--------------- QuickDiag | g3n-h@ckm@n | 2_23.09.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 06/10/2016 08:07:21 Updated 23/09/2016 | 10.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [lfs ultra finalis (Administrator)] - [LFSULTRAFINALIS] (S-1-5-21-1938869131-2749466906-816185640-1000) System: Microsoft Windows 7 Édition Starter - - (6.1.7600) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Starter |C:\Windows|\Device\Harddisk0\Partition3 Boot : Normal boot PC: AOD255 - Acer - IdNumber: LUSDG0D0170426EC0E1601 - UUID: 364EE69C-9C82-9CB1-2111-1C750822B622 Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N450 @ 1.66GHz InsydeH2O Version V3.08(DDR2) - - Acer - S/N: LUSDG0D0170426EC0E1601 - V3.08(DDR2) - ACRSYS - 1 CoreTemp : 56 Celsius ----------| Extended ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&350CB3CC&0&0001 ---------- | Video Intel(R) Graphics Media Accelerator 3150 - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&33FD14CA&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456 Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&33FD14CA&0&11 - AdapterCompatibility: Intel Corporation - RAM: CyberLink Mirror Driver - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController3 - Drivers: - PNPDeviceID: ROOT\DISPLAY\0000 - AdapterCompatibility: CyberLink - RAM: Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 - DriverVersion: 8.14.10.2117 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\sirenacm.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48464 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 220672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:24 % CPU #2 value:81 % Total Overall CPU Usage value:53 % ---------- | Network Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.20] : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] WiFi Link 1000 BGN : SENT:220 bytes/sec / RECVD:220 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:220 bytes/sec, / RECEIVE Maximum:220 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) - Ethernet 802.3 - Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 RAS Async Adapter - - - Status: - PnPID : Intel(R) WiFi Link 1000 BGN - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&6FF3C1D&0&00E1 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001 ---------- | Memory RAM = Total (MB) : 1037 | Free (MB) : 113 Pagefile = Total (MB) : 2537 | Free (MB) : 1461 Virtual = Total (MB) : 2097 | Free (MB) : 1962 Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: AD00000000000000 - PartNumber: 48594D503131325336344350362D53362020 - S/N: 53733B47 ---------- | SID Users Administrateur : [S-1-5-21-1938869131-2749466906-816185640-500] Invité : [S-1-5-21-1938869131-2749466906-816185640-501] lfs ultra finalis : [S-1-5-21-1938869131-2749466906-816185640-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | Drives R:\ -> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.29 Go -> FAT32 [USB] Q:\ -> [Removable] | [JEAN_MARIE] | Total : 14.4 Go | Free : 10.34 Go -> FAT32 [USB] P:\ -> [Removable] | [MONTRE ESPI] | Total : 7.42 Go | Free : 0.87 Go -> FAT32 [USB] O:\ -> [Removable] | [EUMES FOUA] | Total : 59.48 Go | Free : 59.48 Go -> FAT32 [USB] N:\ -> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 53.36 Go -> FAT32 [USB] H:\ -> [CDROM] | [extender-free] | Total : 0.01 Go | Free : 0 Go -> CDFS [FileBackedVirtual] G:\ -> [Removable] | [CLONEZILLA] | Total : 1.86 Go | Free : 0.37 Go -> FAT32 [USB] F:\ -> [Fixed] | [POWER2GO 11 FILES] | Total : 3.26 Go | Free : 3.05 Go -> NTFS [ATA] E:\ -> [Fixed] | [prog files rebit & dt pro 7] | Total : 2.98 Go | Free : 2.55 Go -> NTFS [ATA] D:\ -> [Removable] | [HITMANPRO] | Total : 57.55 Go | Free : 32.46 Go -> FAT32 [USB] C:\ -> [Fixed] | [Acer] | Total : 208.76 Go | Free : 162.03 Go -> NTFS [ATA] Disk Usage Information [11 total Physical Disks] Physical Drive #0 [C:, E:, F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [P:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #7 [N:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #8 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #9 [A:] : Read:0 bytes/sec, Written:17,108 bytes/sec Max Read:0 bytes/sec, Max Write:17,108 bytes/sec Physical Drive #1 [, U:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:17,108 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : EUCR\UB6250\COMBO_DRIVE DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 6 Part. - PnPID : IDE\DISKHITACHI_HTS545025B9A300_________________PB2OC60F\4&1BE3E953&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_FIXMESTICK&REV_8.07\D2BF4C401E2763FP1289&0 DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - External hard disk media - 3 Part. - PnPID : USBSTOR\DISK&VEN_FUJITSU&PROD_MJA2500BH_G2&REV_\68300019430B&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\7&368B17D4&0 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\001BFC3653BCBFC0698F7C35&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV_1.00\121220130416&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_1.00\0191120749369680&0 DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\07014791E2C22032&0 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\070B559AA120B087&0 DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - External hard disk media - 2 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_ELEMENTS_10A8&REV_1042\57584A314541334C48454537&0 ---------- | Windows updates Last detection : 2016-10-06 04:36:20 Downloaded last ones : 2016-10-06 04:44:10 Installed last ones : 2016-10-04 14:54:46 Next search : 2016-10-06 22:43:12 Service Pack 1 not installed !!! Windows Is Activated ---------- | Browsers IE : 8.0.7600.16385 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ---------- | FlashPlayer FlashPlayer ActiveX : 23.0.0.162 ---------- | Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 408 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.17273) = C:\Windows\System32\smss.exe [30/09/2016 03:03:53] CPU Usage:0 % 640 | [Owner : | Parent : 568() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:36:49] CPU Usage:0 % 688 | [Owner : | Parent : 632() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7600.16447) = C:\Windows\System32\winlogon.exe [14/07/2010 13:01:28] CPU Usage:0 % 748 | [Owner : | Parent : 640(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) = C:\Windows\System32\services.exe [14/07/2009 01:11:26] CPU Usage:0 % 756 | [Owner : | Parent : 640(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16385) = C:\Windows\System32\lsass.exe [14/07/2009 01:11:58] CPU Usage:0 % 768 | [Owner : | Parent : 640(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7600.16385) = C:\Windows\System32\lsm.exe [14/07/2009 02:02:46] CPU Usage:0 % 912 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 984 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1040 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1120 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1172 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1216 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1376 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1628 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1732 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1612 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 3528 | [Owner : lfs ultra finalis | Parent : 1172(svchost.exe) | 1.7 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:24:23] CPU Usage:0 % 5592 | [Owner : lfs ultra finalis | Parent : 912(svchost.exe) | 1.04 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [14/07/2009 01:43:52] CPU Usage:50 % 4260 | [Owner : lfs ultra finalis | Parent : 912(svchost.exe) | 6.83 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [14/07/2009 01:41:43] CPU Usage:0 % 5248 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe [14/07/2009 02:14:13] CPU Usage:0 % 1116 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe [14/07/2009 02:18:36] CPU Usage:0 % 5512 | [Owner : lfs ultra finalis | Parent : 4620() | 41.97 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe [14/07/2010 13:01:28] CPU Usage:0 % 2004 | [Owner : lfs ultra finalis | Parent : 5512(explorer.exe) | 9.82 Mo] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [29/03/2016 11:31:50] CPU Usage:0 % 2284 | [Owner : | Parent : 748(services.exe) | ?????] