440] - (0.0.0.0) - Q:\EmsisoftEmergencyKit(1).exe
[19/07/2016 13:32:45] - |A| - (.-.) - [243326440] - (0.0.0.0) - Q:\EmsisoftEmergencyKit(2).exe
[14/07/2016 07:34:44] - |A| - (.-.) - [243789992] - (0.0.0.0) - Q:\EmsisoftEmergencyKit.exe
[11/07/2016 09:04:37] - |A| - (.Copyright 2003-2015 Emsisoft Ltd.                                                                    - Emsisoft Internet Security Setup                           .) - [226980568] - (11.5.1.6247) - Q:\EmsisoftInternetSecuritySetup.exe
[13/07/2016 11:12:33] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Setup                              .) - [48771744] - (11.0.0.0) - Q:\epm.exe
[13/07/2016 11:37:53] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Trial Edition Setup                .) - [50340704] - (11.0.0.0) - Q:\epm_trial(1).exe
[13/07/2016 11:31:21] - |A| - (.Copyright (c) 2004-2016 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).           - EaseUS Partition Master Trial Edition Setup                .) - [50340704] - (11.0.0.0) - Q:\epm_trial.exe
[14/06/2016 07:59:26] - |A| - (.Serif WebPlus Starter Edition 4.0.2 © 2014 Serif (Europe) Ltd. Tous droits réservés. - Serif WebPlus Starter Edition Install.) - [175768400] - (1.0.0.0) - Q:\ESDPK-WLX7-WebPlusStarterEdition-fr-FR.exe
[11/07/2016 09:06:33] - |A| - (.Serif WebPlus Starter Edition 4.0.2 © 2014 Serif (Europe) Ltd. Tous droits réservés. - Serif WebPlus Starter Edition Install.) - [175768400] - (1.0.0.0) - Q:\ESDPK-WLX7-WebPlusStarterEdition-fr-FR_1.exe
[10/07/2016 19:38:19] - |A| - (.Copyright (c) ESET 1992-2011. - ESET Smart Installer.) - [2870984] - (1.0.0.6421) - Q:\esetsmartinstaller_enu.exe
[18/07/2016 18:13:42] - |A| - (.Copyright (c) 2014 CHENGDU YIWO Tech Development Co., Ltd (YIWO Tech Ltd, for short).                - EaseUS EverySync Setup                                     .) - [26312616] - (3.0.0.0) - Q:\everysync_trial.exe
[11/07/2016 09:06:53] - |A| - (.© 2006 Microsoft Corporation.  -.) - [53610536] - (12.0.6320.5000) - Q:\ExcelViewer.exe
[11/07/2016 09:07:05] - |A| - (.© 2013-2016 F-Secure Corporation. - F-Secure Download Tool.) - [524248] - (1.0.265.0) - Q:\F-SecureOnlineScanner.exe
[10/06/2016 12:23:44] - |A| - (.-.) - [167034] - (0.0.0.0) - Q:\fileassassin-setup-1.06.exe
[14/06/2016 08:08:08] - |A| - (.PortableApps.com Installer Copyright 2007-2011 PortableApps.com. - Mozilla Firefox, Portable Edition (Legacy 3.6).) - [9178672] - (3.6.25.0) - Q:\FirefoxPortableLegacy36_3.6.25_English.paf.exe
[25/07/2016 09:25:28] - |A| - (.MindGems, Inc.                                                                                       - Folder Size                                                .) - [2301330] - (3.4.0.0) - Q:\FolderSize.exe
[19/07/2016 13:57:07] - |A| - (.MindGems, Inc.                                                                                       - Folder Size                                                .) - [2301330] - (3.4.0.0) - Q:\foldersize_2-6_en_18550.exe
[10/07/2016 07:41:44] - |A| - (.-.) - [983040] - (0.8.0.5) - Q:\Framakey.exe
[10/07/2016 02:11:31] - |A| - (.2005-2007© by Framakey Team - Framakey Installer pour Windows XP et suivants.) - [515917547] - (1.13.0.8) - Q:\FramakeyInstaller_Full-1.13.0.8.exe
[11/07/2016 09:07:01] - |A| - (.Copyright © 2016 iSkysoft.                                                      - iSkysoft Free Video Downloader Setup                       .) - [33832392] - (4.9.1.0) - Q:\free-video-downloader_full1683.exe
[19/07/2016 13:47:24] - |A| - (.                                                                                                    - Freemake Youtube Mp3 Converter Setup                       .) - [1277416] - (3.5.2.1) - Q:\freemake-youtube-mp3-converter-3-5-2-1-es-en-br-fr-de-it-win.exe
[19/07/2016 13:39:42] - |A| - (.                                                                                                    - Freemake Video Converter Setup                             .) - [1866512] - (4.1.9.29) - Q:\FreemakeVideoConverterSetup.exe
[05/07/2016 08:16:43] - |A| - (.                                                                                                    - Free Studio Setup                                          .) - [2267896] - (1.0.1.0) - Q:\FreeStudio_6.6.24.627_d.exe
[05/07/2016 14:13:23] - |A| - (.                                                                                                    - Free Video to MP3 Converter Setup                          .) - [2267840] - (1.0.1.0) - Q:\FreeVideoToMP3Converter_5.0.96.627_o.exe
[26/01/2016 18:30:26] - |A| - (.© Microsoft Corporation. - GWX WEB WINDOWS.) - [7635472] - (6.3.9600.18124) - Q:\GetWindows10-Web_Default_Attr(1).exe
[26/01/2016 18:30:27] - |A| - (.© Microsoft Corporation. - GWX WEB WINDOWS.) - [7635472] - (6.3.9600.18124) - Q:\GetWindows10-Web_Default_Attr.exe
[10/06/2016 11:27:21] - |A| - (.-.) - [14892728] - (0.0.0.0) - Q:\Glary_Utilities_Pro_v5.17.0.30.exe
[11/07/2016 09:07:09] - |A| - (.Copyright Reason Company Software Inc. - herdProtect Anti-Malware Scanner.) - [2873112] - (1.0.3.9) - Q:\herdProtectScan_Setup.exe
[11/07/2016 09:07:11] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11441168] - (3.7.14.263) - Q:\HitmanPro_x64(1).exe
[15/06/2016 09:06:30] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11438608] - (3.7.14.265) - Q:\HitmanPro_x64.exe
[12/07/2016 14:18:31] - |A| - (.Copyright (C) Reason Software Company Inc. - Boost by Reason Setup.) - [7761936] - (1.0.2.0) - Q:\installboost.exe
[10/07/2016 17:02:53] - |A| - (.Copyright(c) 2005-2012 - IObit Uninstaller.) - [1688408] - (2.2.0.127) - Q:\iobit-uninstaller.exe
[10/07/2016 19:39:30] - |A| - (.Copyright © 1998-2015 KC Softwares                                                                   - KC Softwares KCleaner Setup                                .) - [1414720] - (0.0.0.0) - Q:\kcleaner.exe
[10/07/2016 02:20:28] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft Digital Lock                                                                                                                                                                                                                                                                                      .) - [6089248] - (7.7.0.2) - Q:\LavasoftDigitalLock_30days.exe
[10/07/2016 02:20:30] - |A| - (.Lavasoft © 2001-2007 - Lavasoft Encrypted File (SFX).) - [126312] - (7.7.0.8) - Q:\LavasoftEncryptionReader.exe
[10/07/2016 02:20:30] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft File Shredder                                                                                                                                                                                                                                                                                     .) - [5263480] - (7.7.0.2) - Q:\LavasoftFileShredder_30days.exe
[10/07/2016 02:20:31] - |A| - (.Copyright Lavasoft.                                                                                                                                                                                                                                                                     - Lavasoft Privacy Toolbox                                                                                                                                                                                                                                                                                   .) - [6443280] - (7.7.0.2) - Q:\LavasoftPrivacyToolbox_30days.exe
[11/07/2016 09:23:55] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.2.0.0 - LibreOffice Portable.) - [174042352] - (5.1.3.0) - Q:\LibreOfficePortable_5.1.3_MultilingualAll.paf.exe
[10/07/2016 19:39:50] - |A| - (.Copyright (C) 2007 Macrovision Corporation                                         - Setup Launcher                                       .) - [11309264] - (14.0.0.166) - Q:\LightScribeTemplateLabeler_1.18.15.1.exe
[15/07/2016 14:11:16] - |A| - (.(c) Malwarebytes.                                                               - Malwarebytes Anti-Malware                                  .) - [22851472] - (2.2.1.1043) - Q:\mbam-setup-cnet.35891-2.2.1.1043.exe
[10/07/2016 17:04:21] - |A| - (.Copyright © Malwarebytes Corporation - Malwarebytes Anti-Rootkit.) - [16563352] - (1.9.3.1001) - Q:\mbar-1.09.3.1001.exe
[10/07/2016 19:40:12] - |A| - (.© MOVAVI. - Movavi Video Suite 11.) - [100766168] - (11.2.0.0) - Q:\MovaviVideoSuiteSetup.exe
[10/07/2016 19:40:59] - |A| - (.© Movavi. - Video Suite.) - [140213832] - (15.3.0.0) - Q:\MovaviVideoSuiteSetupF(1).exe
[10/07/2016 19:41:26] - |A| - (.© Movavi. - Video Suite.) - [140213832] - (15.3.0.0) - Q:\MovaviVideoSuiteSetupF(2).exe
[10/07/2016 19:40:31] - |A| - (.© Movavi. - Video Suite.) - [153857904] - (15.2.0.0) - Q:\movavivideosuitesetupf.exe
[10/07/2016 02:27:17] - |A| - (.Copyright 2011 Nero AG and its licensors - Nero Self Extractor.) - [262941032] - (12.0.3.0) - Q:\Nero2015-16.0.05500_trial.exe
[10/07/2016 02:27:59] - |A| - (.Copyright 2011 Nero AG and its licensors - Nero Self Extractor.) - [803581360] - (12.0.3.0) - Q:\Nero2015_ContentPack-16.0.00300.exe
[10/07/2016 19:41:54] - |A| - (.(c) 2015 Nero AG and its affiliates - NeroInstaller.) - [2559496] - (1.6.0.0) - Q:\Nero2016-17.09.2015_stub_trial.exe
[11/07/2016 09:24:27] - |A| - (.(c) 2015 Nero AG and its affiliates - NeroInstaller.) - [2563536] - (1.7.0.8) - Q:\Nero_CoverDesigner_3p.exe
[10/07/2016 19:41:55] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [307200] - (0.1.1.986) - Q:\Ninite AdAware Classic Start Dropbox Essentials Installer.exe
[20/07/2016 09:03:17] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [307200] - (0.1.1.986) - Q:\Ninite Classic Start Installer.exe
[04/07/2016 18:45:35] - |A| - (.(c) 2009 Nitro PDF Software - Installation and setup files for Nitro PDF Reader (fr-FR).) - [56666816] - (2.1.1009.0) - Q:\nitro_reader5_64.exe
[25/07/2016 09:25:29] - |A| - (.© Microsoft Corporation. - Microsoft OneDrive Setup.) - [9040072] - (17.3.6390.509) - Q:\OneDriveSetup.exe
[14/06/2016 07:43:08] - |A| - (.                                                                                                    - Online Video Recorder Setup                                .) - [16879392] - (3.4.4.1) - Q:\OnlineVideoRecorder_3_4_4_AQFR.exe
[11/07/2016 09:24:30] - |A| - (.Copyright 2013 O&O Software GmbH - O&O SafeErase Professional.) - [772296] - (6.0.0.0) - Q:\OOSafeEraseProfessional10ENU.exe
[10/07/2016 19:42:18] - |A| - (.© Panda 2016 - Panda Security SFX.) - [2252720] - (15.14.2.0) - Q:\PANDAFREEAV.exe
[11/07/2016 09:24:33] - |A| - (.© pdfforge GmbH - PDFCreator is the easy way of creating PDFs..) - [27980440] - (2.2.2.0) - Q:\PDFCreator_Plus-2_2_2-setup.exe
[14/06/2016 07:32:38] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PhotoFiltre Portable.) - [5878212] - (7.1.2.0) - Q:\PhotoFiltrePortable_7.1.2.paf.exe
[25/07/2016 09:25:29] - |A| - (.Copyright (C) 2006 Macrovision Corporation                                                                - Setup Launcher                                                                                                                                                                                                                                                 .) - [53091632] - (12.0.0.49974) - Q:\pm14free_x64_eng.exe
[11/07/2016 09:24:37] - |A| - (.Copyright 2011, 2012, 2013, 2014, 2015, 2016 Sony Corporation - PlayMemories Home Installer.) - [16496720] - (8.0.7600.16385) - Q:\PMHOME_5100DL.exe
[14/06/2016 09:05:05] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com AppCompactor.) - [895480] - (3.1.0.0) - Q:\PortableApps.comAppCompactor_3.1.0_English.paf.exe
[14/06/2016 07:38:15] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com Launcher.) - [767904] - (2.2.0.0) - Q:\PortableApps.comLauncher_2.2.paf (1).exe
[14/06/2016 07:44:26] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - PortableApps.com Launcher.) - [767904] - (2.2.0.0) - Q:\PortableApps.comLauncher_2.2.paf.exe
[14/06/2016 08:06:15] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [3793168] - (12.2.0.0) - Q:\PortableApps.com_Platform_Setup_12.2.paf.exe
[11/07/2016 09:24:39] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4409424] - (13.0.0.0) - Q:\PortableApps.com_Platform_Setup_13.0.paf.exe
[11/07/2016 09:24:39] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4353008] - (14.0.0.0) - Q:\PortableApps.com_Platform_Setup_14.0.paf.exe
[19/07/2016 09:39:56] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4140968] - (14.1.0.0) - Q:\PortableApps.com_Platform_Setup_14.1.paf(1).exe
[14/07/2016 07:35:44] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4140968] - (14.1.0.0) - Q:\PortableApps.com_Platform_Setup_14.1.paf.exe
[14/06/2016 08:21:22] - |A| - (.PortableApps.com - PortableApps.com Suite.) - [140562568] - (1.6.1.0) - Q:\PortableApps.com_Suite_Setup_1.6.1_English (1).exe
[14/06/2016 08:07:07] - |A| - (.PortableApps.com - PortableApps.com Suite.) - [140562568] - (1.6.1.0) - Q:\PortableApps.com_Suite_Setup_1.6.1_English.exe
[10/06/2016 11:45:21] - |A| - (.-.) - [258331888] - (0.0.0.0) - Q:\Power2Go_10.0.2522.0_Essential_b_Essential_P2G151125-04.exe
[11/07/2016 09:24:42] - |A| - (.© 2010 Microsoft Corporation.  -.) - [63347104] - (14.0.4730.1010) - Q:\PowerPointViewer.exe
[14/06/2016 07:57:59] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - Private Browsing by PortableApps.com.) - [1487280] - (3.0.0.0) - Q:\PrivateBrowsingByPortableApps_3.0.paf.exe
[21/07/2016 06:18:54] - |A| - (.Copyright Shane Gowland ©  2015 - ProcessAlive.) - [409088] - (0.0.8.0) - Q:\ProcessAlive-0.9.1.exe
[23/07/2016 12:57:25] - |A| - (.Copyright (C) 2013-2015 SosVirus Software - Process Killer.) - [988160] - (1.0.0.3) - Q:\processclose_1.0.0.3.exe
[10/07/2016 19:42:55] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.1.1.0 - qBittorrent Portable.) - [9120168] - (3.3.3.0) - Q:\qBittorrentPortable_3.3.3.paf.exe
[11/07/2016 09:24:54] - |A| - (.Copyright © 2016 Reason Software Company Inc. - Reason Core Security Setup.) - [3919376] - (1.1.2.0) - Q:\reason-core-security-setup (1).exe
[11/07/2016 09:24:53] - |A| - (.Copyright © 2016 Reason Software Company Inc. - Reason Core Security Setup.) - [3919376] - (1.1.2.0) - Q:\reason-core-security-setup.exe
[11/07/2016 09:24:54] - |A| - (.Copyright © 2015 Reason Software Company Inc. - Reason Core Security Setup.) - [3855576] - (1.1.1.0) - Q:\reason-core-security-setup_1.1.1.0.exe
[10/06/2016 15:20:24] - |A| - (.(c) Malwarebytes - Malwarebytes' RegASSASSIN.) - [65232] - (1.0.0.3) - Q:\regassassin-setup-1.03.exe
[09/07/2016 14:19:14] - |A| - (.Copyright © 2008-2014 Auslogics Labs Pty Ltd                                                         - Auslogics Registry Cleaner Installation File               .) - [7253752] - (4.1.0.0) - Q:\registry-cleaner-setup.exe
[14/07/2016 03:58:35] - |A| - (.© Reimage 2013 - Reimage Express Downloader.) - [591624] - (1.0.3.9) - Q:\ReimageExpress.exe
[21/07/2016 06:13:18] - |A| - (.                                                                                                    - Remembr Setup                                              .) - [819850] - (0.0.0.0) - Q:\remembr-install-0.5.exe
[11/07/2016 09:24:59] - |A| - (.-.) - [409449] - (1.3.0.0) - Q:\rstassociations-version-exe_1.3.exe
[11/07/2016 09:29:03] - |A| - (.-.) - [487400] - (3.3.9.4) - Q:\Search_The_Crack.exe
[10/07/2016 19:44:49] - |A| - (.kastorsoft.com                                                                                       - Free Video Converter Setup                                 .) - [6509896] - (2.3.0.0) - Q:\SetupFreeVideoConverter.exe
[11/07/2016 09:29:08] - |A| - (.                                                                                                    - ShadowExplorer Setup                                       .) - [969845] - (0.9.462.0) - Q:\ShadowExplorer-0.9-setup.exe
[11/07/2016 09:29:08] - |A| - (.© 2015 simplitec GmbH                                                                                - simplitec setup                                            .) - [21595680] - (2.2.22.27) - Q:\simplitec_simpliclean_int.exe
[25/07/2016 09:25:32] - |A| - (.Copyright (c) TechSmith Corporation. - Snagit 13.) - [91067736] - (13.0.1.6326) - Q:\snagit.exe
[11/07/2016 09:29:59] - |A| - (.Copyright 1989-2016 Sophos Limited. - Sophos Extractor.) - [196787200] - (1.3.3.7) - Q:\SophosInstall.exe
[09/07/2016 05:50:18] - |A| - (.Stellar Information Technology Pvt Ltd.                                                              - Stellar Information Technology Pvt Ltd.                    .) - [5979488] - (6.0.0.1) - Q:\StellarPhoenixWindowsDataRecovery-Professional.exe
[10/07/2016 19:46:38] - |A| - (.1995-2013 Stellar Information Systems Ltd.                                                           - Stellar Information Systems Ltd                            .) - [6471304] - (6.0.0.0) - Q:\StellarPhoenixWindowsDataRecovery-ProfessionalV6_AQFR.exe
[14/06/2016 07:25:56] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - Sumatra PDF Portable.) - [2541384] - (2.3.2.0) - Q:\SumatraPDFPortable_2.3.2.paf.exe
[05/07/2016 09:39:21] - |A| - (.-.) - [7233888] - (0.0.0.0) - Q:\susetupPro.exe
[11/07/2016 09:30:26] - |A| - (.PortableApps.com Installer Copyright 2007-2012 PortableApps.com. - TeamViewer Portable.) - [10876344] - (11.0.59518.0) - Q:\TeamViewerPortable_11.0.59518.paf.exe
[10/07/2016 19:46:51] - |A| - (.TeamViewer GmbH -.) - [9666224] - (11.0.59518.0) - Q:\TeamViewer_Setup_fr.exe
[11/07/2016 09:30:28] - |A| - (.-.) - [23398464] - (0.0.0.0) - Q:\tenorshare-android-data-recovery-trial.exe
[14/06/2016 07:43:53] - |A| - (.-.) - [24727614] - (0.0.0.0) - Q:\tenorshare-free-video-converter.exe
[11/07/2016 09:30:33] - |A| - (.-.) - [8074734] - (0.0.0.0) - Q:\tenorshare-pdf-password-recovery-trial.exe
[11/07/2016 09:30:34] - |A| - (.-.) - [5015718] - (0.0.0.0) - Q:\tenorshare-pdf-password-remover-trial.exe
[05/07/2016 13:46:37] - |A| - (.-.) - [25106954] - (0.0.0.0) - Q:\tenorshare-samsung-data-recovery-trial.exe
[14/06/2016 07:45:03] - |A| - (.-.) - [24343000] - (0.0.0.0) - Q:\tenorshare-video-converter-trial.exe
[14/06/2016 08:03:50] - |A| - (.-.) - [266046792] - (0.0.0.0) - Q:\tenorshare-windows-boot-genius-trial.exe
[14/06/2016 08:06:43] - |A| - (.-.) - [32563203] - (0.0.0.0) - Q:\tenorshare-windows-video-downloader-trial.exe
[11/07/2016 04:50:20] - |A| - (.-.) - [271572636] - (1.1.3.70) - Q:\tentatives lfs ultra finalis efm et didinser.exe
[19/07/2016 19:23:09] - |A| - (.Mozilla - Thunderbird.) - [35165800] - (4.42.0.0) - Q:\Thunderbird Setup 45.2.0.exe
[19/07/2016 13:55:05] - |A| - (.© 1996-2016 by Joachim Marder e.K.                                                                   - TreeSize Free Setup                                        .) - [5963008] - (3.4.5.343) - Q:\TreeSizeFreeSetup.exe
[11/07/2016 09:31:52] - |A| - (.Copyright ©2011 - 2016 - Setup Application.) - [21382440] - (3.9.0.0) - Q:\tweaking.com_windows_repair_aio_setup.exe
[11/07/2016 09:31:55] - |A| - (.Copyright - Geza Kovacs - License - GNU GPL v2+ - UNetbootin - Universal Netboot Installer - http://unetbootin.sourceforge.net.) - [4831744] - (1.1.1.1) - Q:\unetbootin-windows-613.exe
[10/06/2016 11:10:42] - |A| - (.© 2008/2014 - El Desaparecido - www.SosVirus.net - UsbFix - Remove Malware From Your Drive!.) - [3989160] - (7.8.0.6) - Q:\UsbFix-7.806.exe
[10/07/2016 17:04:37] - |A| - (.© 2008/2016 - El Desaparecido - www.SOSVirus.net - UsbFix - Remove Malware From Your Drive!.) - [3124797] - (8.2.2.8) - Q:\UsbFix_2016_8.233.exe
[11/07/2016 09:31:58] - |A| - (.Copyright (c) 2016 Steganos Software GmbH - Steganos PortableSafe USB Starter.) - [4127744] - (17.1.3.11700) - Q:\usbstarter.exe
[10/07/2016 19:48:12] - |A| - (.                                                                                                    - Panda USB Vaccine Setup                                    .) - [848856] - (1.0.1.4) - Q:\USBVaccineSetup.exe
[11/07/2016 09:31:59] - |A| - (.2007-2016 PortableApps.com, PortableApps.com Installer 3.1.1.0 - uTorrent Portable.) - [2370592] - (3.4.6.42178) - Q:\uTorrentPortable_3.4.6.42178_online.paf.exe
[10/07/2016 16:14:51] - |A| - (.Copyright 2015 Wondershare Corporation                                      - videoconverterfree_setup_full1129.exe.) - [800840] - (1.2.1.1) - Q:\video-converter-free_setup_full1129.exe
[10/07/2016 19:48:31] - |A| - (.                                                                                                    -                                                            .) - [46736640] - (9.0.18.0) - Q:\video-converter-ultimate(1).exe
[10/07/2016 19:48:19] - |A| - (.                                                                                                    -                                                            .) - [46736640] - (9.0.18.0) - Q:\video-converter-ultimate.exe
[23/07/2016 05:19:21] - |A| - (.- Video to Picture Setup.) - [12937488] - (1.0.0.0) - Q:\video-to-picture.exe
[11/07/2016 09:32:15] - |A| - (.- Professional video watermarking program.) - [16786240] - (5.1.0.0) - Q:\video-watermark-pro.exe
[11/07/2016 09:32:13] - |A| - (.- Video watermarking program.) - [16733504] - (5.1.0.0) - Q:\video-watermark.exe
[10/07/2016 19:48:17] - |A| - (.Copyright © 2014 UpdateStar                                                                          - Video Converter Setup                                      .) - [8704008] - (7.0.3.91) - Q:\VideoConverter.exe
[24/06/2016 11:31:58] - |A| - (.-.) - [89589712] - (0.0.0.0) - Q:\VideoMeetingPlus_1.0.1711.0_Beta_VMX160226-03.exe
[10/07/2016 12:33:54] - |A| - (.Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc. - InstallScript Setup Launcher.) - [453686816] - (17.0.0.717) - Q:\Video_Explosion_Deluxe_Setup.exe
[10/07/2016 07:41:44] - |A| - (.- Télécharge et installe VirtualBox portable.) - [301259] - (3.3.6.1) - Q:\VirtualBoxPortable.exe
[14/06/2016 07:15:38] - |A| - (.2007-2015 PortableApps.com, PortableApps.com Installer 3.0.17.0 - VLC Media Player Portable.) - [26948496] - (2.2.1.0) - Q:\VLCPortable_2.2.1.paf.exe
[14/03/2015 03:48:01] - |RA| - (.© 2015 Western Digital Technologies, Inc. - Unlock Utility for WD Encrypted Drive.) - [2081624] - (1.2.0.9) - Q:\WD Drive Unlock.exe
[14/06/2016 07:23:56] - |A| - (.tenorshare.com                                                                                       - Windows Care Genius                                        .) - [16035976] - (3.9.4.355) - Q:\windows-care-genius-trial.exe
[11/07/2016 09:32:28] - |A| - (.© 2006 Microsoft Corporation.  -.) - [25746416] - (12.0.6038.3000) - Q:\wordview_fr-fr.exe
[11/07/2016 09:32:31] - |A| - (.-.) - [33087576] - (0.0.0.0) - Q:\x-audio-maker6-fr.exe
[11/07/2016 09:32:34] - |A| - (.-.) - [16868162] - (0.0.0.0) - Q:\x-dailymotion-video-downloader-fr.exe
[11/07/2016 09:32:36] - |A| - (.-.) - [28206392] - (0.0.0.0) - Q:\x-download-youtube-video5-fr.exe
[11/07/2016 09:32:39] - |A| - (.-.) - [37509928] - (0.0.0.0) - Q:\x-video-converter-ultimate7-fr.exe
[11/07/2016 09:32:43] - |A| - (.-.) - [26640091] - (0.0.0.0) - Q:\x-video-editor2-fr.exe
[11/07/2016 09:32:49] - |A| - (.Copyright © 1998-2016, Check Point, LTD - ZoneAlarm.) - [3412200] - (14.1.48.0) - Q:\zonealarm-free-antivirus-firewall_14-1-048-000_fr_10494.exe
[11/07/2016 09:32:48] - |A| - (.Copyright © 1999-2011 Pro Softnet Corp.                                                              - ZoneAlarm Backup Powered by IDrive Setup                   .) - [9468744] - (0.0.0.0) - Q:\ZoneAlarmBackupSetup.exe
[08/07/2016 19:32:32] - |A| - (.-.) - [262] - (0.0.0.0) - Q:\.label.info
[10/07/2016 19:01:41] - |A| - (.-.) - [4248] - (0.0.0.0) - Q:\0x0404.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7094] - (0.0.0.0) - Q:\0x0407.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6129] - (0.0.0.0) - Q:\0x0409.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7022] - (0.0.0.0) - Q:\0x040a.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [7242] - (0.0.0.0) - Q:\0x040c.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6897] - (0.0.0.0) - Q:\0x0410.ini
[10/07/2016 19:01:41] - |A| - (.-.) - [6623] - (0.0.0.0) - Q:\0x0411.ini
[10/07/2016 19:01:42] - |A| - (.-.) - [5724] - (0.0.0.0) - Q:\0x0412.ini
[10/07/2016 19:01:42] - |A| - (.-.) - [4315] - (0.0.0.0) - Q:\0x0804.ini
[11/07/2016 08:44:52] - |A| - (.-.) - [6848] - (0.0.0.0) - Q:\a2settings.ini
[11/07/2016 08:44:52] - |A| - (.-.) - [64] - (0.0.0.0) - Q:\a2whitelist.ini
[12/05/2016 12:04:59] - |A| - (.-.) - [24] - (0.0.0.0) - Q:\Config.ini
[10/07/2016 19:10:42] - |A| - (.-.) - [142] - (0.0.0.0) - Q:\Custom.ini
[10/07/2016 19:31:48] - |A| - (.-.) - [40] - (0.0.0.0) - Q:\Define.ini
[18/07/2016 18:18:04] - |A| - (.-.) - [282] - (0.0.0.0) - Q:\desktop(1).ini
[10/07/2016 19:31:48] - |A| - (.-.) - [282] - (0.0.0.0) - Q:\desktop_FromLFS_ULTRA.ini
[10/07/2016 07:41:44] - |A| - (.-.) - [2141] - (0.0.0.0) - Q:\Framakey.ini
[10/07/2016 19:39:27] - |A| - (.-.) - [101] - (0.0.0.0) - Q:\info.ini
[11/07/2016 09:24:15] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\LogAnalyZer.ini
[10/07/2016 19:44:47] - |A| - (.-.) - [1953] - (0.0.0.0) - Q:\Setup.ini
[10/07/2016 19:48:12] - |A| - (.-.) - [208] - (0.0.0.0) - Q:\ureg.ini
[12/05/2016 12:06:17] - |A| - (.-.) - [1598] - (0.0.0.0) - Q:\UserSettings.ini
[11/07/2016 09:32:19] - |A| - (.-.) - [27] - (0.0.0.0) - Q:\VTU.ini

P:

[14/03/2015 03:48:01] - |A| - (.© 2015 Western Digital Technologies, Inc. - Unlock Utility for WD Encrypted Drive.) - [2081624] - (1.2.0.9) - P:\WD Drive Unlock.exe
[01/11/2011 22:39:30] - |A| - (.-.) - [79] - (0.0.0.0) - P:\autorun.inf

O:

[12/05/2016 12:04:54] - |A| - (.Copyright © 1999-2012 - BASS.) - [219136] - (2.4.9.0) - O:\bass.dll
[12/05/2016 12:04:54] - |A| - (.Copyright © 2005-2012 by radio42: Bernd Niedergesaess, Germany. http://www.bass.radio42.com/ - bn@radio42.com - BASS.NET API for .Net.) - [638976] - (2.4.9.1) - O:\Bass.Net.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2003-2009 - BASSCD.) - [35328] - (2.4.3.1) - O:\basscd.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2004-2009 - BASSFLAC.) - [48128] - (2.4.1.0) - O:\bassflac.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2005-2010 - BASSmix.) - [33280] - (2.4.4.0) - O:\bassmix.dll
[12/05/2016 12:04:55] - |A| - (.Copyright © 2012 - BASSOPUS.) - [103424] - (0.0.0.1) - O:\bassopus.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2002-2010 - BASSWMA.) - [34816] - (2.4.4.0) - O:\basswma.dll
[12/05/2016 12:04:56] - |A| - (.Copyright © 2007-2009 - BASSWV.) - [59904] - (2.4.1.0) - O:\basswv.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Apple Lossless Audio Codec add-on for the BASS library.) - [9416] - (2.4.3.0) - O:\bass_alac.dll
[12/05/2016 12:04:56] - |A| - (.2003-2006, MaresWEB - Monkey's Audio add-on for the BASS library.) - [81408] - (2.4.0.1) - O:\bass_ape.dll
[12/05/2016 12:04:57] - |A| - (.2003-2006, MaresWEB - Musepack add-on for the BASS library.) - [45056] - (2.4.1.0) - O:\bass_mpc.dll
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBXPExt.) - [68608] - (4.5.7.6229) - O:\CDBXP.dll
[12/05/2016 12:05:09] - |A| - (. - .) - [337408] - (13.0.0.0) - O:\LogicNP.FolderView.dll
[12/05/2016 12:05:15] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2016. - StarBurn  CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3622784] - (15.6.1.1025) - O:\StarBurn.dll
[14/07/2016 03:58:35] - |A| - (.© Reimage 2013 - Reimage Express Downloader.) - [591624] - (1.0.3.9) - O:\ReimageExpress.exe
[14/07/2016 04:03:31] - |A| - (.                                                                                                    - Ashampoo Media Sync Setup                                  .) - [12641832] - (1.0.2.0) - O:\ashampoo_media_sync_e1.0.2_sm.exe
[13/05/2016 06:34:57] - |A| - (.-.) - [97557896] - (0.0.0.0) - O:\CyberLink_MediaEspresso7.5_MEX160302-01.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP command line version.) - [25712] - (4.5.7.6229) - O:\cdbxpcmd.exe
[12/05/2016 12:04:58] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBurnerXP.) - [1746544] - (4.5.7.6229) - O:\cdbxpp.exe
[12/05/2016 12:06:17] - |A| - (.-.) - [1598] - (0.0.0.0) - O:\UserSettings.ini
[12/05/2016 12:04:59] - |A| - (.-.) - [24] - (0.0.0.0) - O:\Config.ini