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe [29/03/2016 11:31:26] CPU Usage:0 % 3764 | [Owner : lfs ultra finalis | Parent : 5512(explorer.exe) | 4.86 Mo] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe [29/09/2016 07:13:17] CPU Usage:0 % 2544 | [Owner : lfs ultra finalis | Parent : 912(svchost.exe) | 41.2 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe [14/07/2010 13:01:28] CPU Usage:0 % 3452 | [Owner : | Parent : 1120(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (6.1.7600.16385) = C:\Windows\System32\audiodg.exe [14/07/2009 02:03:19] CPU Usage:0 % 3284 | [Owner : lfs ultra finalis | Parent : 1016() | 68.17 Mo] - (.Macrorit Inc. - Macrorit Partition Extender.) - (1.0.0.0) = C:\Program Files\Macrorit\Partition Extender\dm.extender.exe [07/07/2016 09:08:58] CPU Usage:0 % 1084 | [Owner : lfs ultra finalis | Parent : 5732() | 6.44 Mo] - (.Framakey.org - FramaKioskPortable pour FramaKey.) - (2.0.0.0) = N:\Framakey\FramaKioskPortable\FramaKioskPortable.exe [04/05/2011 15:36:00] CPU Usage:0 % 4792 | [Owner : lfs ultra finalis | Parent : 4432() | 34.55 Mo] - (.http://kmeleon.sf.net/ - K-Meleon Web Browser.) - (1.6.0.0) = N:\Framakey\FramaKioskPortable\App\FramaKiosk\k-meleon.exe [28/02/2010 18:44:38] CPU Usage:0 % 5432 | [Owner : lfs ultra finalis | Parent : 2600() | 8.52 Mo] - (.Framakey.org - FramafoxPortable pour FramaKey.) - (6.0.0.0) = N:\Apps\FramafoxPortable\FramafoxPortable.exe [27/10/2011 20:25:24] CPU Usage:0 % 1576 | [Owner : lfs ultra finalis | Parent : 5432(FramafoxPortable.exe) | 219.13 Mo] - (.Framasoft - Framafox.) - (12.0.0.4493) = N:\Apps\FramafoxPortable\App\Framafox\Framafox.exe [02/05/2012 12:17:06] CPU Usage:23 % 3540 | [Owner : lfs ultra finalis | Parent : 1576(Framafox.exe) | 21.46 Mo] - (.SosVirus - QuickDiag.) - (23.9.2016.1) = C:\Users\lfs ultra finalis\Downloads\quickdiag_2_23.09.2016.1.exe [06/10/2016 08:06:57] CPU Usage:0 % 2652 | [Owner : | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7600.16385) = C:\Windows\System32\sppsvc.exe [14/07/2009 02:41:23] CPU Usage:0 % ---------- | MD5 [MD5.2626FC9755BE22F805D3CFA0CE3EE727] - [14/07/2010 13:01:28] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2553 Ko] - (6.1.7600.16450) : C:\Windows\Explorer.exe [MD5.8AE6DD9A6D246004DA047F704F0CC487] - [14/07/2009 01:22:09] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [294.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 01:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 01:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.0369BA73CE6D918745579B24339765E8] - [14/07/2010 13:02:00] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [837 Ko] - (6.1.7600.16481) : C:\Windows\System32\Kernel32.dll [MD5.F42309C4191C506B71DB5D1126D26318] - [14/07/2009 01:11:58] - (.© Microsoft Corporation. - Local Security Authority Process.) - [22 Ko] - (6.1.7600.16385) : C:\Windows\System32\lsass.exe [MD5.B82CD39E336973359D7C9BF911E8E84F] - [14/07/2009 01:45:11] - (.© Microsoft Corporation. - Distributed COM Services.) - [367.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 01:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.5F1B6A9C35D3D5CA72D6D6FDEF9747D6] - [14/07/2009 01:11:26] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7600.16385) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 01:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.34B7E222E81FAFA885F0C5F2CFA56861] - [14/07/2009 01:24:44] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\user32.dll [MD5.6DE80F60D7DE9CE6B8C2DDFDF79EF175] - [14/07/2009 01:34:20] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [25.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - [14/07/2010 13:01:28] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [279 Ko] - (6.1.7600.16447) : C:\Windows\System32\Winlogon.exe [MD5.DDC040FDB01EF1712A6B13E52AFB104C] - [14/07/2009 01:12:38] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.BCA15585EFDDE7EBA8568BDFB75983A3] - [14/07/2009 01:11:19] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [130.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BA6E70AA0E6091BC39DE29477D866A77] - [14/07/2009 01:11:26] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdrom.sys [MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - [14/07/2009 01:14:17] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\dfsc.sys [MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - [14/07/2009 01:50:56] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 01:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.D80AA0907748D7CC8EFAB3773F32629B] - [17/09/2010 09:03:52] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x86.) - [425.52 Ko] - (9.6.4.1002) : C:\Windows\System32\Drivers\iastor.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 01:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.F1B6AA08497EA86CA6EF6F7A08B0BFB8] - [14/07/2010 13:06:50] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [120.5 Ko] - (6.1.7600.16539) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.23759D175A0A9BAAF04D05047BC135A8] - [14/07/2009 01:12:31] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [694.06 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ndis.sys [MD5.DD52A733BF4CA5AF84562A5E2F963B91] - [14/07/2009 01:12:21] - (.© Microsoft Corporation. - MBT Transport driver.) - [183.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\netbt.sys [MD5.3795DCD21F740EE799FB7223234215AF] - [14/07/2009 01:12:15] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1182.06 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 01:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 01:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 01:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.BB7F39C31C4A4417FD318E7CD184E225] - [17/09/2010 08:46:37] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1255.88 Ko] - (6.1.7600.16610) : C:\Windows\System32\Drivers\tcpip.sys [MD5.CB39E896A2A83702D1737BFD402B3542] - [14/07/2009 01:12:11] - (.© Microsoft Corporation. - TDI Translation Driver.) - [72.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\tdx.sys [MD5.58DF9D2481A56EDDE167E51B334D44FD] - [14/07/2009 01:11:34] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.58 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (8.4.0.5165) -- C:\Windows\system32\guard32.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll (.Egis Technology Inc..-.PSD DragDrop Protection.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (.Egis Technology Inc..-.WinLocker System Environment Library.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll (.Disc Soft Ltd.-.DAEMON Tools Pro.) - (7.1.0.595) -- C:\Program Files\DAEMON Tools Pro\DTShl32.dll (.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~1.DLL (.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll (.The OpenSSL Project, http://www.openssl.org/.-.OpenSSL Shared Library.) - (1.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll (.The OpenSSL Project, http://www.openssl.org/.-.OpenSSL Shared Library.) - (1.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll (..-..) - (0.0.0.0) -- (..-..) - (0.0.0.0) -- : 2544 (..-..) - (0.0.0.0) -- (..-..) - (0.0.0.0) -- (..