K:

[21/07/2016 06:27:33] - |SH| - (.-.) - [32768] - (0.0.0.0) - K:\autorun.inf

I:

[05/05/2016 17:15:18] - |A| - (.© 2008/2016 - El Desaparecido - www.SOSVirus.net - UsbFix - Remove Malware From Your Drive!.) - [3124797] - (8.2.2.8) - I:\UsbFix_2016_8.233.exe
[08/05/2016 13:18:31] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - I:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FAq2NsdKU).exe
[08/05/2016 13:18:36] - |A| - (.Copyright © 2005-2016 Piriform Ltd - CCleaner Installer.) - [7033368] - (2.0.0.0) - I:\ccsetup_517.exe
[08/05/2016 13:18:42] - |A| - (.Copyright 2003-2015 Emsisoft Ltd.                                                                    - Emsisoft Anti-Malware Setup                                .) - [237135456] - (11.7.0.6394) - I:\EmsisoftAntiMalwareSetup.exe
[08/05/2016 13:19:02] - |A| - (.-.) - [232114840] - (0.0.0.0) - I:\EmsisoftEmergencyKit (1).exe
[08/05/2016 13:19:19] - |A| - (.-.) - [232114840] - (0.0.0.0) - I:\EmsisoftEmergencyKit.exe
[08/05/2016 13:19:43] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11441168] - (3.7.14.263) - I:\hitmanpro_x64.exe
[08/05/2016 13:20:35] - |A| - (.Copyright © Malwarebytes Corporation - Malwarebytes Anti-Rootkit.) - [16563352] - (1.9.3.1001) - I:\mbar-1.09.3.1001.exe
[08/05/2016 13:20:43] - |A| - (.Copyright ©2011 - 2016 - Setup Application.) - [21258848] - (3.8.0.7) - I:\tweaking.com_windows_repair_aio_setup.exe
[08/05/2016 13:20:46] - |A| - (.© Copyright 2015                                                                                     - AntiMalware                                                .) - [5479312] - (2.20.613.0) - I:\Zemana.AntiMalware.Setup.exe
[07/06/2016 10:44:01] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [4140968] - (14.1.0.0) - I:\PortableApps.com_Platform_Setup_14.1.paf.exe
[11/05/2016 19:55:40] - |A| - (.-.) - [505346176] - (0.0.0.0) - I:\CyberLink_ActionDirector_ACD160414-01.exe

G:

[31/01/2016 11:57:05] - |A| - (.-.) - [983040] - (0.8.0.5) - G:\Framakey.exe
[21/07/2016 06:20:02] - |SH| - (.-.) - [4096] - (0.0.0.0) - G:\autorun.inf
[31/01/2016 11:43:52] - |A| - (.-.) - [2141] - (0.0.0.0) - G:\Framakey.ini

E:


D:

[24/07/2016 18:12:25] - |ASH| - (.-.) - [44] - (0.0.0.0) - D:\language.ini

---------- | C:

[30/10/2015 09:24:24] - |SHD| - [5447] - C:\$Recycle.Bin
[24/07/2016 18:59:38] - |D| - [126954006] - C:\AMD
[02/08/2012 04:02:18] - |SHD| - [18199836] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[24/07/2016 22:06:29] - |SHD| - [0] - C:\Config.Msi
[26/07/2012 09:22:08] - |SHD| - [0] - C:\Documents and Settings
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:35:47] - |ASH| - (.-.) - [1535000576] - (0.0.0.0) - C:\hiberfil.sys
[07/01/2013 13:49:41] - |RSHD| - [4053232] - C:\hp
[01/08/2012 19:09:20] - |D| - [61626] - C:\inetpub
[MD5.A405B44103CE5CE2E663ED3D615AEF3C] - [25/07/2016 10:33:00] - |A| - (.-.) - [30856] - (0.0.0.0) - C:\Look_my_hardware.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 09:30:46] - |RASH| - (.-.) - [0] - (0.0.0.0) - C:\OS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/07/2016 15:59:40] - |ASH| - (.-.) - [1476395008] - (0.0.0.0) - C:\pagefile.sys
[30/10/2015 09:24:24] - |D| - [0] - C:\PerfLogs
[30/10/2015 08:28:30] - |RD| - [1438740264] - C:\Program Files
[30/10/2015 08:28:30] - |RD| - [356871120] - C:\Program Files (x86)
[30/10/2015 09:24:24] - |HD| - [799903630] - C:\ProgramData
[25/07/2016 10:20:28] - |D| - [262073] - C:\QuickDiag
[MD5.61A8B96F885146AE813DBCC3237134B1] - [25/07/2016 10:20:36] - |A| - (.-.) - [306674] - (0.0.0.0) - C:\QuickDiag.txt
[01/08/2012 19:05:35] - |SHD| - [302183519] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/07/2016 15:59:40] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[02/08/2012 05:15:28] - |AD| - [1021173952] - C:\SWSETUP
[24/07/2016 15:59:39] - |SHD| - [0] - C:\System Volume Information
[01/08/2012 11:57:15] - |RASHD| - [38369509] - C:\SYSTEM.SAV
[30/10/2015 08:28:30] - |RD| - [1625181982] - C:\Users
[30/10/2015 08:28:30] - |D| - [14621611184] - C:\Windows
[24/07/2016 19:25:37] - |D| - [165095715738] - C:\Windows.old
[25/07/2016 08:16:35] - |D| - [59036089753] - C:\Windows.old.000

---------- | C:\Windows

[30/10/2015 09:24:24] - |D| - [802] - C:\Windows\addins
[30/10/2015 09:24:24] - |D| - [706100] - C:\Windows\appcompat
[30/10/2015 09:24:24] - |D| - [12335742] - C:\Windows\AppPatch
[30/10/2015 09:24:24] - |D| - [0] - C:\Windows\AppReadiness
[30/10/2015 09:24:24] - |RD| - [397684668] - C:\Windows\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:53:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin
[30/10/2015 09:24:24] - |D| - [53820] - C:\Windows\bcastdvr
[MD5.DE3C720C11A91557E1DFDFF0DB2AA3C2] - [30/10/2015 09:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.10586.0) - C:\Windows\bfsvc.exe
[30/10/2015 09:24:24] - |D| - [32613551] - C:\Windows\Boot
[MD5.2DC62B7C43464F3A2B89D3BF48B64501] - [25/07/2016 07:26:01] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[30/10/2015 09:24:24] - |D| - [2380376] - C:\Windows\Branding
[30/10/2015 09:11:39] - |D| - [704616] - C:\Windows\CbsTemp
[MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 21:03:30] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\Windows\Core.xml
[30/10/2015 09:24:24] - |D| - [8970858] - C:\Windows\Cursors
[30/10/2015 09:24:24] - |D| - [178385] - C:\Windows\debug
[30/10/2015 09:24:24] - |RD| - [20934] - C:\Windows\DesktopTileResources
[30/10/2015 09:24:24] - |RD| - [3032320] - C:\Windows\DevicesFlow
[30/10/2015 09:24:24] - |D| - [4148624] - C:\Windows\diagnostics
[30/10/2015 21:00:07] - |D| - [0] - C:\Windows\DigitalLocker
[30/10/2015 09:24:24] - |SD| - [65] - C:\Windows\Downloaded Program Files
[MD5.2903E027F59D4538EB58C427FE6A9A2A] - [30/10/2015 09:25:57] - |A| - (.-.) - [1720] - (0.0.0.0) - C:\Windows\DtcInstall.log
[30/10/2015 09:24:24] - |HD| - [44568] - C:\Windows\ELAMBKUP
[30/10/2015 21:00:07] - |D| - [0] - C:\Windows\en-US
[MD5.4572EB3DDBD2DFA10DE7A037A6CC6D53] - [30/10/2015 09:18:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4502864] - (10.0.10586.0) - C:\Windows\explorer.exe
[30/10/2015 09:24:24] - |RSD| - [344377136] - C:\Windows\Fonts
[30/10/2015 21:00:07] - |D| - [134144] - C:\Windows\fr-FR
[30/10/2015 09:24:24] - |D| - [20806050] - C:\Windows\Globalization
[30/10/2015 09:24:24] - |D| - [1589372] - C:\Windows\Help
[MD5.80F394B72E22F1186996459AE86709BA] - [30/10/2015 09:17:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [994816] - (10.0.10586.0) - C:\Windows\HelpPane.exe
[MD5.C7228F24B9130C64DCF4C390A04A775C] - [30/10/2015 09:17:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.10586.0) - C:\Windows\hh.exe
[30/10/2015 09:24:24] - |D| - [173194846] - C:\Windows\IME
[30/10/2015 09:24:24] - |RD| - [6839829] - C:\Windows\ImmersiveControlPanel
[30/10/2015 09:21:47] - |D| - [47772759] - C:\Windows\INF
[30/10/2015 09:24:24] - |D| - [931024796] - C:\Windows\InfusedApps
[30/10/2015 09:24:24] - |D| - [36258450] - C:\Windows\InputMethod
[30/10/2015 09:24:24] - |SHD| - [250404999] - C:\Windows\Installer
[30/10/2015 09:24:24] - |D| - [89407] - C:\Windows\L2Schemas
[30/10/2015 09:24:24] - |D| - [0] - C:\Windows\LiveKernelReports
[30/10/2015 08:31:03] - |D| - [6244499] - C:\Windows\Logs
[MD5.853EC0DCF549C5B5000D67D253390817] - [25/07/2016 07:25:25] - |A| - (.-.) - [1340] - (0.0.0.0) - C:\Windows\lsasetup.log
[30/10/2015 09:24:24] - |RSD| - [20145669] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 09:17:40] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[30/10/2015 09:24:24] - |D| - [590170372] - C:\Windows\Microsoft.NET
[30/10/2015 09:24:24] - |D| - [2371] - C:\Windows\Migration
[30/10/2015 09:24:24] - |RD| - [470257] - C:\Windows\MiracastView
[30/10/2015 09:24:24] - |D| - [0] - C:\Windows\ModemLogs
[MD5.60336413E419C2EA5E215F1A32061E40] - [30/10/2015 09:19:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [244736] - (10.0.10586.0) - C:\Windows\notepad.exe
[30/10/2015 21:00:47] - |D| - [199124] - C:\Windows\OCR
[30/10/2015 09:24:24] - |RD| - [65] - C:\Windows\Offline Web Pages
[25/07/2016 08:24:16] - |D| - [3874134] - C:\Windows\Panther
[30/10/2015 09:24:24] - |D| - [28864584] - C:\Windows\Performance
[MD5.311389FB5A2C8C2BFC01CA0C1FAF67B0] - [25/07/2016 08:43:04] - |A| - (.-.) - [1634] - (0.0.0.0) - C:\Windows\PFRO.log
[30/10/2015 09:24:24] - |D| - [1136442] - C:\Windows\PLA
[30/10/2015 09:24:24] - |D| - [2562855] - C:\Windows\PolicyDefinitions
[25/07/2016 07:25:59] - |D| - [8317832] - C:\Windows\Prefetch
[30/10/2015 09:24:24] - |RD| - [1963312] - C:\Windows\PrintDialog
[30/10/2015 09:24:24] - |D| - [1297393] - C:\Windows\Provisioning
[30/10/2015 09:24:24] - |RD| - [625327] - C:\Windows\PurchaseDialog
[MD5.D9D56AFAA121BD6B4206F7FF3DA84BBA] - [30/10/2015 09:17:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.10586.0) - C:\Windows\regedit.exe
[30/10/2015 09:24:24] - |D| - [22588] - C:\Windows\Registration
[30/10/2015 09:24:24] - |D| - [1631464] - C:\Windows\rescache
[30/10/2015 09:24:24] - |D| - [3728883] - C:\Windows\Resources
[30/10/2015 09:24:24] - |D| - [0] - C:\Windows\SchCache
[30/10/2015 09:24:24] - |D| - [121229] - C:\Windows\schemas
[30/10/2015 09:24:24] - |D| - [5315278] - C:\Windows\security
[30/10/2015 21:07:12] - |D| - [46010224] - C:\Windows\ServiceProfiles
[30/10/2015 08:28:30] - |D| - [45715821] - C:\Windows\servicing
[30/10/2015 09:26:37] - |D| - [42] - C:\Windows\Setup
[MD5.DE784EEF581A7B47B2629ADC4FE82FC4] - [25/07/2016 07:25:39] - |A| - (.-.) - [15048] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/07/2016 07:25:39] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[30/10/2015 21:03:03] - |D| - [4544] - C:\Windows\ShellNew
[30/10/2015 21:00:30] - |D| - [3070736] - C:\Windows\SKB
[25/07/2016 07:36:54] - |D| - [903512775] - C:\Windows\SoftwareDistribution
[30/10/2015 09:24:24] - |D| - [103543755] - C:\Windows\Speech
[30/10/2015 09:24:24] - |D| - [50814701] - C:\Windows\Speech_OneCore
[MD5.3BB80AF91D069F97006DCCC031164903] - [30/10/2015 09:18:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128000] - (10.0.10586.0) - C:\Windows\splwow64.exe
[30/10/2015 09:24:24] - |D| - [31039] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[30/10/2015 08:28:30] - |D| - [3490973367] - C:\Windows\System32
[30/10/2015 09:24:25] - |D| - [155475728] - C:\Windows\SystemApps
[30/10/2015 09:24:25] - |D| - [18113885] - C:\Windows\SystemResources
[30/10/2015 08:28:37] - |D| - [1338405706] - C:\Windows\SysWOW64
[30/10/2015 09:24:25] - |D| - [0] - C:\Windows\TAPI
[30/10/2015 09:24:25] - |D| - [6] - C:\Windows\Tasks
[30/10/2015 09:24:25] - |D| - [9655690] - C:\Windows\Temp
[30/10/2015 09:24:25] - |D| - [0] - C:\Windows\tracing
[30/10/2015 09:24:25] - |D| - [7680] - C:\Windows\twain_32
[MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 09:19:30] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\Windows\twain_32.dll
[30/10/2015 09:24:25] - |D| - [12420] - C:\Windows\Vss
[30/10/2015 09:24:25] - |D| - [15729830] - C:\Windows\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 09:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 09:18:16] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [25/07/2016 07:36:54] - |A| - (.-.) - [275] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 09:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\Windows\winhlp32.exe
[30/10/2015 08:28:30] - |D| - [5660547721] - C:\Windows\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 09:18:41] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.E9C22DCE95A6E5B6C37FED42B3749E32] - [30/10/2015 09:18:14] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.10586.0) - C:\Windows\write.exe