-..) - (0.0.0.0) -- (.COMODO.-.COMODO Internet Security.) - (8.4.0.5165) -- C:\Windows\system32\guard32.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll (.Egis Technology Inc..-.PSD DragDrop Protection.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (.Egis Technology Inc..-.WinLocker System Environment Library.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll (.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~1.DLL (.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll (.The OpenSSL Project, http://www.openssl.org/.-.OpenSSL Shared Library.) - (1.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll (.The OpenSSL Project, http://www.openssl.org/.-.OpenSSL Shared Library.) - (1.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll (.Rebit, Inc..-.Rebit Pro Shell Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~2.DLL (.Disc Soft Ltd.-.DAEMON Tools Pro.) - (7.1.0.595) -- C:\Program Files\DAEMON Tools Pro\DTShl32.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (8.4.0.5165) -- C:\Windows\system32\guard32.dll (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.472) -- C:\Windows\system32\RltkAPO.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU - ( [HKLM\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "MRUList"=ba "a"=notepad\1 "b"=eventvwr.msc\1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] ""= "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] ""= [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management] : C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [28/09/2016 22:40:50] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAwareTray] : "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] : "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ALU] : C:\Program Files\Acer\Acer Updater\ALU.exe -r [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AndroidManager] : C:\Program Files\Acer\Android Manager\AML.exe [08/01/2010 11:47:52] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\COMODO Internet Security] : C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [14/09/2016 23:56:36] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Pro Agent] : "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS Cleanup] : "C:\Program Files\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe" 10 300 [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray] : C:\Program Files\EaseUS\EaseUS Partition Master 11.8\bin\EpmNews.exe [30/09/2016 05:19:30] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate] : "C:\Program Files\EgisTec IPS\PmmUpdate.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate] : "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDWare] : %ProgramFiles%\Elantech\ETDCtrl.exe [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds] : C:\Windows\system32\hkcmd.exe [17/09/2010 09:19:00] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] : C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [17/09/2010 09:04:17] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray] : C:\Windows\system32\igfxtray.exe [17/09/2010 09:19:01] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iPatchData] : C:\Program Files\Acer\Updater\iUpdate.exe [21/07/2010 03:53:50] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iSyncData] : C:\Program Files\Acer\Android Manager\iSync.exe [08/01/2010 11:53:30] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager] : C:\Program Files\Launch Manager\LManager.exe [17/09/2010 09:18:29] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon] : C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [27/05/2010 04:41:24] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence] : C:\Windows\system32\igfxpers.exe [17/09/2010 09:19:00] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PLFSetI] : C:\Windows\PLFSetI.exe [28/09/2016 22:33:22] [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rebit 5 Dashboard] : "C:\Program Files\Rebit 5\DashUI.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rebit Pro Dashboard] : "C:\Program Files\Rebit\Rebit Pro\DashUI.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray] : "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol] : "C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=00f48e85-d63f-4c1f-a3a4-e28b5c1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=756 "SecureBoot"=1 "ProductType"=11 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk (/name Microsoft.EaseOfAccessCenter) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( -extoff) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Assistant d'enregistrement sur CD ou Mp3.lnk (-extfind Golden) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Convertisseur de fichiers audio.lnk (-extfind Switch) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Crescendo - Logiciel de notation de musique.lnk (-extfind Crescendo) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de dictée.lnk (-extfind Express) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de fichiers sonores.lnk (-extfind RecordPad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de streaming audio.lnk (-extfind SoundTap) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Extracteur de rip de CD audio.lnk (-extfind Rip) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Lecteur de synthèse vocale.lnk (-extfind Verbose) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Logiciel de mixage DJ.lnk (-extfind Zulu) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Logiciel de modification de la voix.lnk (-extfind Voxal) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Mixeur multipiste.lnk (-extfind MixPad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Serveur de streaming audio.lnk (-extfind BroadWave) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Éditeur de fichiers audio.lnk (-extfind WavePad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It\Uninstall.lnk (/x {4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Convertisseur de fichiers graphiques.lnk (-extfind Pixillion) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Burn - CD, DVD ou Blu-Ray.lnk (-extfind ExpressBurn) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Dictate - Enregistreur.lnk (-extfind Express) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Rip - Extracteur de CD.lnk (-extfind Rip) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Zip - Compression de fichiers.lnk (-extfind ExpressZip) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de capture vidéo.lnk (-extfind Debut) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de comptabilité.lnk (-extfind ExpressAccounts) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de facturation.lnk (-extfind ExpressInvoice) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\MixPad - Mixeur multipiste.lnk (-extfind MixPad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\RecordPad - Enregistreur sonore.lnk (-extfind RecordPad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\SoundTap - Enregistreur de streaming.lnk (-extfind SoundTap) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Switch - Convertisseur de fichiers audio.lnk (-extfind Switch) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\Users\lfs ultra finalis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\WavePad - Éditeur audio.lnk (-extfind WavePad) C:\Users\lfs ultra finalis\Desktop\rebit & daemon tools pro 7\Rebit 5.lnk (--show=full) C:\Users\lfs ultra finalis\Desktop\rebit & daemon tools pro 7\Rebit Pro.lnk (--show=full) C:\Users\Public\Desktop\COMODO Firewall.lnk (--shortcut) C:\Users\Public\Desktop\GeekBuddy.lnk ("unit_manager.exe" "lps-ca") C:\Users\Public\Desktop\NCH Suite.lnk (-suite) C:\Users\Public\Desktop\Optimisation en 1 clic.lnk ( /quickattendance) C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk (startmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk (/showgadgets) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk (Identity Card) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk (-NoExit -ImportSystemModules) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\CD Audio Rip Extractor.lnk (-extfind Rip) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Multitrack Mixer.