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[23/04/2015 15:48:14] - C:\Windows\Installer\23a6ed.msi : (Sophos Management Communications System - Sophos Limited)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2016 18:17:48] - C:\Windows\Installer\23a70e.msi : (Sophos Anti-Virus - Sophos Limited)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/01/2016 12:51:07] - C:\Windows\Installer\23a768.msi : (Sophos AutoUpdate - Sophos Limited)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2016 08:39:48] - C:\Windows\Installer\3775a4.msi : (Program - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:24] - C:\Windows\Installer\c0a4e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 10:49:56] - C:\Windows\Installer\c0a53.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:16] - C:\Windows\Installer\c0a58.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:22] - C:\Windows\Installer\c0a5d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:30] - C:\Windows\Installer\c0a62.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:36] - C:\Windows\Installer\c0a67.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:44] - C:\Windows\Installer\c0a6c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:52] - C:\Windows\Installer\c0a71.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:00] - C:\Windows\Installer\c0a76.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:06] - C:\Windows\Installer\c0a7b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:16] - C:\Windows\Installer\c0a80.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:22] - C:\Windows\Installer\c0a85.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:30] - C:\Windows\Installer\c0a8a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:38] - C:\Windows\Installer\c0a8f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:46] - C:\Windows\Installer\c0a94.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:54] - C:\Windows\Installer\c0a99.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:02] - C:\Windows\Installer\c0a9e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:10] - C:\Windows\Installer\c0aa3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:18] - C:\Windows\Installer\c0aa8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:26] - C:\Windows\Installer\c0aad.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:34] - C:\Windows\Installer\c0ab2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:42] - C:\Windows\Installer\c0ab7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:50] - C:\Windows\Installer\c0abc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:58] - C:\Windows\Installer\c0ac1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:06] - C:\Windows\Installer\c0ac6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:40] - C:\Windows\Installer\c0acb.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:07:30] - C:\Windows\Installer\c0ad0.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:12] - C:\Windows\Installer\c0ad5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2016 07:54:52] - [88102] - C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:38] - [88102] - C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:32] - [88102] - C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:20] - [10134] - C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:23] - [88102] - C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:30] - [88102] - C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:33] - [88102] - C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:44] - [88102] - C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:35] - [88102] - C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:31] - [88102] - C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:49] - [88102] - C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 08:41:55] - [10134] - C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\ARPPRODUCTICON_IObitDel.exe     () - ()
[25/07/2016 08:41:55] - [90161] - C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\NewShortcut1_985F828E0E98429F9C05EF3BDE7568F7_1_IObitDel.exe     () - ()
[25/07/2016 08:41:55] - [90161] - C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\NewShortcut2_985F828E0E98429F9C05EF3BDE7568F7_IObitDel.exe     () - ()
[25/07/2016 08:41:55] - [90161] - C:\Windows\Installer\{47E5588F-C3A0-11DE-9857-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7_IObitDel.exe     () - ()
[25/07/2016 07:54:18] - [88102] - C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:27] - [88102] - C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:50] - [88102] - C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:36] - [88102] - C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:48] - [88102] - C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:46] - [88102] - C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:41] - [88102] - C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:47] - [88102] - C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:55:03] - [88102] - C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:43] - [88102] - C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:37] - [88102] - C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:25] - [88102] - C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:39] - [88102] - C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 08:21:56] - [22926] - C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\ARPPRODUCTICON_IObitDel.exe     () - ()
[25/07/2016 08:21:56] - [30430] - C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\InternetShortcut_IObitDel.exe     () - ()
[25/07/2016 08:21:56] - [22926] - C:\Windows\Installer\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}\MainGUIShortcut1_IObitDel.exe     () - ()
[25/07/2016 09:17:22] - [7703096] - C:\Windows\Installer\{DD0F148B-9556-4508-B48E-0EBA13122B0F}\SnagitEditorIcon.exe     (Copyright © 2008-2016 TechSmith Corp.) - (Snagit Editor)
[25/07/2016 09:17:21] - [7278648] - C:\Windows\Installer\{DD0F148B-9556-4508-B48E-0EBA13122B0F}\SnagitIcon.exe     (Copyright © 1996-2016 TechSmith Corp.) - (Snagit)
[25/07/2016 07:54:54] - [4846] - C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:42] - [88102] - C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:28] - [88102] - C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe     () - ()
[25/07/2016 07:54:26] - [88102] - C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe     () - ()

---------- | %System%\*.in*

[30/10/2015 09:18:41] - [3458] - C:\Windows\System32\ieuinit.inf
[26/10/2012 16:42:24] - [29494] - C:\Windows\System32\lvcoin64.ini
[25/07/2016 07:45:41] - [1758862] - C:\Windows\System32\PerfStringBackup.INI
[30/10/2015 09:18:09] - [60124] - C:\Windows\System32\tcpmon.ini
[30/10/2015 09:17:49] - [2269] - C:\Windows\System32\WimBootCompress.ini
[30/10/2015 09:19:39] - [3458] - C:\Windows\Syswow64\ieuinit.inf
[30/10/2015 09:18:25] - [2269] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | [jean-]

[25/07/2016 07:57:36] - |HD| - [461150829] - C:\Users\jean-\AppData
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Application Data
[25/07/2016 08:00:46] - |RD| - [412] - C:\Users\jean-\Contacts
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Cookies
[25/07/2016 07:57:36] - |RD| - [2155202] - C:\Users\jean-\Desktop
[25/07/2016 07:57:36] - |RD| - [41386] - C:\Users\jean-\Documents
[25/07/2016 07:57:36] - |RD| - [358251260] - C:\Users\jean-\Downloads
[25/07/2016 07:57:36] - |RD| - [2205] - C:\Users\jean-\Favorites
[25/07/2016 07:57:36] - |RD| - [1953] - C:\Users\jean-\Links
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Local Settings
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Menu Démarrer
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Mes documents
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Modèles
[25/07/2016 07:57:36] - |RD| - [504] - C:\Users\jean-\Music
[25/07/2016 07:57:36] - |ASH| - [1310720] - C:\Users\jean-\NTUSER.DAT
[25/07/2016 07:57:37] - |ASH| - [367616] - C:\Users\jean-\ntuser.dat.LOG1
[25/07/2016 07:57:37] - |ASH| - [98304] - C:\Users\jean-\ntuser.dat.LOG2
[25/07/2016 07:57:37] - |ASH| - [65536] - C:\Users\jean-\NTUSER.DAT{d44df964-7f37-11e5-80c4-90b11c2678d9}.TM.blf
[25/07/2016 07:57:37] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{d44df964-7f37-11e5-80c4-90b11c2678d9}.TMContainer00000000000000000001.regtrans-ms
[25/07/2016 07:57:37] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{d44df964-7f37-11e5-80c4-90b11c2678d9}.TMContainer00000000000000000002.regtrans-ms
[25/07/2016 07:57:37] - |SH| - [20] - C:\Users\jean-\ntuser.ini
[25/07/2016 08:06:08] - |RD| - [96] - C:\Users\jean-\OneDrive
[25/07/2016 07:57:36] - |RD| - [15635] - C:\Users\jean-\Pictures
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Recent
[25/07/2016 07:57:36] - |RD| - [282] - C:\Users\jean-\Saved Games
[25/07/2016 08:00:47] - |RD| - [1872] - C:\Users\jean-\Searches
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\SendTo
[25/07/2016 07:57:36] - |RD| - [504] - C:\Users\jean-\Videos
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Voisinage d'impression
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\Voisinage réseau
[25/07/2016 08:00:43] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Adobe
[25/07/2016 08:04:58] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ATI
[25/07/2016 08:41:10] - |D| - [38421] - C:\Users\jean-\AppData\Roaming\JAM Software
[25/07/2016 08:20:55] - |D| - [492] - C:\Users\jean-\AppData\Roaming\Macromedia
[25/07/2016 07:57:36] - |SD| - [1059333] - C:\Users\jean-\AppData\Roaming\Microsoft
[25/07/2016 10:10:23] - |D| - [10] - C:\Users\jean-\AppData\Roaming\Mozilla
[25/07/2016 09:25:00] - |D| - [1136] - C:\Users\jean-\AppData\Roaming\TechSmith
[25/07/2016 08:02:48] - |D| - [0] - C:\Users\jean-\AppData\Local\ActiveSync
[25/07/2016 08:05:12] - |D| - [4] - C:\Users\jean-\AppData\Local\AMD
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Application Data
[25/07/2016 08:04:58] - |D| - [66104] - C:\Users\jean-\AppData\Local\ATI
[25/07/2016 08:03:05] - |D| - [19079272] - C:\Users\jean-\AppData\Local\Comms
[25/07/2016 08:39:48] - |D| - [41922560] - C:\Users\jean-\AppData\Local\Downloaded Installations
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Historique
[25/07/2016 08:42:27] - |AH| - [11400] - C:\Users\jean-\AppData\Local\IconCache.db
[25/07/2016 07:57:36] - |D| - [196738982] - C:\Users\jean-\AppData\Local\Microsoft
[25/07/2016 08:07:21] - |D| - [87469] - C:\Users\jean-\AppData\Local\MicrosoftEdge
[25/07/2016 10:10:23] - |D| - [0] - C:\Users\jean-\AppData\Local\Mozilla
[25/07/2016 08:00:43] - |D| - [93351279] - C:\Users\jean-\AppData\Local\Packages
[25/07/2016 08:01:46] - |D| - [0] - C:\Users\jean-\AppData\Local\PackageStaging
[25/07/2016 08:39:25] - |D| - [0] - C:\Users\jean-\AppData\Local\Programs
[25/07/2016 08:03:33] - |D| - [0] - C:\Users\jean-\AppData\Local\Publishers
[25/07/2016 08:41:47] - |D| - [7688] - C:\Users\jean-\AppData\Local\Sophos
[25/07/2016 09:17:58] - |D| - [18588301] - C:\Users\jean-\AppData\Local\TechSmith
[25/07/2016 07:57:36] - |D| - [79267692] - C:\Users\jean-\AppData\Local\Temp
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Temporary Internet Files
[25/07/2016 08:00:41] - |D| - [11411456] - C:\Users\jean-\AppData\Local\TileDataLayer
[25/07/2016 08:00:49] - |D| - [0] - C:\Users\jean-\AppData\Local\VirtualStore
[25/07/2016 08:00:46] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[25/07/2016 07:57:37] - |SHD| - [0] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[25/07/2016 07:57:36] - |RD| - [22472] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[25/07/2016 07:57:36] - |RD| - [3888] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[25/07/2016 07:57:36] - |RD| - [2927] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[25/07/2016 08:00:47] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[25/07/2016 08:00:46] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[25/07/2016 07:57:36] - |D| - [170] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[25/07/2016 08:06:08] - |A| - [2409] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[25/07/2016 08:00:47] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[25/07/2016 07:57:36] - |RD| - [5318] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[25/07/2016 07:57:36] - |RSD| - [7238] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[25/07/2016 08:00:47] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[25/07/2016 08:00:46] - |RHD| - [196] - C:\Users\Public\AccountPictures
[30/10/2015 09:24:24] - |RHD| - [2632] - C:\Users\Public\Desktop
[30/10/2015 09:24:29] - |ASH| - [174] - C:\Users\Public\desktop.ini
[30/10/2015 09:24:24] - |RD| - [278] - C:\Users\Public\Documents
[30/10/2015 09:24:24] - |RD| - [174] - C:\Users\Public\Downloads
[30/10/2015 09:24:24] - |RHD| - [1174] - C:\Users\Public\Libraries
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Music
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Pictures
[30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[25/07/2016 07:54:55] - |D| - [0] - C:\ProgramData\AMD
[25/07/2016 07:36:09] - |SHD| - [8763890123] - C:\ProgramData\Application Data
[25/07/2016 08:04:58] - |D| - [186] - C:\ProgramData\ATI
[25/07/2016 07:36:09] - |SHD| - [2632] - C:\ProgramData\Bureau
[30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms
[25/07/2016 08:44:33] - |D| - [0] - C:\ProgramData\createonepart
[25/07/2016 07:36:09] - |SHD| - [278] - C:\ProgramData\Documents
[25/07/2016 08:44:26] - |D| - [0] - C:\ProgramData\explauncher
[25/07/2016 08:44:25] - |D| - [0] - C:\ProgramData\launcher
[25/07/2016 07:36:09] - |SHD| - [81996] - C:\ProgramData\Menu Démarrer
[30/10/2015 09:24:24] - |SD| - [602019573] - C:\ProgramData\Microsoft
[25/07/2016 08:04:53] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[25/07/2016 08:39:42] - |D| - [293235] - C:\ProgramData\MindGems
[25/07/2016 07:36:09] - |SHD| - [0] - C:\ProgramData\Modèles
[25/07/2016 07:54:06] - |D| - [117670307] - C:\ProgramData\Package Cache
[30/10/2015 09:24:24] - |D| - [1000] - C:\ProgramData\regid.1991-06.com.microsoft
[30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[25/07/2016 08:19:48] - |D| - [70245019] - C:\ProgramData\Sophos
[25/07/2016 09:16:14] - |D| - [8274007] - C:\ProgramData\TechSmith
[30/10/2015 09:24:24] - |D| - [5373] - C:\ProgramData\USOPrivate
[25/07/2016 07:38:50] - |D| - [53248] - C:\ProgramData\USOShared
[25/07/2016 08:08:03] - |D| - [565] - C:\ProgramData\Western Digital

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[25/07/2016 07:36:09] - |SHD| - [81822] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[30/10/2015 09:24:24] - |RD| - [81822] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[30/10/2015 09:24:24] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/10/2015 09:24:24] - |RD| - [15666] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[30/10/2015 09:24:24] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[25/07/2016 07:55:04] - |D| - [4373] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[30/10/2015 09:24:28] - |ASH| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[30/10/2015 09:18:13] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[30/10/2015 09:19:28] - |RAS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
[25/07/2016 08:39:42] - |D| - [5116] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
[30/10/2015 09:19:28] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[30/10/2015 09:24:24] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/10/2015 09:17:57] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[25/07/2016 08:41:55] - |D| - [3367] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 14 Free
[30/10/2015 09:19:28] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[30/10/2015 09:18:07] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[25/07/2016 08:21:56] - |D| - [2608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[30/10/2015 09:24:24] - |RD| - [1399] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[30/10/2015 09:24:24] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[30/10/2015 21:03:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[25/07/2016 09:17:22] - |D| - [5274] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[25/07/2016 08:41:08] - |D| - [5299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[25/07/2016 09:17:23] - |A| - [1225] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 13.lnk

---------- | C:\Program Files (x86)

[25/07/2016 07:54:18] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies
[30/10/2015 08:28:30] - |D| - [32942112] - C:\Program Files (x86)\Common Files
[30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[25/07/2016 08:39:39] - |D| - [5939373] - C:\Program Files (x86)\Folder Size
[30/10/2015 09:24:24] - |D| - [2153911] - C:\Program Files (x86)\Internet Explorer
[25/07/2016 08:41:02] - |D| - [5910723] - C:\Program Files (x86)\JAM Software
[30/10/2015 09:24:24] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[25/07/2016 08:20:47] - |D| - [33303336] - C:\Program Files (x86)\Sophos
[25/07/2016 09:16:14] - |D| - [143273941] - C:\Program Files (x86)\TechSmith
[30/10/2015 09:24:24] - |D| - [1465856] - C:\Program Files (x86)\Windows Defender
[30/10/2015 09:24:24] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail
[30/10/2015 09:24:24] - |D| - [3342927] - C:\Program Files (x86)\Windows Media Player
[30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform
[30/10/2015 09:24:24] - |D| - [7575610] - C:\Program Files (x86)\Windows NT
[30/10/2015 09:24:24] - |D| - [5484224] - C:\Program Files (x86)\Windows Photo Viewer
[30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices
[30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[30/10/2015 09:24:24] - |SD| - [2685232] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[25/07/2016 07:53:02] - |D| - [96636696] - C:\Program Files\AMD
[25/07/2016 07:54:53] - |D| - [5595872] - C:\Program Files\ATI Technologies
[30/10/2015 08:28:30] - |D| - [51366047] - C:\Program Files\Common Files
[30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files\desktop.ini
[25/07/2016 07:36:09] - |SHD| - [51366047] - C:\Program Files\Fichiers communs
[30/10/2015 09:24:24] - |D| - [2774682] - C:\Program Files\Internet Explorer
[25/07/2016 08:41:38] - |D| - [0] - C:\Program Files\Paragon Software
[25/07/2016 07:55:48] - |D| - [35377120] - C:\Program Files\Realtek
[25/07/2016 07:37:48] - |HD| - [0] - C:\Program Files\Uninstall Information
[30/10/2015 09:24:24] - |D| - [11400154] - C:\Program Files\Windows Defender
[30/10/2015 21:03:03] - |D| - [8974456] - C:\Program Files\Windows Journal
[30/10/2015 09:24:24] - |D| - [6322176] - C:\Program Files\Windows Mail
[30/10/2015 09:24:24] - |D| - [5394547] - C:\Program Files\Windows Media Player
[30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Multimedia Platform
[30/10/2015 09:24:24] - |D| - [7862330] - C:\Program Files\Windows NT
[30/10/2015 09:24:24] - |D| - [6381248] - C:\Program Files\Windows Photo Viewer
[30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Portable Devices
[30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[30/10/2015 09:24:24] - |HD| - [1197282069] - C:\Program Files\WindowsApps
[30/10/2015 09:24:24] - |SD| - [2856133] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[25/07/2016 07:47:58] - |D| - [337630] - C:\Program Files (x86)\Common Files\logishrd
[30/10/2015 09:24:24] - |D| - [15763041] - C:\Program Files (x86)\Common Files\Microsoft Shared
[30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[25/07/2016 08:20:45] - |D| - [2611828] - C:\Program Files (x86)\Common Files\Sophos
[30/10/2015 09:24:24] - |D| - [9676683] - C:\Program Files (x86)\Common Files\System
[25/07/2016 09:16:14] - |D| - [4550228] - C:\Program Files (x86)\Common Files\TechSmith Shared

---------- | C:\Program Files\Common files

[25/07/2016 07:47:56] - |D| - [1022022] - C:\Program Files\Common files\logishrd
[30/10/2015 09:24:24] - |D| - [39835712] - C:\Program Files\Common files\microsoft shared
[30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files\Common files\Services
[30/10/2015 09:24:24] - |D| - [10505611] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [25/07/2016 07:36:11] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [427752] - C:\Windows\System32\Tasks\Microsoft
[MD5.6FA436BF612934ABFC8730AF08335C02] - [25/07/2016 09:18:23] - |A| - [3888] - C:\Windows\System32\Tasks\TechSmith Updater         :   C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe
[MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700|
"vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"{DDA7233F-C863-429A-8E78-341E32223C1A}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{B42823DB-F6A4-4BBE-9F92-572ED87124AA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{F3C132FA-0B00-4B0A-88A6-B9BD9CF7F9C6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{E582BD37-85B1-470A-8630-1E43DD2C0346}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
"{A02C9407-3F56-470A-B9D6-96F48FEF301F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{26E1EEB9-F207-46FD-BB3C-7F956E061FD5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{75860E63-2B40-44EC-870C-5032BE40B92A}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{F1E21584-9D5D-444D-9FC3-A24519C4DA40}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{FBA3E62C-786C-499C-9A00-B3E7F534AE93}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{314ED709-010E-4B7D-AA6B-94FF3F97FE20}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{20A53727-2C59-4112-9C7B-3D29C299CDAC}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{088724FA-072A-400E-9850-8826D0A4E056}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{C9176925-13AB-483A-BFC7-6DC407A1DB93}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{58EE7065-6677-4065-AFFF-F6BD153D8F4C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{826ECB11-8BC0-4AB5-A4CC-66C241A6DCED}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ|
"{6D9B4C00-2CC1-411A-9C29-776E8ABFADA5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{8C9CA5A2-AA9C-477E-89F2-3BD04B005147}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{9C53CD4B-FABD-44B1-A7CB-95C9F60936CD}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{F70B0FC1-F271-4571-8EB8-E2DB7ACFAEF7}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{8230EA3B-FD46-48B7-968C-DD3852A5EC21}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{2269BA8E-9A18-446E-8E91-0DAC9199C777}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{23260658-E959-4568-8EE8-45DA9EEAD61E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{0CF7614F-CCAA-4A74-BF75-9B74C533CBDD}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{C3EBE339-4A9B-4D38-B8EF-37A84B5408D2}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ|
"{7E3ED517-E1B4-4998-965F-2CDE67F36A7C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
"{AF82546B-DF5A-450F-889E-B7F3F093B97D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{4B4EA907-C597-4F99-AD9C-30B479315425}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{21C1374C-C51B-4E48-8C38-40CBFE8798E6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{0B42BD96-ABF0-4F5A-A67D-6DD2337318C4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{80E74AA8-9BE4-4095-8B62-EC5B047B9BDC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{210106E7-928E-41B0-8F11-D8DC32833947}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{8A0052A5-786A-4965-86AE-505E1F9D81F6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{3B85D496-9D14-4337-B5A7-F81B479FFC29}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{873AB9F0-9D7D-412C-A430-9071788F4688}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{C8E63447-9CCF-4F3B-8330-551BE834BAF3}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{D84F1F40-E784-4E8C-A668-60DFFF6689F5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{EF82375C-7DAD-4B35-B1BE-C74F101E1F33}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{88DBDBFA-4025-4C26-BA37-62BF2AAAAB14}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{975DDBDE-489F-4679-A2C3-364518BE9E3E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{FE1F17FF-4F4E-4BC6-A23F-00E8D027AC20}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{7DDCE826-40E4-4BBD-ACED-AA837F19989B}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{9D13EDAF-F15F-4A0E-B459-A4023768FE1F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8298|Name=TechSmith Snagit|
"{3361C2E5-4794-4338-A7D9-162E5E21687B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{3AD7954B-BE22-4CC7-BEC4-CE70D7C155E5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{956D215A-9355-4CF3-830C-D06375717CB2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.41051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{5AEDD94A-38D6-4B81-BBCE-B74710543369}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{C67C8FCA-7C3A-4AE0-89AF-111AFAD81892}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{1FECC990-9BCE-4B3F-8C5F-63F720BE8378}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{9F669342-7EAF-4241-A985-BDEEBBA6DB33}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{EE9DEE62-939A-4AF6-A6D4-991115366CFF}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1607.1991.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{682CF358-8C47-4A85-BA50-B8891205504C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.15131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{C4A66A09-C810-4370-A946-9306F740511E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"{F814F2E0-61B1-45B6-9699-1688BCFE3D01}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{869C3881-3B33-4D8D-9A84-61919B840201}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.22511.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ|
"{2942280A-A7B3-46DA-8749-139FC54D2853}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{BF58787C-EC5D-4E24-8F9E-B195176479BD}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ|
"{3A171694-9C32-453A-8156-2CEB47693602}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|
"{EA27BBF1-CC62-4D25-8CDA-35E28D9BD9DD}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{EC74A78C-2224-40EF-A0CB-D1F9C057A3D0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-1818149683-622579324-567972293-1002|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|
"UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list]
"C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe"=C:\Users\jean-\Desktop\quickdiag_2_24.07.2016.1.exe:*:Enabled:quickdiag_2_24.07.2016.1




---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) []  -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) []  -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) []  -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) []  -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) []  -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) []  -> @c_sslaccel.inf,%ClassName%;Security Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) []  -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) []  -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) []  -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) []  -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) []  -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) []  -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) []  -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) []  -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) []  -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) []  -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) []  -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) []  -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) []  -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) []  -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) []  -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) []  -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) []  -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) []  -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) []  -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) []  -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) []  -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) []  -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) []  -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) []  -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) []  -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) []  -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) []  -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) []  -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) []  -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) []  -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) []  -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) []  -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) []  -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) []  -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) []  -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) []  -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) []  -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) []  -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) []  -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) []  -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) []  -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) []  -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) []  -> @oem8.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) []  -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) []  -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) []  -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) []  -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) []  -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) []  -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) []  -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) []  -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) []  -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) []  -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) []  -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) []  -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) []  -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) []  -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) []  -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) []  -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) []  -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) []  -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) []  -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) []  -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) []  -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) []  -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) []  -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5]  -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[25/07/2016 08:41:56] - (10.1.25.377) - (Paragon Software Group - A part of Paragon System Utilities) - C:\Windows\system32\DRIVERS\hotcore3.sys
[25/07/2016 08:18:41] - (3.23.1.0) - (Sophos Limited - SAV On-Access and HIPS for Windows Vista (AMD64)) - C:\Windows\system32\DRIVERS\savonaccess.sys
[25/07/2016 08:33:50] - (3.4.9.0) - (Sophos Limited - Sophos Web Intelligence) - C:\Windows\system32\DRIVERS\swi_callout.sys
[30/10/2015 09:17:23] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\Windows\System32\drivers\L1C63x64.sys
[12/11/2015 22:50:10] - (1.1.0.0) - (Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver) - C:\Windows\System32\drivers\wdcsam64.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: NetworkService - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: _Early-Launch - DriverEnabled: False - GroupOrder: 74 - Status: OK
Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 75 - Status: OK
Name: LocalService - DriverEnabled: False - GroupOrder: 76 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="TDI" - Service.Name="icssvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="PlugPlay" - Service.Name="RtkAudioService"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="PlugPlay" - Service.Name="SAVService"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx"
LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="hotcore3"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SAVOnAccess"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SophosBootDriver"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea"
LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6"
LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wpcfltr"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip"
LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - 3ware () -> System32\drivers\3ware.sys
R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys
R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys
S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS
S0 - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys
S0 - amdsata () -> System32\drivers\amdsata.sys
S0 - amdsbs () -> System32\drivers\amdsbs.sys
S0 - amdxata () -> System32\drivers\amdxata.sys
S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys
S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys
S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys
R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys
R0 - CNG () -> System32\Drivers\cng.sys
R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys
S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys
S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys
S0 - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys
R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys
R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys
S0 - Fs_Rec () -> (?)
R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys
S0 - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys
R0 - hotcore3 (hc3ServiceName) -> system32\DRIVERS\hotcore3.sys
S0 - HpSAMD () -> System32\drivers\HpSAMD.sys
S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys
S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys
S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys
S0 - intelide () -> System32\drivers\intelide.sys
S0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys
S0 - isapnp () -> System32\drivers\isapnp.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys
S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys
S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys
S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys
S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys
S0 - megasas () -> System32\drivers\megasas.sys
S0 - megasr () -> System32\drivers\megasr.sys
R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys
R0 - msisadrv () -> System32\drivers\msisadrv.sys
R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys
S0 - mvumis () -> System32\drivers\mvumis.sys
R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys
S0 - nvraid () -> System32\drivers\nvraid.sys
S0 - nvstor () -> System32\drivers\nvstor.sys
S0 - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys
R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys
R0 - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys
S0 - pciide () -> System32\drivers\pciide.sys
S0 - pcmcia () -> System32\drivers\pcmcia.sys
R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys
R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys
S0 - percsas2i () -> System32\drivers\percsas2i.sys
S0 - percsas3i () -> System32\drivers\percsas3i.sys
R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys
S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys
S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys
S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys
R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys
S0 - stexstor () -> System32\drivers\stexstor.sys
R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys
S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys
S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys
S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys
S0 - storvsc () -> System32\drivers\storvsc.sys
R0 - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys
S0 - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys
S0 - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys
R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys
S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys
R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys
R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys
R0 - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys
S0 - vsmraid () -> System32\drivers\vsmraid.sys
S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys
R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys
R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys
R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys
R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys
R0 - Wof (Windows Overlay File System Filter Driver) -> (?)
R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys
R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys
R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys
R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys
R1 - Beep (Beep) -> (?)
R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys
S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys
R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys
R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys
R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys
R1 - Msfs () -> (?)
R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys
R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys
R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys
R1 - Npfs () -> (?)
R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys
R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys
R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys
R1 - SAVOnAccess (SAVOnAccess) -> system32\DRIVERS\savonaccess.sys
R1 - swi_callout (swi_callout) -> \SystemRoot\system32\DRIVERS\swi_callout.sys
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys
R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys
R2 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe
R2 - AMD FUEL Service (AMD FUEL Service) -> "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe
R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys
R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys
S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys
R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys
R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R2 - OneSyncSvc_3087e (Hôte de synchronisation_3087e) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS
R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys
R2 - RtkAudioService (Realtek Audio Service) -> C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R2 - SAVAdminService (Sophos Anti-Virus status reporter) -> "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe"
R2 - SAVService (Sophos Anti-Virus) -> "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe"
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe
R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys
R2 - swi_filter (Sophos Web Filter) -> "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe"
R2 - swi_service (Sophos Web Intelligence Service) -> "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe"
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R2 - TechSmith Uploader Service (TechSmith Uploader Service) -> "C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe" /service
R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - TrustedInstaller (@%SystemRoot%\servicing\TrustedInstaller.exe,-100) -> %SystemRoot%\servicing\TrustedInstaller.exe
R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S2 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding
S3 - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys
S3 - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys
S3 - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys
S3 - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys
S3 - AJRouter (@%SystemRoot%\system32\AJRouter.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) -> %SystemRoot%\System32\alg.exe
S3 - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys
R3 - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys
R3 - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys
R3 - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys
S3 - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys
S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - AppReadiness (@%SystemRoot%\System32\AppReadiness.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k AppReadiness
S3 - AppXSvc (@%SystemRoot%\system32\appxdeploymentserver.dll,-1) -> %systemroot%\system32\svchost.exe -k wsappx
S3 - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys
S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) -> %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
S3 - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys
S3 - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys
S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys
S3 - Browser (@%systemroot%\system32\browser.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys
S3 - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys
S3 - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys
S3 - BthHFSrv (@%SystemRoot%\System32\BthHFSrv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys
S3 - bthserv (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys
S3 - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys
S3 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys
S3 - ClipSVC (@%SystemRoot%\system32\ClipSVC.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx
S3 - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys
R3 - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
S3 - COMSysApp (@comres.dll,-947) -> %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R3 - condrv (Console Driver) -> System32\drivers\condrv.sys
S3 - DcpSvc (@%SystemRoot%\system32\dcpsvc.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k defragsvc
S3 - DeviceInstall (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - DevQueryBroker (@%SystemRoot%\system32\DevQueryBroker.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - diagnosticshub.standardcollector.service (@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000) -> %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
S3 - DmEnrollmentSvc (@%systemroot%\system32\Windows.Internal.Management.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys
S3 - dmwappushservice (@%SystemRoot%\system32\dmwappushsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Pilotes audio approuvés par Microsoft) -> \SystemRoot\system32\DRIVERS\drmkaud.sys
S3 - DsmSvc (@%SystemRoot%\system32\DeviceSetupManager.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - DsSvc (@%SystemRoot%\system32\dssvc.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys
S3 - Eaphost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - embeddedmode (@%SystemRoot%\system32\embeddedmodesvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - EntAppSvc (@EnterpriseAppMgmtSvc.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel
S3 - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys
R3 - exfat (exFAT File System Driver) -> (?)
R3 - fastfat (FAT12/16/32 File System Driver) -> (?)
S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) -> %systemroot%\system32\fxssvc.exe
S3 - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys
R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - fhsvc (@%systemroot%\system32\fhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys
S3 - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys
S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys
S3 - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys
S3 - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys
S3 - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys
S3 - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio) -> \SystemRoot\system32\DRIVERS\HdAudio.sys
R3 - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys
S3 - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys
S3 - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys
S3 - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys
S3 - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys
S3 - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys
R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys
S3 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys
S3 - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys
S3 - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys
S3 - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys
S3 - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys
S3 - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys
S3 - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys
S3 - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys
S3 - icssvc (@%SystemRoot%\System32\tetheringservice.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - IEEtwCollectorService (@%SystemRoot%\system32\ieetwcollectorres.dll,-1000) -> %SystemRoot%\system32\IEEtwCollector.exe /V
S3 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys
S3 - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys
S3 - IoQos (@%SystemRoot%\system32\drivers\ioqos.sys,-100) -> system32\drivers\ioqos.sys
S3 - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys
S3 - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys
S3 - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys
S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys
S3 - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys
R3 - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys
R3 - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys
R3 - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys
R3 - KeyIso (@keyiso.dll,-100) -> %SystemRoot%\system32\lsass.exe
R3 - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys
S3 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
R3 - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys
R3 - lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - LicenseManager (@%SystemRoot%\system32\licensemanagersvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalService
R3 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R3 - LVRS64 (@oem4.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys
R3 - LVUVC64 (@oem2.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys
S3 - MessagingService (@%SystemRoot%\system32\MessagingService.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
S3 - MessagingService_3087e (MessagingService_3087e) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup
S3 - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys
S3 - Modem () -> system32\drivers\modem.sys
R3 - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys
R3 - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys
R3 - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys
R3 - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys
S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys
S3 - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys
S3 - MSDTC (@comres.dll,-2797) -> %SystemRoot%\System32\msdtc.exe
S3 - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys
S3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys
S3 - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys
S3 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V
S3 - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys
S3 - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys
S3 - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys
S3 - MsRPC () -> (?)
S3 - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys
S3 - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys
S3 - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys
S3 - NcaSvc (@%SystemRoot%\system32\ncasvc.dll,-3009) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R3 - NcbService (@%SystemRoot%\system32\ncbservice.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - NcdAutoSetup (@%SystemRoot%\system32\NcdAutoSetup.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
S3 - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys
S3 - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys
S3 - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys
S3 - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> System32\DRIVERS\ndistapi.sys
S3 - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys
R3 - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys
S3 - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys
S3 - ndiswanlegacy (@%systemroot%\system32\rascfg.dll,-32014) -> System32\DRIVERS\ndiswan.sys
S3 - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys
S3 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe
S3 - Netman (@%SystemRoot%\system32\netman.dll,-109) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - NetSetupSvc (@%SystemRoot%\system32\NetSetupSvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - NgcCtnrSvc (@%SystemRoot%\System32\NgcCtnrSvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - NgcSvc (@%SystemRoot%\System32\ngcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - NTFS () -> (?)
S3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys
S3 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) -> %SystemRoot%\SysWow64\perfhost.exe
S3 - PhoneSvc (@%SystemRoot%\system32\PhoneserviceRes.dll,-10000) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - PimIndexMaintenanceSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-15001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R3 - PimIndexMaintenanceSvc_3087e (Données de contacts_3087e) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup
S3 - pla (@%systemroot%\system32\pla.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R3 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-200) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
S3 - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys
S3 - PrintNotify (@C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll,-1) -> %SystemRoot%\system32\svchost.exe -k print
S3 - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys
S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) -> %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys
S3 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
S3 - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys
S3 - RasAuto (@%Systemroot%\system32\rasauto.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys
S3 - RasMan (@%Systemroot%\system32\rasmans.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> System32\DRIVERS\raspppoe.sys
S3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys
R3 - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys
S3 - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys
S3 - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys
S3 - ReFSv1 () -> (?)
S3 - RetailDemo (@%SystemRoot%\System32\RDXService.dll,-256) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) -> %SystemRoot%\system32\locator.exe
S3 - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys
S3 - ScDeviceEnum (@%SystemRoot%\System32\ScDeviceEnum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys
S3 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys
S3 - sdcfilter (sdcfilter) -> \SystemRoot\system32\DRIVERS\sdcfilter.sys
S3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) -> %SystemRoot%\system32\svchost.exe -k SDRSVC
S3 - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys
S3 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs
S3 - SensorDataService (@%SystemRoot%\system32\SensorDataService.exe,-101) -> %SystemRoot%\System32\SensorDataService.exe
S3 - SensorService (@%SystemRoot%\System32\sensorservice.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys
S3 - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys
S3 - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys
S3 - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys
S3 - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys
S3 - SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys
S3 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - smphost (@%SystemRoot%\System32\smphost.dll,-102) -> %SystemRoot%\System32\svchost.exe -k smphost
S3 - SmsRouter (@%SystemRoot%\System32\SmsRouterSvc.dll,-10001) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) -> %SystemRoot%\System32\snmptrap.exe
S3 - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys
R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys
R3 - srvnet () -> System32\DRIVERS\srvnet.sys
R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - StateRepository (@%SystemRoot%\system32\windows.staterepository.dll,-1) -> %SystemRoot%\system32\svchost.exe -k appmodel
S3 - StorSvc (@%SystemRoot%\System32\StorSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - svsvc (@%SystemRoot%\system32\svsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys
S3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k swprv
S3 - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys
S3 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys
S3 - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys
S3 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - TieringEngineService (@%SystemRoot%\system32\TieringEngineService.exe,-702) -> %SystemRoot%\system32\TieringEngineService.exe
R3 - TimeBroker (@%windir%\system32\TimeBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys
S3 - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys
S3 - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys
R3 - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys
S3 - tzautoupdate (@%SystemRoot%\system32\tzautoupdate.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys
S3 - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys
S3 - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys
S3 - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys
S3 - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys
S3 - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys
S3 - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys
S3 - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys
S3 - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys
S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) -> %SystemRoot%\system32\UI0Detect.exe
R3 - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys
R3 - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys
S3 - UmRdpService (@%SystemRoot%\system32\umrdp.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - UnistoreSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup
R3 - UnistoreSvc_3087e (Stockage des données utilisateur_3087e) -> C:\Windows\System32\svchost.exe -k UnistackSvcGroup
S3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys
S3 - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys
S3 - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys
R3 - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;Pilote USB audio (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys
R3 - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Pilote parent générique USB Microsoft) -> \SystemRoot\System32\drivers\usbccgp.sys
S3 - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys
R3 - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys
R3 - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys
S3 - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys
R3 - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys
S3 - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys
S3 - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys
R3 - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS
S3 - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys
S3 - usbvideo (@usbvideo.inf,%USBVideo.SvcDesc%;Périphérique vidéo USB (WDM)) -> \SystemRoot\System32\Drivers\usbvideo.sys
S3 - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS
S3 - UserDataSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-14001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup
R3 - UserDataSvc_3087e (Accès aux données utilisateur_3087e) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup
R3 - UsoSvc (@%systemroot%\system32\usocore.dll,-102) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) -> %SystemRoot%\system32\lsass.exe
S3 - vds (@%SystemRoot%\system32\vds.exe,-100) -> %SystemRoot%\System32\vds.exe
S3 - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys
S3 - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys
S3 - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys
S3 - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys
S3 - vmicguestinterface (@%systemroot%\system32\icsvc.dll,-801) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicheartbeat (@%systemroot%\system32\icsvc.dll,-101) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmickvpexchange (@%systemroot%\system32\icsvc.dll,-201) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicrdv (@%systemroot%\system32\icsvc.dll,-601) -> %systemroot%\system32\svchost.exe -k ICService
S3 - vmicshutdown (@%systemroot%\system32\icsvc.dll,-301) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmictimesync (@%systemroot%\system32\icsvc.dll,-401) -> %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - vmicvmsession (@%systemroot%\system32\icsvc.dll,-901) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vmicvss (@%systemroot%\system32\icsvc.dll,-501) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys
S3 - VSS (@%systemroot%\system32\vssvc.exe,-102) -> %systemroot%\system32\vssvc.exe
S3 - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys
S3 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys
S3 - WalletService (@%SystemRoot%\System32\WalletService.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k appmodel
S3 - wanarp (@%systemroot%\system32\rascfg.dll,-32011) -> System32\DRIVERS\wanarp.sys
S3 - wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> System32\DRIVERS\wanarp.sys
S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) -> "%systemroot%\system32\wbengine.exe"
S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - WcsPlugInService (@%SystemRoot%\system32\WcsPlugInService.dll,-200) -> %SystemRoot%\system32\svchost.exe -k wcssvc
S3 - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys
R3 - WDC_SAM (@oem8.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys
S3 - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys
R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys
S3 - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys
S3 - WdNisSvc (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320) -> "%ProgramFiles%\Windows Defender\NisSrv.exe"
S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k NetworkService
S3 - WEPHOSTSVC (@%systemroot%\system32\wephostsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k WepHostSvcGroup
S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
S3 - WiaRpc (@%SystemRoot%\system32\wiarpc.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WIMMount (WIMMount) -> system32\drivers\wimmount.sys
S3 - WinDefend (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310) -> "%ProgramFiles%\Windows Defender\MsMpEng.exe"
R3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys
S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R3 - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS
S3 - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys
S3 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - wlidsvc (@%SystemRoot%\system32\wlidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys
S3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) -> %systemroot%\system32\wbem\WmiApSrv.exe
S3 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
S3 - workfolderssvc (@%systemroot%\system32\workfolderssvc.dll,-102) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - wpcfltr (Family Safety Filter Driver) -> system32\DRIVERS\wpcfltr.sys
S3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys
S3 - WpnService (@%SystemRoot%\system32\wpnservice.dll,-1) -> %systemroot%\system32\svchost.exe -k wswpnservice
S3 - WSService (@%SystemRoot%\system32\WSService.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx
R3 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
R3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys
R3 - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> system32\drivers\WudfRd.sys
R3 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
R3 - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys
S3 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
S3 - XblAuthManager (@%systemroot%\system32\XblAuthManager.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - XblGameSave (@%systemroot%\system32\XblGameSave.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys
S3 - XboxNetApiSvc (@%systemroot%\system32\XboxNetApiSvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys
S4 - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys
S4 - CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S4 - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys
S4 - NetTcpPortSharing (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - RemoteRegistry (@regsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k localService
S4 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S4 - SophosBootDriver (SophosBootDriver) -> \SystemRoot\system32\DRIVERS\SophosBootDriver.sys
R4 - udfs (udfs) -> system32\DRIVERS\udfs.sys
S4 - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys