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Converter.lnk (-extfind Switch) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Sound File Editor.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs\Streaming Audio Recorder.lnk (-extfind SoundTap) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Firewall\Ajouter et supprimer des composants.lnk (/I{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\COMODO Firewall\COMODO Firewall.lnk (--shortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\GeekBuddy\GeekBuddy.lnk ("unit_manager.exe" "lps-ca") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\Shredder.lnk (-s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk (/name Microsoft.BackupAndRestore) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Accounting Software.lnk (-extfind ExpressAccounts) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Invoicing Software.lnk (-extfind ExpressInvoice) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Prism Video File Format Converter.lnk (-extfind Prism) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Switch Sound File Converter.lnk (-extfind Switch) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Transcription Software.lnk (-extfind Scribe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\Video Capture Software.lnk (-extfind Debut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\VideoPad Video Editor.lnk (-extfind VideoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\WavePad Sound Editor.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de streaming audio.lnk (-extfind SoundTap) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Extracteur de rip de CD audio.lnk (-extfind Rip) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Mixeur multipiste.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Éditeur de fichiers audio.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme\Convertisseur de fichiers vidéo.lnk (-extfind Prism) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme\Éditeur PhotoPad.lnk (-extfind PhotoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Convertisseur de cassette vidéo en DVD.lnk (-extfind GoldenVideos) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Logiciel de capture vidéo.lnk (-extfind Debut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Logiciel de création de diaporama.lnk (-extfind PhotoStage) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Serveur de streaming vidéo.lnk (-extfind BroadCam) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit 5\Rebit 5.lnk (--show=full) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit Pro\Rebit Pro.lnk (--show=full) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec\Optimisation en 1 clic.lnk ( /quickattendance) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Convertisseur de fichiers graphiques.lnk (-extfind Pixillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Burn - CD, DVD ou Blu-Ray.lnk (-extfind ExpressBurn) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Dictate - Enregistreur.lnk (-extfind Express) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Rip - Extracteur de CD.lnk (-extfind Rip) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de capture vidéo.lnk (-extfind Debut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de comptabilité.lnk (-extfind ExpressAccounts) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de facturation.lnk (-extfind ExpressInvoice) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de transcription.lnk (-extfind Scribe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\MixPad - Mixeur multipiste.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Prism - Convertisseur de formats de fichiers vidéo.lnk (-extfind Prism) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\RecordPad - Enregistreur sonore.lnk (-extfind RecordPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\SoundTap - Enregistreur de streaming.lnk (-extfind SoundTap) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\WavePad - Éditeur audio.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Graveur de CD, DVD, BluRay.lnk (-extfind ExpressBurn) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Imprimante PDF gras.lnk (-extfind BoltPDF) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Lecteur de synthèse vocale.lnk (-extfind Verbose) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel d'expansion dactylographique.lnk (-extfind FastFox) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de cryptage et de décryptage.lnk (-extfind Meo) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de sauvegarde.lnk (-extfind FileFort) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de téléchargement.lnk (-extfind Fling) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=1240044 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "ScreenSaveTimeOut"=600 "Wallpaper"=%windir%\web\wallpaper\windows\img0.jpg "SCRNSAVE.EXE"=C:\Windows\System32\Acer.scr [24/12/2009 04:34:08] "WaitToKillAppTimeout"=200 "AutoEndTasks"=1 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "DesktopProcess"=1 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=1 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=48 "MultipleInvokePromptMinimum"=10000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7600 "FirstLogon"=0 "AutoRestartShell"=0 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=0 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=39 "AutoAdminLogon"=0 "DefaultUserName"=lfs ultra finalis ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [14/07/2009 01:43:32] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Backup1\Barrow 2 & Widen\Documents\MCPR.exe"=1 "G:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=1 "G:\PortableApps\WiseDiskCleanerPortable\WiseDiskCleanerPortable.exe"=1 "G:\ad-aware & didinser trilogy\Adaware_Installer.exe"=1 "C:\Backup1\Barrow 2 & Widen\Downloads\everysync_trial.exe"=1 "C:\Backup1\Barrow 2 & Widen\Downloads\goback.exe"=1 "G:\abbyy, rebit & daemon tools dont pro 7\DTPro710-0595_paid.exe"=1 "G:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\Rebit5, DTPro7 & others jobs tablette aout 2016\Download\rebit5_W8.1_AQFR.exe"=1 "G:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\rebitpro-setup-5.1.3001.14505.exe"=1 "C:\Backup1\Barrow 2 & Widen\Downloads\pctrans_trial.exe"=1 "G:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\rebit5 saveme et dt pro7 septem 2016 après lfs ultra finalis\rebit5_W8.1_AQFR.exe"=1 "G:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "C:\Backup1\Barrow 2 & Widen\Documents\CyberLinkDirectorSuite5.0_Trial_DRS160721-03_TR160909-014.exe"=1 "C:\Users\lfs ultra finalis\Downloads\epm.exe"=1 "C:\Program Files\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe"=1 "C:\Program Files\Acer\Updater\iUpdate.exe"=1 "C:\Users\lfs ultra finalis\Downloads\cfw_installer_6106_53.exe"=1 "D:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\finalisation 100% sécurisé (& lfs ultra)\zemana antilogger pro beta free lifetime license\Zemana.AntiLogger.Setup.exe"=1 "C:\Program Files\Reason\Should I Remove It\ShouldIRemoveIt.exe"=1 "C:\Users\lfs ultra finalis\Downloads\simplitec_simplisafe_int.exe"=1 "C:\Users\LFSULT~1\AppData\Local\Temp\RarSFX0\RealtekHDAudio\Setup.exe"=1 "SIGN.MEDIA=1455E10 Backup data\AstroburnLite180-0183.exe"=1 "SIGN.MEDIA=3779A data - backup data\portableappztrash.blogspot.fr\MalwarebytesPortable\MalwarebytesPortable.exe"=1 "SIGN.MEDIA=645564C8 VirtualBoxPortable.exe"=1 "SIGN.MEDIA=3399E0 extender-free-setup.