---------- | System files (Microsoft Files whitelisted)

[MD5.2C5B3035B86770ADD2FE9BFBAF5B35A4] - [30/10/2015 09:17:22] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\Windows\System32\Drivers\3ware.sys
[MD5.F7D0CD345D2DA42E7042ABCD73662403] - [30/10/2015 09:17:22] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\Windows\System32\Drivers\adp80xx.sys
[MD5.5B30BCFE6E02E45D3EE268FF001BC5E0] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.F20B30F35A5C7888441B4DCA001ECF8E] - [30/10/2015 09:17:22] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.AFE838D7576C581D6483529621AB10CC] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.E3FE8F610B1CC12BC3B2E6BC43DC97E2] - [30/10/2015 09:17:22] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.D1F059A530620DCF71303B525D52CA97] - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [21141.48 Ko] - (8.1.1.1500) - C:\Windows\System32\Drivers\atikmdag.sys
[MD5.AD96CC96B6A0CEE8910A13679426C970] - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [658.48 Ko] - (8.14.1.6463) - C:\Windows\System32\Drivers\atikmpag.sys
[MD5.3F5523DCEFE42B385659C5CB46A6B810] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\Windows\System32\Drivers\bcmfn.sys
[MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\Windows\System32\Drivers\bcmfn2.sys
[MD5.6447BA6FA709514B6C803D159B4C7D1E] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\Windows\System32\Drivers\bxvbda.sys
[MD5.491275B864B704B54EC08168344E0F38] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2014-2015 QLogic Corporation - QLogic 10 GigE VBD.) - [3356.34 Ko] - (7.12.2.3) - C:\Windows\System32\Drivers\evbda.sys
[MD5.BF958EB7B11F5B2D353B85E0E80D823E] - [25/07/2016 08:41:56] - (.Copyright 1994-2014 Paragon Software Group - A part of Paragon System Utilities.) - [33.26 Ko] - (10.1.25.377) - C:\Windows\System32\Drivers\hotcore3.sys
[MD5.FF442DCDCE1F6E9FAA9C8AD0CD1D199B] - [30/10/2015 09:17:22] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [30/10/2015 09:17:18] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\Windows\System32\Drivers\iai2c.sys
[MD5.59A20F5AD9F4AE54098154359519408E] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [162 Ko] - (30.63.1519.7) - C:\Windows\System32\Drivers\iaLPSS2i_I2C.sys
[MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\Windows\System32\Drivers\iaLPSSi_GPIO.sys
[MD5.EB82A11613326691508D9ED9A4FE29E7] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\Windows\System32\Drivers\iaLPSSi_I2C.sys
[MD5.6B0029A0253098CCE28EACCFDB9E7208] - [30/10/2015 09:17:22] - (.Copyright (C), Intel Corporation.  - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\Windows\System32\Drivers\iaStorAV.sys
[MD5.9652E1E35A92D8C75710C17A63B15796] - [30/10/2015 09:17:22] - (.Copyright(C) Intel Corporation 1994-2008  - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.FFADF691F7BF727AF5C863454A372723] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [414.84 Ko] - (4.91.10730.0) - C:\Windows\System32\Drivers\ibbus.sys
[MD5.4E444F41E69BBE2E0BAE34D5DFCB5732] - [30/10/2015 09:17:23] - (.2001-2012 Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller.) - [118.5 Ko] - (2.1.0.16) - C:\Windows\System32\Drivers\L1C63x64.sys
[MD5.961F28D879D345BFA50AF51285C90F2E] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.6BFB8D1B3407518BE06B6F81F92FA0F5] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [102.34 Ko] - (2.0.76.80) - C:\Windows\System32\Drivers\lsi_sas2i.sys
[MD5.BE0E47988D78F731DEC2C0CB03E765CB] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [96.84 Ko] - (2.50.96.80) - C:\Windows\System32\Drivers\lsi_sas3i.sys
[MD5.F99BF02BE9219986817BF094981EEB18] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\Windows\System32\Drivers\lsi_sss.sys
[MD5.A0A527569856B9814E8920F52EBB67F5] - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Kernel Audio Improvement Filter Driver.) - [343.28 Ko] - (13.80.853.0) - C:\Windows\System32\Drivers\lvrs64.sys
[MD5.415E344294D1C0D04627B29146F68481] - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech USB Video Class Driver.) - [4646.66 Ko] - (13.80.853.0) - C:\Windows\System32\Drivers\lvuvc64.sys
[MD5.2ED29B635F35E31A1C0D3DDB7DD2AD03] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\Windows\System32\Drivers\megasas.sys
[MD5.22E3CB85870879CBAE13C5095A8B12E3] - [30/10/2015 09:17:23] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\Windows\System32\Drivers\megasr.sys
[MD5.D41920FBFFF2BBCBBC69A5B383AD022E] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [688.84 Ko] - (4.91.10730.0) - C:\Windows\System32\Drivers\mlx4_bus.sys
[MD5.218705233D02776AE4D19CC37D985C1B] - [30/10/2015 09:17:23] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\Windows\System32\Drivers\mvumis.sys
[MD5.B57CE307DA101C739885B7CC0678077F] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [74.34 Ko] - (4.91.10730.0) - C:\Windows\System32\Drivers\ndfltr.sys
[MD5.604D27CC38CC23493F218D0BB834B3FF] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.8B50D897657AB4A15FD9E251BBF7D107] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.1398A85E59698067CBBE1D66A9C13ADF] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2014 - MEGASAS RAID Controller Driver for Windows.) - [56.84 Ko] - (6.803.21.0) - C:\Windows\System32\Drivers\percsas2i.sys
[MD5.35F7C7AD709D909D618D9EDF987FC3ED] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.602.12.0) - C:\Windows\System32\Drivers\percsas3i.sys
[MD5.E9740A3BC0AE6EA035FF7ECE3A1B27B6] - [01/08/2013 14:12:34] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3480.84 Ko] - (6.0.1.7004) - C:\Windows\System32\Drivers\RTKVHD64.sys
[MD5.389609560D81988DA2B78F7AFE1384F0] - [25/07/2016 08:18:41] - (.© 1998-2014 Sophos Limited, www.sophos.com - SAV On-Access and HIPS for Windows Vista (AMD64).) - [157.25 Ko] - (3.23.1.0) - C:\Windows\System32\Drivers\savonaccess.sys
[MD5.75B98959013B22F8F40C08095B8AB73C] - [25/07/2016 08:18:04] - (.© 1998-2013 Sophos Limited, www.sophos.com - Sophos CD-Rom Device Control Filter for Windows (AMD64).) - [37.25 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\sdcfilter.sys
[MD5.ABBE803FE0BDAE0E5BE74DDEFBE62F23] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.6043DF55CFE3C7ACF477645FA64DEA98] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.FFD056D55C46946ACA218F0A61DA2743] - [25/07/2016 08:18:43] - (.© 2006-2013 Sophos Limited, www.sophos.com - Sophos Boot Driver, Windows XP (AMD64).) - [27.25 Ko] - (1.1.0.0) - C:\Windows\System32\Drivers\SophosBootDriver.sys
[MD5.CCDA497C880AD16D87EDFAEFCFB2EDF5] - [30/10/2015 09:17:23] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.6E08BD408572E27A6BD1ED615A2AFA84] - [25/07/2016 08:33:50] - (.Copyright 2010-2014 Sophos Limited. - Sophos Web Intelligence.) - [31.75 Ko] - (3.4.9.0) - C:\Windows\System32\Drivers\swi_callout.sys
[MD5.D48ED0A08BD2FD25A833E6AC99623091] - [30/10/2015 09:17:23] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\Windows\System32\Drivers\vsmraid.sys
[MD5.6990D4AFDF545669D4E6C232F26DE1FB] - [30/10/2015 09:17:23] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\Windows\System32\Drivers\VSTXRAID.SYS
[MD5.A556768CC1FA4F36022BEE2F0EDE2566] - [12/11/2015 22:50:10] - (.© 2006-2015 Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver.) - [26.25 Ko] - (1.1.0.0) - C:\Windows\System32\Drivers\wdcsam64.sys
[MD5.4A53441C1C4D2878BEF27E381138BB2D] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [26.34 Ko] - (4.91.10730.0) - C:\Windows\System32\Drivers\winmad.sys
[MD5.40A3E8D729F458B2C9A8BD9380FF83D5] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [57.84 Ko] - (4.91.10730.0) - C:\Windows\System32\Drivers\winverbs.sys

---------- | Uninstall

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TreeSize Free_is1] : (TreeSize Free V3.4.5.-.JAM Software) -> "C:\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WUCCCApp] : (AMD Catalyst Control Center.-.AMD) -> "C:\AMD\WU-CCC2\ccc2_install\WULaunchApp.exe" -uninstall
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1] : (Folder Size 3.4.0.0.-.MindGems, Inc.) -> "C:\Program Files (x86)\Folder Size\unins000.exe"
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD0F148B-9556-4508-B48E-0EBA13122B0F}] : (Snagit 13.-.TechSmith Corporation) -> MsiExec.exe /I{DD0F148B-9556-4508-B48E-0EBA13122B0F}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}] : (Snagit 13.-.TechSmith Corporation) -> "C:\ProgramData\Package Cache\{f77be5ce-8cc7-4cbe-aac0-2164e844b4be}\Bootstrapper.exe"  /uninstall
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 

---------- | Ports 


---------- | Microsoft Specifications

CheckID: AutoCrashDump640{DD0F148B-9556-4508-B48E-0EBA13122B0F} - NOT(VersionNT64) -> AutoCrashDump64
CheckID: UCRT0{DD0F148B-9556-4508-B48E-0EBA13122B0F} - UCRT_INSTALLED -> UCRT

---------- | CLSID


---------- | Listing No Microsoft signed files | system32 (Not necessary Malwares)