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\S] : S:\SecurePro.exe (AutoRun) [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{04e506e1-8726-11e6-8b44-1c750822b622}] : S:\SecurePro.exe (AutoRun) [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{74156d05-85fd-11e6-a5b2-1c750822b622}] : H:\Autorun_CCD.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x9AF3657BEC19D201 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts # unchecky_begin # These rules were added by the Unchecky program in order to block advertising software modules 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com [62] More lines ---------- | @ [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "AlwaysShowMenus"=0 "StatusBarWeb"=0 "Start Page"=https://fr.yahoo.com/?fr=fp-comodo&type=7292_33220005005_4.28.398567.195_u_hp "Default_Page_URL"=http://acer.msn.com "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "DisableFirstRunCustomize"=1 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD500000000000000F50300002C020000 "NotifyDownloadComplete"=yes [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "EnableNegotiate"=1 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=168 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0x2E1D7FE6EC19D201 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 "DnsCacheTimeout"=7200 "KeepAliveTimeout"=300000 "MaxConnectionsPer1_0Server"=8 "MaxConnectionsPerServer"=8 "ReceiveTimeout"=60000 "ServerInfoTimeOut"=300000 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://acer.msn.com "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://acer.msn.com "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "Tabs"=res://ieframe.dll/tabswelcome.htm "OfflineInformation"=res://ieframe.dll/offcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "TcpAutotuning"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Height"=0 [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DownloadRetries"=0 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (&Ajout Direct dans Windows Live Writer) - [] ---------- | SearchScopes [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox : ---------- | ElevationPolicy [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] - (C:\Program Files\Internet Explorer) - iexplore.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - Silverlight.Configuration.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0}] - (C:\Program Files\Common Files\Adobe\Updater6) - Adobe_Updater.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] - (C:\Windows\System32) - winfxdocobj.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : %SystemRoot%\system32\wucltux.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files\Adobe\Reader 9.0\Reader\) - AcroBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - agcp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32Info.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files\Windows Live\Mail\) - wlmail.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0B7A7C-8ECF-422f-9448-0874C41D4532}] - (%ProgramFiles%\Common Files\Microsoft Shared\Windows Live) - WLLoginProxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B7FB824-0A43-4bc2-B58D-F6386FEEFD84}] - (Choice Guard) - CGuard.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AdobeCollabSync.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] - (C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63) - OberonBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - () - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files\Windows Live\Messenger\) - msnmsgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files\Windows Live\Writer\) - WindowsLiveWriter.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\system32\Macromed\Flash) - FlashUtil32_23_0_0_162_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash32_23_0_0_162.ocx ---------- | Ext\Stats [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}] : : [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\System32\mshtml.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{333C7BC4-460F-11D0-BC04-0080C7055A83}] : : C:\Windows\System32\tdc.ocx [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}] : : [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1}] : : C:\Windows\System32\ieframe.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}] : : %SystemRoot%\system32\wmp.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] : : [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] : : C:\Windows\System32\ieframe.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A0A-F192-11D4-A65F-0040963251E5}] : : %SystemRoot%\System32\msxml6.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}] : : C:\Windows\System32\ieframe.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash32_23_0_0_162.ocx [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}] : : [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEAF541-F3E1-4C24-ACAC-99C30715084A}] : : c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE09B103-97E0-11CF-978F-00A02463E06F}] : : C:\Windows\system32\scrrun.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5078F35-C551-11D3-89B9-0000F81FE221}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [27/02/2009 21:07:26] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [22/01/2009 15:41:30] ---------- | Chrome [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm] ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416] - (WLPG Install MIME type) : C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll ---------- | Active Connections TCP 127.0.0.1:51870 lfsultrafinalis:51871 ESTABLISHED 4792 TCP 127.0.0.1:51871 lfsultrafinalis:51870 ESTABLISHED 4792 TCP 127.0.0.1:51872 lfsultrafinalis:51873 ESTABLISHED 4792 TCP 127.0.0.1:51873 lfsultrafinalis:51872 ESTABLISHED 4792 TCP 127.0.0.1:51874 lfsultrafinalis:51875 ESTABLISHED 1576 TCP 127.0.0.1:51875 lfsultrafinalis:51874 ESTABLISHED 1576 TCP 192.168.1.12:51936 par03s15-in-f110.1e100.net:http ESTABLISHED 1576 TCP 192.168.1.12:51980 pump35.e14n.biz:https ESTABLISHED 1576 TCP 192.168.1.12:51981 edna.framasoft.org:http ESTABLISHED 1576 TCP 192.168.1.12:51982 edna.framasoft.org:http ESTABLISHED 1576 TCP 192.168.1.12:51983 edna.framasoft.org:http ESTABLISHED 1576 TCP 192.168.1.12:51984 edna.framasoft.org:https TIME_WAIT 0 TCP 192.168.1.12:51985 jasper.framasoft.org:http ESTABLISHED 1576 TCP 192.168.1.12:51986 jasper.framasoft.org:https TIME_WAIT 0 TCP 192.168.1.12:51987 jasper.framasoft.org:https TIME_WAIT 0 TCP 192.168.1.12:51990 86.65.39.13:http ESTABLISHED 1576 TCP 192.168.1.12:51991 74.122.172.235:http SYN_SENT 1576 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{17663AE0-59BF-4D45-BB1C-F878B0F23495}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{17663AE0-59BF-4D45-BB1C-F878B0F23495}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{17663AE0-59BF-4D45-BB1C-F878B0F23495}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | ActiveX [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] - () - [8,0,7600,17136] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] - () - [8,0,7100,0] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [6,1,7600,16385] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,7600,16415] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [6,1,7600,16644] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [8,0,7600,17136] - -> [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,7600,16415] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] - (Internet Explorer) - [8,0,7600,17136] - @C:\Windows\System32\ie4uinit.exe,-21 -> C:\Windows\System32\ie4uinit.exe -UserIconConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] - (Browser Customizations) - [8,0,7100,0] - @C:\Windows\System32\iedkcs32.dll,-3052 -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,7600,16415] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [8,0,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}] - (.NET Framework) - [4,0,30319,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [6,1,7600,16385] - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [8,0,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [8,0,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [8,0,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,7600,16415] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [6,1,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - [2,0,50727,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [6,1,7600,16644] - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [8,0,7600,17136] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -BaseSettings [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] - -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [8,0,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - [2,0,50727,1] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [8,0,7600,17136] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [6,1,7600,16385] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] - -> ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\eSobi.exe] : "C:\Program Files\eSobi\eSobi2\eSobi.exe" /e "%1" [HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : "C:\Program Files\NCH Software\ExpressBurn\expressburn.exe" "%L" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA} Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} Name: eDSPSDProtect - AppID: {023ED001-BA16-4467-B0D9-D098191C17A9} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488} Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df} Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B} Name: McOobeSvc - AppID: {08F4B21B-105C-4D16-822E-223E9C5ED0FC} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323} Name: KnowlesAPOHDDll - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: cmdcmc - AppID: {140D7792-1113-49DB-9B16-E669A934D975} Name: DolbyDAX2APODllv211 - AppID: {18A5395C-F7C7-45D1-8D6D-F6BF56FE9427} Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56} Name: Disc soft DT Pro bus service - AppID: {1E9D16CB-FF03-481F-ABE2-F406C2808FE2} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: UACObject - AppID: {1F9BF350-B68F-4DCA-8B87-707E26DC7390} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: cmdlogs - AppID: {2000BB21-EADE-4133-91DB-981380788877} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: cmdcfg - AppID: {242A5883-A8B3-4273-9D5A-DAECFF8B9BB0} Name: DTSLimiterDLL - AppID: {24E79C19-1F52-43CC-8684-BFA13340E72C} Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F} Name: ShredderContextMenu - AppID: {253C5D8C-536F-4140-9103-55F5B5442921} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: DTSVoiceClarityDLL - AppID: {272EFD2A-90BE-4E48-8557-3D9CEA0530A0} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: UACObject - AppID: {2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1} Name: TosEAEAPODLL - AppID: {2A3C3DC0-7618-49FF-93E3-6481ACDDF2F2} Name: CMSVSWrap Object - AppID: {2B29DD0A-49D7-4C85-B4DA-64B1A22F1671} Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: cmdcloud - AppID: {3367D0D0-5996-477E-8385-7D1B6C2AF9AC} Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B} Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B} Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0} Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} Name: EEL32A - AppID: {3D5781D9-B2FF-4396-8478-395412020995} Name: igfxcfg - AppID: {3D62E9A1-D243-11D2-B561-00A0C92E6848} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a} Name: cmdaruns - AppID: {47730F83-7966-4F56-9AF5-15CADFABBEFC} Name: EEG32A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: cmdavcen - AppID: {4C71E966-AE85-4D28-B99B-FED0EA3B074D} Name: DDPA32 - AppID: {4CBB9627-E758-489D-AE4E-A2BAFE0788F2} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: ComProxy - AppID: {536BF835-F397-46D3-AD11-92642F8CABD9} Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B} Name: EED32A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0} Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2} Name: Odyssey - AppID: {5F8FD45A-D58C-4AAD-8EDE-B9B78F02B959} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: DTSNeoPCDLL - AppID: {68976842-77A6-447F-83E8-97DF7A83A970} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: NAHIMICAPOSettingsIPC - AppID: {76d57399-2584-44b9-a6a8-9dd7022fb85e} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: AcroIEHelperShim - AppID: {77AB4812-5411-4EA9-8437-77AD0F230302} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: EEA32A - AppID: {7D5D40EC-DCAF-4858-B7DC-9BA70C8B7C39} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: DTSBassEnhancementDLL - AppID: {7E70FA0D-5DFA-4BA6-98C6-F10BBAAF7410} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E} Name: CnxtDSPdll - AppID: {81D6AA8D-5401-4EE7-A7A2-95133649C977} Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98} Name: wlcsdk - AppID: {83B16523-1802-47EF-A9A6-2B3C8B796A6F} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: IPS - AppID: {86F9F754-EB88-4A94-A092-721F013CB10B} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: cmdboost - AppID: {89A949AD-35C6-44B1-B2EB-487DC722541A} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: TosASFAPODLL - AppID: {8C2856EC-F5FE-4FEA-BA6E-22AC88ED79F2} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: DTSSymmetryDLL - AppID: {91953DA9-4AB8-473A-BF6D-462FA2E58025} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: AutorunsWrapper - AppID: {9223DCE6-1F38-4600-BB57-17B8CA8996EC} Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60} Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44} Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: TosSAEAPODLL - AppID: {9EE3B75C-74C4-4CCB-9BB2-BF5CA444C1A6} Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134} Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: PDFShellInfo - AppID: {A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: DTSBoostDLL - AppID: {A5900CCC-3E28-4F96-8410-C43BF113C279} Name: AIMPlugin - AppID: {A72B23B6-A76F-4E17-AEE0-50F10A9B5C9B} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: IA3DUtility - AppID: {A7D71146-EBCD-4E6C-916C-E77865BCC53B} Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A} Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A} Name: TepeqAPODll - AppID: {AAA42638-53A8-4D94-95FC-52ED115A58B4} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: EEG32A - AppID: {ADC304B3-E91E-42dd-A72B-FE15B5E2C3BF} Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: DTSGainCompensatorDLL - AppID: {B3D43A87-E6C7-4EC8-8546-CEB9EE9BD936} Name: McAfee SiteAdvisor Service - AppID: {B48A23C6-434F-43bc-B98E-AF5B21A92964} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A} Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: DTSS2HeadphoneDLL - AppID: {BA291C7C-39AC-4331-9592-B694DA24BC89} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: DTSS2SpeakerDLL - AppID: {CF3C79C7-8096-4BF2-9684-9F6B832FAC23} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE} Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400} Name: TADEFxApo - AppID: {DB3D3052-9F00-4300-9285-91E27275BD34} Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A} Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: cmdurlflt - AppID: {E60DD523-5B62-46B9-9584-1633E4D407BC} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: cmdtrust - AppID: {EBF2FCDA-6DFD-4F8A-B3A5-6A1A1E95B072} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: RichVideo - AppID: {EEDE56D6-82E5-4B98-B99E-D4339825E216} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: DTGadget - AppID: {F574FC8D-EFB4-4DAB-AA18-B6C688A8CC58} Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: EEL32A - AppID: {FCA1E26B-AE4B-45a0-B7C8-34A007E79C3A} Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: ICEsoundAPODll - AppID: {FD4B6EB8-6A1F-4C1E-AAF4-01AD4A7F7C8D} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1F9BF350-B68F-4DCA-8B87-707E26DC7390}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F9BF350-B68F-4DCA-8B87-707E26DC7390}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" ---------- | Svchost - Netsvcs (Whitelisted) Term - : ---------- | Software [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Acer] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Adobe] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\AOMEI] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\AppDataLow] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\ArcticLine] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\ASProtect] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\BugSplat] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Caphyon] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Chromium] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\ComodoGroup] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\CyberLink] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Disc Soft] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Dritek] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\EaseUS] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Elantech] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\EpmNewsInfo] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\GlarySoft] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Google] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Insyde Software] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Intel] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Macromedia] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Maelstrom] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Magix] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Mozilla] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\NCH Software] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\NewBlue] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\OEM] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Policies] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\QtProject] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Realtek] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Reason] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Rebit] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Sonix] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\sysinternals] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\UsbFix] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Wondershare] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Zemana] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\MB_temp] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\AppDataLow\Software\adawarebp] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Acer] [HKLM\Software\Acer Incorporated] [HKLM\Software\Adobe] [HKLM\Software\America Online] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\AVC3] [HKLM\Software\Bitdefender] [HKLM\Software\Chicony Electronics Co.,Ltd.] [HKLM\Software\Clients] [HKLM\Software\COMODO] [HKLM\Software\CyberLink] [HKLM\Software\Disc Soft] [HKLM\Software\Dolby] [HKLM\Software\Dritek] [HKLM\Software\DTS] [HKLM\Software\EaseUS] [HKLM\Software\EaseUS Todo Backup] [HKLM\Software\EgisTec] [HKLM\Software\EgisTec IPS] [HKLM\Software\EgisTec Shredder] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GeekBuddyRSP] [HKLM\Software\GlarySoft] [HKLM\Software\HitmanPro] [HKLM\Software\Insyde Software] [HKLM\Software\Intel] [HKLM\Software\KeyCryptSDK] [HKLM\Software\Knowles] [HKLM\Software\Lavasoft] [HKLM\Software\Macromedia] [HKLM\Software\McAfeeInstaller] [HKLM\Software\Microsoft] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\NCH Software] [HKLM\Software\NewBlue] [HKLM\Software\Nuance] [HKLM\Software\Oberon Media] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OemSetup] [HKLM\Software\OOBEOffer] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Reason] [HKLM\Software\Rebit] [HKLM\Software\Rebit 5] [HKLM\Software\RegisteredApplications] [HKLM\Software\simplitec] [HKLM\Software\SonicFocus] [HKLM\Software\SOSVirus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\WafCX] [HKLM\Software\Waves Audio] [HKLM\Software\Wondershare] [HKLM\Software\Wow6432Node] [HKLM\Software\Zemana] [HKLM\Software\ZmnGlobalSDK] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | FeatureControl [HKU\S-1-5-21-1938869131-2749466906-816185640-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "ServiceProvider.exe"="8000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "WindowsAnytimeUpgradeUI.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "msn6.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "prevhost.exe"="8" "sllauncher.exe"="8000" "WiseDiskCleaner.exe"="8000" "AudioDirector.exe"="9000" "ColorDirector.exe"="9000" "PDR.exe"="8000" "Main.exe"="9999" "mbam.exe"="11000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGuiIT.exe"="0" "SAPGUI.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "sllauncher.exe"="0" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES] "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"="1" "cs.exe"="1" "waol.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "sllauncher.exe"="1" "wlmail.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "winmail.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "sllauncher.exe"="1" "WindowsLiveWriter.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"="1" "msimn.exe"="1" "outlook.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" "winword.exe"="1" "excel.exe"="1" "powerpnt.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED] "mbam.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn6.exe"="1" "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "PresentationHost.exe"="1" "wlmail.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.00000000000000000000000000000000] - [06/10/2016 06:15:37] - |D| - [14417763] - C:\Program Files\Astroburn Lite [MD5.00000000000000000000000000000000] - [01/10/2016 05:31:26] - |D| - [182648] - C:\Program Files\KeyCryptSDK [MD5.00000000000000000000000000000000] - [06/10/2016 07:05:32] - |D| - [8753646] - C:\Program Files\Macrorit [MD5.00000000000000000000000000000000] - [04/10/2016 09:58:27] - |D| - [64640088] - C:\Program Files\simplitec [MD5.00000000000000000000000000000000] - [01/10/2016 05:31:24] - |D| - [0] - C:\Program Files\Zemana AntiLogger [MD5.00000000000000000000000000000000] - [04/10/2016 03:19:31] - |D| - [204001675] - C:\Windows\CheckSur [MD5.525A39D4593FF7567214CA1813CEDD7E] - [01/10/2016 04:56:49] - |A| - [416] - C:\Windows\dm.dmap [MD5.5A4CDA45A884381494DABA4DEA7836ED] - [02/10/2016 08:11:38] - |A| - [4570] - C:\Windows\PFRO.log [MD5.00000000000000000000000000000000] - [05/10/2016 11:01:28] - |D| - [5020] - C:\Windows\pss [MD5.1DA8B4422EA9ADDB6ECAB15B910C6418] - [02/10/2016 08:12:15] - |A| - [4326] - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/10/2016 08:12:15] - |A| - [0] - C:\Windows\setuperr.log [MD5.81AB7C06EDAFE61768C21793534B978A] - [01/10/2016 05:32:19] - |A| - [137128] - C:\Windows\ZAM.krnl.trace [MD5.783D3262E6D31DBD9A1FAFCF9FBFD3DD] - [01/10/2016 05:32:18] - |A| - [735894] - C:\Windows\ZAM_Guard.krnl.trace [MD5.E5EE9F3BD6E7B7B3622C0FB204E43F6E] - [01/10/2016 