[MD5.C65F3DD5C512B0E73984DB406B5512F7] - |D| - [30/10/2015 09:17:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\system32\@edptoastimage.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |D| - [30/10/2015 09:18:12] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\system32\@language_notification_icon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |D| - [30/10/2015 09:18:10] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\system32\@optionalfeatures.png
[MD5.9971B035154F5C54948B73A86D6C6874] - |D| - [30/10/2015 09:18:14] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\system32\@TileEmpty1x1Image.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |D| - [30/10/2015 09:17:39] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\Windows\system32\@WiFiNotificationIcon.png
[MD5.4B10D8998C824DD84AD597F9E058F6F0] - |D| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\Windows\system32\amde31a.dat
[MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |D| - [21/10/2015 02:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\Windows\system32\amdgfxinfo64.dll
[MD5.AF1928F5E15921A29877C2E18626F80E] - |D| - [21/10/2015 02:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\Windows\system32\amdhdl64.dll
[MD5.DDEB20626133878B0CE79CCE29B031B9] - |D| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\Windows\system32\amdicdxx.dat
[MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |D| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\Windows\system32\amdlvr64.dll
[MD5.C366C5A2EE8F1F586691E4511AB56040] - |D| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\Windows\system32\amdmantle64.dll
[MD5.3960C946E67311C9831550AEDC649C3A] - |D| - [21/10/2015 02:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\Windows\system32\amdmiracast.dll
[MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |D| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\Windows\system32\amdmmcl6.dll
[MD5.7BA9A6BBF176D945D7B201865897E158] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\Windows\system32\amdocl12cl64.dll
[MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\Windows\system32\amdocl64.dll
[MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |D| - [21/10/2015 02:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\Windows\system32\amdocl_as64.exe
[MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |D| - [21/10/2015 02:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\Windows\system32\amdocl_ld64.exe
[MD5.2B79CD2445F85D54959702583ECBCC04] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\system32\amdpcom64.dll
[MD5.926C753C058B5E589CF38AAC72166702] - |D| - [30/10/2015 09:17:41] - (.-.) - [404.84 Ko] - (0.0.0.0) - C:\Windows\system32\ApnDatabase.xml
[MD5.4A1E2208F1CB13CAA1F9A69775B34B43] - |D| - [30/10/2015 09:17:45] - (.-.) - [2.2 Ko] - (0.0.0.0) - C:\Windows\system32\AppxProvisioning.xml
[MD5.28DF09388444100467873AC906FD6CB2] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\Windows\system32\atiadlxx.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |D| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\Windows\system32\atiapfxx.blb
[MD5.CC2470CA903EA355A24F05520D79BDB8] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\Windows\system32\atiapfxx.exe
[MD5.279066332FA267076E3BEE81C4297F87] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\Windows\system32\aticalcl64.dll
[MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\Windows\system32\aticaldd64.dll
[MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\Windows\system32\aticalrt64.dll
[MD5.BE92AD0155D4A23D0073AF51BE808B29] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\Windows\system32\aticfx64.dll
[MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |D| - [21/10/2015 02:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\Windows\system32\atidemgy.dll
[MD5.8700278344BED8D4A3A5AC2875359584] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\Windows\system32\atidxx64.dll
[MD5.69F82C40A189962A65F6D5A02DF8599F] - |D| - [21/10/2015 02:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\Windows\system32\atieah64.exe
[MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\Windows\system32\atieclxx.exe
[MD5.521248FA26458669BAAE6AB7DB21F3AC] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\Windows\system32\atiesrxx.exe
[MD5.E4F96DFF0501430BF7C6E90841A7282D] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\Windows\system32\atig6pxx.dll
[MD5.86F2AE002AF9222F34937823B98753C2] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\Windows\system32\atig6txx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\Windows\system32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |D| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\system32\atiicdxx.dat
[MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\system32\atimpc64.dll
[MD5.C84C24F13663EF5A59C1E598A350C8C3] - |D| - [21/10/2015 02:14:46] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\Windows\system32\atimuixx.dll
[MD5.7D9CCB5DD8837D6AC954956A5812112C] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\Windows\system32\atio6axx.dll
[MD5.0E89795F721B2BC02D0A12C470750DF6] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\Windows\system32\ATIODCLI.exe
[MD5.C7A506822BE45CD42415710979CDAE7F] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\Windows\system32\ATIODE.exe
[MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |D| - [21/10/2015 02:14:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\Windows\system32\atitmm64.dll
[MD5.067CED045532C58B46E6527BCE3CB47F] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\Windows\system32\atiu9p64.dll
[MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\Windows\system32\atiumd64.dll
[MD5.486D6985E7B7826DBBEAE12755851027] - |D| - [22/08/2015 01:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\system32\atiumd6a.cap
[MD5.0A9CA09952D768F768D2903F984102DC] - |D| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\Windows\system32\atiumd6a.dll
[MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\Windows\system32\atiuxp64.dll
[MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |D| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\Windows\system32\ativce02.dat
[MD5.B974290EEE645249EE212FF62DD0824A] - |D| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\Windows\system32\ativce03.dat
[MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |D| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_cik.dat
[MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |D| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_cik_nd.dat
[MD5.0770A5AB5218E6D3134A7A7239B9A216] - |D| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_cz_nd.dat
[MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |D| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_FJ.dat
[MD5.7EE8F6853798F7A900DB15F3054A0277] - |D| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_FJ_nd.dat
[MD5.11355CAC5334C8999211C09CAAE194EF] - |D| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_vi.dat
[MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |D| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\Windows\system32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |D| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\system32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |D| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\system32\ativvsvl.dat
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |D| - [30/10/2015 09:24:33] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\system32\AutoWorkplace.exe.config
[MD5.22D9945B4AAE36DD59620A918F2E65F4] - |D| - [30/10/2015 09:17:46] - (.-.) - [3096 Ko] - (0.0.0.0) - C:\Windows\system32\boot.sdi
[MD5.405E1EF8E3C88E9BCD2853382BB12430] - |D| - [30/10/2015 09:19:28] - (.-.) - [22.45 Ko] - (0.0.0.0) - C:\Windows\system32\bopomofo.uce
[MD5.6EC6A5D8C388FCE5792805DC8C736E87] - |D| - [30/10/2015 09:17:40] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [92 Ko] - (1.0.0.1) - C:\Windows\system32\BthpanContextHandler.dll
[MD5.6E5DAEBB08D93B3630F2DA9B4FACC05B] - |D| - [30/10/2015 09:18:10] - (.Copyright (C) 2008 - Application ContextH.) - [54 Ko] - (1.0.0.1) - C:\Windows\system32\BWContextHandler.dll
[MD5.CCEAEFAA4DF2F399E9A179D942FEB23C] - |D| - [30/10/2015 09:18:01] - (.-.) - [163.71 Ko] - (0.0.0.0) - C:\Windows\system32\chs_singlechar_pinyin.dat
[MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |D| - [21/10/2015 02:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\Windows\system32\clinfo.exe
[MD5.A0E91D21C945781D03EA0BA1C95F821E] - |D| - [21/10/2015 02:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\Windows\system32\coinst_15.20.dll
[MD5.A797EED94B22B29D3974CB20B66BE6C6] - |D| - [01/08/2013 14:12:30] - (.2012 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [108 Ko] - (1.0.0.2) - C:\Windows\system32\CONEQMSAPOGUILibrary.dll
[MD5.B2241C7E71A7CA5B4CE86FB28FA97373] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-appcmd.searchconnector-ms
[MD5.2B405BCB2A2BDEC47D35D0A921E5B10B] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-contacts.searchconnector-ms
[MD5.8A063B4755E352DD772D43D5E8123BBB] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-history.searchconnector-ms
[MD5.A727FC8376E18F7506A6BB6BC389E602] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-music.searchconnector-ms
[MD5.80CC9D3D6A70AAA255C0FEDB4C7BB692] - |D| - [30/10/2015 09:18:06] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-paths.searchconnector-ms
[MD5.1420FE34B31CBD3B81011E03ACAD94F2] - |D| - [30/10/2015 09:18:07] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-protocol.searchconnector-ms
[MD5.E7B53AF004BEE5112F787A6E5B04D737] - |D| - [30/10/2015 09:18:06] - (.-.) - [10.85 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-results.searchconnector-ms
[MD5.ACB02726235DF588BF8D5A4FF54379DF] - |D| - [30/10/2015 09:18:06] - (.-.) - [7.6 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-suggestions.searchconnector-ms
[MD5.0E3D116A4DC1D2ABDD0692C6173E09E6] - |D| - [30/10/2015 09:18:06] - (.-.) - [6.98 Ko] - (0.0.0.0) - C:\Windows\system32\connectedsearch-zeroinput.searchconnector-ms
[MD5.B59B3988E72A726310AA112A9AD0E78D] - |D| - [30/10/2015 09:17:59] - (.-.) - [2590.61 Ko] - (0.0.0.0) - C:\Windows\system32\CoreUIComponents.dll
[MD5.306B90493D00011EB635E161C6C024B8] - |D| - [30/10/2015 09:17:57] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\system32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |D| - [30/10/2015 09:24:34] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\system32\DefaultQuestions.json
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |D| - [26/10/2012 16:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\Windows\system32\DevManagerCore.dll
[MD5.F938469DAF278EE42E32CE2ED5400172] - |D| - [30/10/2015 09:17:46] - (.-.) - [90.05 Ko] - (0.0.0.0) - C:\Windows\system32\DiskSnapshot.conf
[MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - |D| - [30/10/2015 09:24:34] - (.-.) - [210.88 Ko] - (0.0.0.0) - C:\Windows\system32\dssec.dat
[MD5.30B4EC182373056C7AE758B72B83E8D5] - |D| - [30/10/2015 09:17:52] - (.-.) - [166.5 Ko] - (0.0.0.0) - C:\Windows\system32\EditionUpgradeHelper.dll
[MD5.33D9CB37446952603C170F80B2C897BB] - |D| - [30/10/2015 09:17:52] - (.-.) - [28 Ko] - (0.0.0.0) - C:\Windows\system32\efsext.dll
[MD5.93E76CF7B04EC33A1E9E0FD7546D3603] - |D| - [30/10/2015 09:17:45] - (.-.) - [17.51 Ko] - (0.0.0.0) - C:\Windows\system32\EventViewer_EventDetails.xsl
[MD5.DA348070AF8775C1078EF6FF788CCA18] - |D| - [25/07/2016 07:25:11] - (.-.) - [184.87 Ko] - (0.0.0.0) - C:\Windows\system32\FNTCACHE.DAT
[MD5.7EB29DBB6CB2CACD1C7027B8E050DED8] - |D| - [30/10/2015 09:18:09] - (.-.) - [24.5 Ko] - (0.0.0.0) - C:\Windows\system32\GamePanelExternalHook.dll
[MD5.0FEE8DB559981D7F06E26042ECD8D671] - |D| - [30/10/2015 09:17:39] - (.-.) - [73.87 Ko] - (0.0.0.0) - C:\Windows\system32\gatherNetworkInfo.vbs
[MD5.4FDED87068052EEB9B72A97FDBC141DB] - |D| - [30/10/2015 09:19:28] - (.-.) - [23.44 Ko] - (0.0.0.0) - C:\Windows\system32\gb2312.uce
[MD5.E635EEC491CBD436095B4300C3E9C4C9] - |D| - [30/10/2015 09:17:57] - (.-.) - [340.5 Ko] - (0.0.0.0) - C:\Windows\system32\HrtfApo.dll
[MD5.77071BF934BEF16D5F02E31624258A91] - |D| - [21/10/2015 02:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\Windows\system32\hsa-thunk64.dll
[MD5.ECD81B99477AB4A93D7838EB40B870D0] - |D| - [30/10/2015 09:24:35] - (.-.) - [8.59 Ko] - (0.0.0.0) - C:\Windows\system32\icrav03.rat
[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - |D| - [30/10/2015 09:19:28] - (.-.) - [59.04 Ko] - (0.0.0.0) - C:\Windows\system32\ideograf.uce
[MD5.6B31D08801D3A3F51B59FB1DB14E4A01] - |D| - [30/10/2015 09:18:41] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\Windows\system32\ieuinit.inf
[MD5.652C6CF73BE7AD53D8EECB92D37F3EDE] - |D| - [30/10/2015 09:18:01] - (.-.) - [181.5 Ko] - (0.0.0.0) - C:\Windows\system32\ism32k.dll
[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - |D| - [30/10/2015 09:19:28] - (.-.) - [6.79 Ko] - (0.0.0.0) - C:\Windows\system32\kanji_1.uce
[MD5.529BBD63519BBD654EF328454019693F] - |D| - [30/10/2015 09:19:28] - (.-.) - [8.29 Ko] - (0.0.0.0) - C:\Windows\system32\kanji_2.uce
[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - |D| - [30/10/2015 09:19:28] - (.-.) - [12.57 Ko] - (0.0.0.0) - C:\Windows\system32\korean.uce
[MD5.251C002837808A2F421A73CB9F8E2239] - |D| - [30/10/2015 09:17:36] - (.Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS - MPEG Layer-3 Audio Codec for MSACM.) - [85 Ko] - (1.9.0.401) - C:\Windows\system32\l3codeca.acm
[MD5.9C0B73FE241261A8C447407DDA4EC7F3] - |D| - [30/10/2015 09:17:36] - (.Copyright © 2004 Fraunhofer IIS - MPEG Audio Layer-3 Codec for MSACM.) - [180 Ko] - (3.4.0.0) - C:\Windows\system32\l3codecp.acm
[MD5.050BC9351A3386458B696F8BCA78B27B] - |D| - [30/10/2015 09:17:57] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\Windows\system32\LargeRoom.bin
[MD5.531FE5A2634D87A078017259F21D9736] - |D| - [30/10/2015 09:18:19] - (.-.) - [206.97 Ko] - (0.0.0.0) - C:\Windows\system32\lcphrase.tbl
[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - |D| - [30/10/2015 09:18:19] - (.-.) - [23.55 Ko] - (0.0.0.0) - C:\Windows\system32\lcptr.tbl
[MD5.6D9EE5BD98B4606D0AC2C9F1AEC0C6CB] - |D| - [25/07/2016 07:29:01] - (.-.) - [49.46 Ko] - (0.0.0.0) - C:\Windows\system32\license.rtf
[MD5.B65E8E52916A527F88486875EE291AA8] - |D| - [26/10/2012 16:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\Windows\system32\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |D| - [26/10/2012 16:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\Windows\system32\LogiDPPApp.exe
[MD5.4D4248F6D008D86D5575EE5B154971AE] - |D| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\Windows\system32\lvco1380853.dll
[MD5.FF510CF2A7FA73192E7DB06D7C311799] - |D| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech.  - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\Windows\system32\lvcod64.dll
[MD5.1A8AE8A66B6C289046276453768EF270] - |D| - [26/10/2012 16:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\Windows\system32\lvcoin64.ini
[MD5.77E384B00CB470F66111B70B8EAB2DAE] - |D| - [25/07/2016 07:47:58] - (.-.) - [6.78 Ko] - (0.0.0.0) - C:\Windows\system32\lvcoinst.log
[MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |D| - [26/10/2012 16:42:24] - (.(c) 1996-2012 Logitech.  - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\Windows\system32\LVUI64.dll
[MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |D| - [26/10/2012 16:42:22] - (.(c) 1996-2012 Logitech.  - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\Windows\system32\LVUIRC64.dll
[MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\Windows\system32\mantle64.dll
[MD5.EA33454E28EE1F3CA432DA87203DA24F] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\Windows\system32\mantleaxl64.dll
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |D| - [30/10/2015 09:17:57] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\Windows\system32\MediumRoom.bin
[MD5.ED434A3EBE29070A7E0138C42482EB93] - |D| - [30/10/2015 09:18:14] - (.-.) - [657.31 Ko] - (0.0.0.0) - C:\Windows\system32\mlang.dat
[MD5.C8005EE340C12215D4466DC93F6DA128] - |D| - [30/10/2015 09:18:08] - (.-.) - [222 Ko] - (0.0.0.0) - C:\Windows\system32\MTF.dll
[MD5.AC4CFC9348A1153F8721254DAFD76260] - |D| - [30/10/2015 09:18:08] - (.-.) - [251 Ko] - (0.0.0.0) - C:\Windows\system32\MTFServer.dll
[MD5.86166DAA04A6C154826508304CC6D4AC] - |D| - [30/10/2015 09:17:40] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\system32\NdfEventView.xml
[MD5.C146E873B22C3B300B21A859FE66C27A] - |D| - [30/10/2015 09:17:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\system32\NetTrace.PLA.Diagnostics.xml
[MD5.2C302E26BD0F2CCC9DA636495D6D4C60] - |D| - [30/10/2015 09:18:01] - (.Copyright (C) Nokia 2013 - master branch.) - [258 Ko] - (8.1.0.65535) - C:\Windows\system32\NmaDirect.dll
[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - |D| - [30/10/2015 09:24:36] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\Windows\system32\NOISE.DAT
[MD5.5D27362AF3BCAA75A418F5416A35934E] - |D| - [30/10/2015 09:17:55] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\Windows\system32\odbcconf.rsp
[MD5.FF69267A88A54A223B4357C41930449C] - |D| - [30/10/2015 09:24:36] - (.-.) - [15.1 Ko] - (0.0.0.0) - C:\Windows\system32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\system32\onlinesetup.cmd
[MD5.F192E1998A5F6826BE6955F6EAE7CDA1] - |D| - [21/10/2015 02:14:42] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [71.98 Ko] - (2.0.4.0) - C:\Windows\system32\OpenCL.dll
[MD5.42D2360079B1DF3230024AE920737367] - |D| - [30/10/2015 09:17:57] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\Windows\system32\OutdoorAudioEnvironment.bin
[MD5.66D58077CC739E4B8166E33AB0BA4639] - |D| - [30/10/2015 09:18:09] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\system32\pcl.sep
[MD5.4C44AE37E5E1F9EFA1B8767DA8638F7D] - |D| - [30/10/2015 09:26:16] - (.-.) - [127.98 Ko] - (0.0.0.0) - C:\Windows\system32\perfc009.dat
[MD5.8CFB9A53B6DEED67DCBF7F2AEB0FA8BC] - |D| - [30/10/2015 21:00:15] - (.-.) - [144.31 Ko] - (0.0.0.0) - C:\Windows\system32\perfc00C.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |D| - [30/10/2015 09:26:16] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\system32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |D| - [30/10/2015 21:00:15] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\system32\perfd00C.dat
[MD5.CA36D30F095C05E543488C195C3AEE08] - |D| - [30/10/2015 09:26:16] - (.-.) - [682.62 Ko] - (0.0.0.0) - C:\Windows\system32\perfh009.dat
[MD5.83B62A838C659D22B06582CA6D54EC9F] - |D| - [30/10/2015 21:00:15] - (.-.) - [769.37 Ko] - (0.0.0.0) - C:\Windows\system32\perfh00C.dat
[MD5.BCA0F41A104D7520DCA66B62023EC1C7] - |D| - [25/07/2016 07:45:41] - (.-.) - [1717.64 Ko] - (0.0.0.0) - C:\Windows\system32\PerfStringBackup.INI
[MD5.C09741B9886EF0D15EC3B1443352FB62] - |D| - [30/10/2015 09:18:09] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\system32\pscript.sep
[MD5.007893E8374C766471239EB291BA8C17] - |D| - [30/10/2015 09:17:45] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\system32\psmodulediscoveryprovider.mof
[MD5.3A77C18665A4C8428768CE186A5BC1EF] - |D| - [30/10/2015 09:17:39] - (.-.) - [1.78 Ko] - (0.0.0.0) - C:\Windows\system32\rasctrnm.h
[MD5.C6CA43573C21CA6392F57F238C8391FC] - |D| - [26/10/2012 16:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\Windows\system32\Repository.reg
[MD5.226BBC4490EA49B69B407742A85A2D92] - |D| - [30/10/2015 09:19:26] - (.-.) - [8.72 Ko] - (0.0.0.0) - C:\Windows\system32\ResPriHMImageList
[MD5.7153DD25B2D727B7281780A3DF33C877] - |D| - [30/10/2015 09:19:26] - (.-.) - [8.16 Ko] - (0.0.0.0) - C:\Windows\system32\ResPriImageList
[MD5.43E7D0AB6A8564F5BF375FBF0934FAD1] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\system32\RestartManager.mof
[MD5.3F75A221A01F68D6CE67FE99A868BD8F] - |D| - [30/10/2015 09:17:50] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\Windows\system32\RestartManagerUninstall.mof
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |D| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\system32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |D| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\system32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |D| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |D| - [30/10/2015 09:19:26] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\system32\ScavengeSpace.xml
[MD5.AD89958C33762CB43D7B385F567C27C5] - |D| - [25/07/2016 08:18:03] - (.© 1989-2013 Sophos Limited, www.sophos.com - Sophos Co-installer.) - [171.99 Ko] - (10.3.0.153) - C:\Windows\system32\sdccoinstaller.dll
[MD5.00E5FCFD833151F7CBDE607E2F7AFEB4] - |D| - [30/10/2015 09:19:28] - (.-.) - [5.66 Ko] - (0.0.0.0) - C:\Windows\system32\SecurityAndMaintenance.png
[MD5.5719BFC9CFDA7A9C059A71A47A0E6383] - |D| - [30/10/2015 09:19:28] - (.-.) - [2.56 Ko] - (0.0.0.0) - C:\Windows\system32\SecurityAndMaintenance_Alert.png
[MD5.099BA37F81C044F6B2609537FDB7D872] - |D| - [30/10/2015 09:19:28] - (.-.) - [6.72 Ko] - (0.0.0.0) - C:\Windows\system32\SecurityAndMaintenance_Error.png
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |D| - [30/10/2015 09:17:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\system32\settings.dat
[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - |D| - [30/10/2015 09:19:28] - (.-.) - [16.35 Ko] - (0.0.0.0) - C:\Windows\system32\ShiftJIS.uce
[MD5.3903BCAB32A4A853DFA54962112D4D02] - |D| - [30/10/2015 09:17:53] - (.-.) - [139.55 Ko] - (0.0.0.0) - C:\Windows\system32\slmgr.vbs
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |D| - [30/10/2015 09:17:57] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\Windows\system32\SmallRoom.bin
[MD5.B91F5CE90A0A02CA7EE9790790F1EDC2] - |D| - [25/07/2016 08:21:01] - (.© 1989-2015 Sophos Limited, www.sophos.com - Sophos boot task processor.) - [34.79 Ko] - (10.5.0.173) - C:\Windows\system32\SophosBootTasks.exe
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |D| - [30/10/2015 09:17:46] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\Windows\system32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |D| - [01/08/2013 14:12:36] - (.(c) 2007 SRS Labs, Inc.  - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\Windows\system32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |D| - [01/08/2013 14:12:36] - (.Copyright (c) 2006 SRS Labs, Inc..  - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\Windows\system32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |D| - [01/08/2013 14:12:36] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\system32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |D| - [01/08/2013 14:12:36] - (.(c) 2006 SRS Labs, Inc.  - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\system32\SRSWOW64.dll
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |D| - [30/10/2015 09:18:42] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\system32\staticurllist.bin
[MD5.30F5568679A54042F99CA9EC1102EBCD] - |D| - [30/10/2015 09:19:28] - (.-.) - [91.51 Ko] - (0.0.0.0) - C:\Windows\system32\SubRange.uce
[MD5.81B14F1AD906AC1CF9102796C97A54FE] - |D| - [30/10/2015 09:18:09] - (.-.) - [3.24 Ko] - (0.0.0.0) - C:\Windows\system32\sysprint.sep
[MD5.58A67EC6B00A54A69DC364194CA171E0] - |D| - [30/10/2015 09:18:09] - (.-.) - [3.58 Ko] - (0.0.0.0) - C:\Windows\system32\sysprtj.sep
[MD5.31B010EF50D54D548B4B8B211F421318] - |D| - [30/10/2015 09:18:10] - (.-.) - [1.63 Ko] - (0.0.0.0) - C:\Windows\system32\tcpbidi.xml
[MD5.D602CA245CC6774A0981B607F0675609] - |D| - [30/10/2015 09:18:09] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\system32\tcpmon.ini
[MD5.6D21D0A95286DCD09E354B612F592EB7] - |D| - [30/10/2015 09:24:37] - (.-.) - [1.94 Ko] - (0.0.0.0) - C:\Windows\system32\ticrf.rat
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |D| - [30/10/2015 09:17:47] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\system32\WdsUnattendTemplate.xml
[MD5.039C8233D4FCE424F5CA9427EF771942] - |D| - [30/10/2015 09:18:19] - (.-.) - [213.34 Ko] - (0.0.0.0) - C:\Windows\system32\weretw.dll
[MD5.D87FB0D2599BAE25F3A6D29589AF0D98] - |D| - [30/10/2015 09:17:49] - (.-.) - [2.22 Ko] - (0.0.0.0) - C:\Windows\system32\WimBootCompress.ini
[MD5.2BA7DF05213968EFC98867E03687CEDB] - |D| - [30/10/2015 09:17:59] - (.-.) - [401.5 Ko] - (0.0.0.0) - C:\Windows\system32\Windows.Perception.Stub.dll
[MD5.E0974EE3F592223A950B3B0C04797212] - |D| - [30/10/2015 09:19:39] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\Windows\system32\WindowsCodecsRaw.txt
[MD5.7EF8F3CADE2DE177F96B5A5B581D73FF] - |D| - [30/10/2015 09:17:43] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\system32\winrm.cmd
[MD5.9D7684F978EBD77E6A3EA7EF1330B946] - |D| - [30/10/2015 09:17:43] - (.-.) - [199.32 Ko] - (0.0.0.0) - C:\Windows\system32\winrm.vbs
[MD5.965E1F4E54E12010DDDC7F71950C9C53] - |D| - [30/10/2015 09:17:50] - (.http://www.sqlite.org/copyright.html - SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - [642.46 Ko] - (3.8.8.3) - C:\Windows\system32\winsqlite3.dll
[MD5.C30C621748C66CE751B19B2788559A3E] - |D| - [30/10/2015 09:18:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\system32\wpcmon.png
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |D| - [30/10/2015 09:18:42] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\system32\WpcNBModel.bin
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |D| - [30/10/2015 09:18:03] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\system32\wpr.config.xml
[MD5.930423065AB3F5DB52D5726C7FC66385] - |D| - [30/10/2015 09:17:43] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\system32\wsmanconfig_schema.xml
[MD5.D6CBFA113B69C491DE370E85EBAC80E9] - |D| - [30/10/2015 09:17:43] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\system32\WsmPty.xsl
[MD5.B2EDF82825D979928AE07CBE9C7A2160] - |D| - [30/10/2015 09:17:43] - (.-.) - [2.37 Ko] - (0.0.0.0) - C:\Windows\system32\WsmTxt.xsl
[MD5.9D6B8FC71167D22849424084F0F3D9E9] - |D| - [30/10/2015 09:19:41] - (.-.) - [74.28 Ko] - (0.0.0.0) - C:\Windows\system32\xpsrchvw.xml
[MD5.684DDBD6ED4066B10660A3A06655B59A] - |D| - [30/10/2015 09:17:42] - (.-.) - [3.92 Ko] - (0.0.0.0) - C:\Windows\system32\xwizard.dtd

---------- | Installer

[HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B841F0DD655980544BE8E0AB3121B2F0] : Snagit 13
[HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

---------- | MBR

Windows Version:		
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer:		AMI
System Manufacturer:		Hewlett-Packard
System Product Name:		CQ2904EF
Logical Drives Mask:		0x0003fffc

Analysis of file "C:\QuickDiag\MBR.bin":
Unknown MBR code

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

La création du contexte d’activation a échoué pour « Q:\esetsmartinstaller_enu.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
------------

La création du contexte d’activation a échoué pour « Q:\esetsmartinstaller_enu.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.
------------

Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.
------------

Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.
------------

Le serveur App ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
------------

Le serveur CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
------------

Le service Accès aux données utilisateur_21fe89 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
------------

Le service Stockage des données utilisateur_21fe89 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
------------

Le service Données de contacts_21fe89 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
------------

Le service Hôte de synchronisation_21fe89 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
------------

Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
------------

Le service Hôte de synchronisation_2cbe9 s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 10000 millisecondes : Redémarrer le service.
------------

Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Activation pour l’application serveur COM avec le CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 et l’APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 au SID AUTORITE NT\Système de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants.
------------

Le service Extensions et notifications des imprimantes est marqué comme étant interactif. Cependant, le système est configuré pour ne pas autoriser les services interactifs. Ce service peut ne pas fonctionner correctement.
------------

Le serveur {A47979D2-C419-11D9-A5B4-001185AD2B89} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
------------

Le service Service Liste des réseaux s’est arrêté avec l’erreur : 
Le périphérique n’est pas prêt.
------------

Le serveur {A47979D2-C419-11D9-A5B4-001185AD2B89} ne s’est pas enregistré sur DCOM avant la fin du temps imparti.
------------

Le service Service Liste des réseaux s’est arrêté avec l’erreur : 
Le périphérique n’est pas prêt.
------------


----------( EOF)---------- - 5750 | 11:08:42