09:41:14] - |A| - [28201472] - C:\Windows\Installer\851eb3.msi [MD5.FEEDE918DD476ADF16D05F2F6BEAE774] - [04/10/2016 10:48:39] - |A| - [49152] - C:\Windows\Installer\8677e94.msi [MD5.87D35C5BD71198A15BA5E87BEBF6EEDC] - [02/10/2016 07:39:08] - |A| - [271184] - C:\Windows\Installer\MSI9C5B.tmp [MD5.00000000000000000000000000000000] - [01/10/2016 09:47:52] - |D| - [983040] - C:\Windows\Installer\{04B2A2F0-F064-4F35-978C-4E995BF7F421} [MD5.C93F8A3F7D10B9399568ABBDFFF0BB79] - [05/10/2016 15:48:10] - |A| - [197448] - C:\Windows\system32\AcpiServiceVnA.dll [MD5.545547AD636A17E4711E3F72A1D6B0A3] - [05/10/2016 15:48:14] - |A| - [532896] - C:\Windows\system32\AERTACap.dll [MD5.525CE31A6068EA51C0267B9668C1DDA6] - [05/10/2016 15:48:15] - |A| - [105656] - C:\Windows\system32\AERTARen.dll [MD5.3902F6D888569468D0B780E77F9142A8] - [05/10/2016 15:48:26] - |A| - [96608] - C:\Windows\system32\audioLibVc.dll [MD5.4CCC35765D5EDF35367B868BC901EE4D] - [05/10/2016 15:49:00] - |A| - [101328] - C:\Windows\system32\CONEQMSAPOGUILibrary.dll [MD5.E4548231A6042428C6E0AA77A52A1489] - [05/10/2016 15:49:02] - |A| - [1515176] - C:\Windows\system32\CX32APO.dll [MD5.00000000000000000000000000000000] - [05/10/2016 16:13:47] - |D| - [5499583] - C:\Windows\system32\DAX2 [MD5.5048B1C525D9CC101BD6A3D20C004869] - [05/10/2016 15:49:07] - |A| - [232424] - C:\Windows\system32\DDPA32.dll [MD5.5BB9E93828C5A85B60FF30294FECC9B8] - [05/10/2016 15:49:08] - |A| - [1512320] - C:\Windows\system32\DDPD32A.dll [MD5.B1EBA645B02E2B9B6913962C19270050] - [05/10/2016 15:49:09] - |A| - [285624] - C:\Windows\system32\DDPO32A.dll [MD5.E48DDD58E9A90F42E9833DBA28CEC4B0] - [05/10/2016 15:49:10] - |A| - [7053696] - C:\Windows\system32\DDPP32A.dll [MD5.FA4B5940B31853ADE67A73026884C8C9] - [02/10/2016 06:53:13] - |A| - [1130824] - C:\Windows\system32\dfshim.dll [MD5.32DAF499CD148878C3414A7A91A69DFC] - [04/10/2016 09:58:30] - |A| - [120200] - C:\Windows\system32\DLLDEV32i.dll [MD5.DA7769FC2227D865C8A6DDF4D87F8D18] - [05/10/2016 15:49:14] - |A| - [858264] - C:\Windows\system32\DolbyDAX2APOProp.dll [MD5.50EE2CD9ADCF53A238CA19AC5902A212] - [05/10/2016 15:49:15] - |A| - [1816352] - C:\Windows\system32\DolbyDAX2APOv201.dll [MD5.65348D8321E81272E6E8B3ADA0938DCE] - [05/10/2016 15:49:17] - |A| - [4235656] - C:\Windows\system32\DolbyDAX2APOv211.dll [MD5.A1B3E94486E27B9087DAD0DF5CC69511] - [05/10/2016 15:49:28] - |A| - [669592] - C:\Windows\system32\DTSBassEnhancementDLL.dll [MD5.92AECA87748E2E6A22635C021AEEE86C] - [05/10/2016 15:49:29] - |A| - [1239808] - C:\Windows\system32\DTSBoostDLL.dll [MD5.3073771FEE7152679C4A88886A8EF05D] - [05/10/2016 15:49:30] - |A| - [402072] - C:\Windows\system32\DTSGainCompensatorDLL.dll [MD5.BCEC1DEFABE47D96570E63E492C849C3] - [05/10/2016 15:49:31] - |A| - [229584] - C:\Windows\system32\DTSGFXAPO.dll [MD5.23B7FE9AA5C017C5DF7D014E8D6AB1D1] - [05/10/2016 15:49:32] - |A| - [229592] - C:\Windows\system32\DTSGFXAPONS.dll [MD5.E772DDD4C0D3D35C420A818300E17822] - [05/10/2016 15:49:32] - |A| - [229040] - C:\Windows\system32\DTSLFXAPO.dll [MD5.9877CEBC593381F66A5D2FE8DD482CB0] - [05/10/2016 15:49:33] - |A| - [387632] - C:\Windows\system32\DTSLimiterDLL.dll [MD5.5DE4F3F195183EB69218B88B6F73DAEA] - [05/10/2016 15:49:33] - |A| - [471288] - C:\Windows\system32\DTSNeoPCDLL.dll [MD5.89743A559BB6E4A976548A674364E2CD] - [05/10/2016 15:49:34] - |A| - [1313120] - C:\Windows\system32\DTSS2HeadphoneDLL.dll [MD5.173FFFE9063B0243A9197D0F6FDE7236] - [05/10/2016 15:49:35] - |A| - [1531680] - C:\Windows\system32\DTSS2SpeakerDLL.dll [MD5.44701D6E833E2FACFDA4F1DB09337195] - [05/10/2016 15:49:36] - |A| - [645824] - C:\Windows\system32\DTSSymmetryDLL.dll [MD5.6E29C07E7DEE2443912B4F9EC5352B61] - [05/10/2016 15:49:37] - |A| - [415872] - C:\Windows\system32\DTSU2PGFX32.dll [MD5.69044905A7588126C027AF8F60DFF13D] - [05/10/2016 15:49:38] - |A| - [439608] - C:\Windows\system32\DTSU2PLFX32.dll [MD5.89ADEF3301CBEE8C883AEE4250D43599] - [05/10/2016 15:49:38] - |A| - [357992] - C:\Windows\system32\DTSU2PREC32.dll [MD5.37028C9B0AA27C278CEE0493D1C0D722] - [05/10/2016 15:49:39] - |A| - [615880] - C:\Windows\system32\DTSVoiceClarityDLL.dll [MD5.00000000000000000000000000000000] - [03/10/2016 03:02:06] - |D| - [157184] - C:\Windows\system32\EventProviders [MD5.04FE4487398B23C49DF421144E6C887F] - [04/10/2016 10:56:44] - |A| - [796352] - C:\Windows\system32\FlashPlayerApp.exe [MD5.D6AA46EA3C43E8ACAAFF33C3C79BB002] - [04/10/2016 10:56:41] - |A| - [142528] - C:\Windows\system32\FlashPlayerCPLApp.cpl [MD5.75C980C9455B327B6A6EDA1253DD627D] - [04/10/2016 11:52:51] - |A| - [19610304] - C:\Windows\system32\FlashPlayerInstaller.exe [MD5.A2F95AA9C53F9368DF9C808DC00D8796] - [05/10/2016 15:49:40] - |A| - [2899224] - C:\Windows\system32\FMAPO.dll [MD5.90C80B8792A4E3248E4CD64C1144EB14] - [02/10/2016 08:11:42] - |A| - [267912] - C:\Windows\system32\FNTCACHE.DAT [MD5.BDD8E22C897CF36327DC82EB2C4944F7] - [02/10/2016 08:18:24] - |A| - [58560] - C:\Windows\system32\GDIPFONTCACHEV1.DAT [MD5.247DE427D609EA9931D64A13A3EB0F05] - [05/10/2016 15:50:13] - |A| - [312984] - C:\Windows\system32\HiFiDAX2API.dll [MD5.C7D7A53BA94F3700E292E49C6F10E872] - [05/10/2016 15:50:14] - |A| - [308064] - C:\Windows\system32\ICEsoundAPO.dll [MD5.A07B7BEF178D0BACC6B873847E9CA27F] - [05/10/2016 15:50:15] - |A| - [369792] - C:\Windows\system32\KAAPORT.dll [MD5.0F3292A0564C9E8F400A6DD579AC8A01] - [05/10/2016 15:50:17] - |A| - [142328] - C:\Windows\system32\MaxxAudioAPO.dll [MD5.5AF5AA1068770C43CCD8563D1D4CE37F] - [05/10/2016 15:50:18] - |A| - [243864] - C:\Windows\system32\MaxxAudioAPO20.dll [MD5.6510521A261561A162E720BC23F60F5A] - [05/10/2016 15:50:18] - |A| - [522704] - C:\Windows\system32\MaxxAudioAPO30.dll [MD5.36978AB12573A92B382B40621A5484D3] - [05/10/2016 15:50:19] - |A| - [990792] - C:\Windows\system32\MaxxAudioAPO40.dll [MD5.99A19EEDF98BCCC88662D4E114F4EA2C] - [05/10/2016 15:50:20] - |A| - [1028016] - C:\Windows\system32\MaxxAudioAPO50.dll [MD5.C8097AE7295CBB8E0D1A52403DD2207F] - [05/10/2016 15:50:20] - |A| - [1199992] - C:\Windows\system32\MaxxAudioAPO60.dll [MD5.557F4A72B295653AA5514BD80604F00F] - [05/10/2016 15:50:21] - |A| - [2400320] - C:\Windows\system32\MaxxAudioAPO70.dll [MD5.AB0BE428D5704B528ABBC8DEB99C666F] - [05/10/2016 15:50:22] - |A| - [799016] - C:\Windows\system32\MaxxAudioAPOShell.dll [MD5.2D15039B7510A77FB281B93C3C049073] - [05/10/2016 15:50:22] - |A| - [1948808] - C:\Windows\system32\MaxxAudioEQ.dll [MD5.65CBAC2378A90C2B7B1BCA9A18935850] - [05/10/2016 15:50:26] - |A| - [13798184] - C:\Windows\system32\MaxxAudioRealtek.dll [MD5.2EC5AA822D4620519BB3B24F6470E7B0] - [05/10/2016 15:50:27] - |A| - [965688] - C:\Windows\system32\MaxxSpeechAPO.dll [MD5.AF68BC27ACA6A32502292184C0CEB12D] - [05/10/2016 15:50:28] - |A| - [834328] - C:\Windows\system32\MaxxVoiceAPO20.dll [MD5.6D9AB3CBF47B8BAD54DB01442EA53D2E] - [05/10/2016 15:50:28] - |A| - [12014440] - C:\Windows\system32\MaxxVoiceAPO30.dll [MD5.F972EDA8B0AC5BC291B63A42A20587E7] - [05/10/2016 15:50:30] - |A| - [11922520] - C:\Windows\system32\MaxxVoiceAPO40.dll [MD5.E967F672B63163EE05BC4BC7B298221B] - [05/10/2016 15:50:31] - |A| - [522712] - C:\Windows\system32\MaxxVolumeSDAPO.dll [MD5.CC6A9DB4F74E3CF842376F4537479154] - [05/10/2016 15:50:35] - |A| - [868456] - C:\Windows\system32\MISS_APO.dll [MD5.128DD9AF8640DBCC711940903C8B554F] - [02/10/2016 06:53:14] - |A| - [297808] - C:\Windows\system32\mscoree.dll [MD5.AFFE231B3EE0FC8C0D7579CF2CDA6D97] - [05/10/2016 15:50:35] - |A| - [4763576] - C:\Windows\system32\NAHIMICAPOlfx.dll [MD5.CC461D43DF4BBD35205D8AF4CCA7AB82] - [05/10/2016 15:50:36] - |A| - [954200] - C:\Windows\system32\NahimicAPONSControl.dll [MD5.2531A635DB3E7BC0F6F7D0CF1B134AE9] - [05/10/2016 15:50:36] - |A| - [5134064] - C:\Windows\system32\NAHIMICV2apo.dll [MD5.15515AE1540B4EE2B75DF63FC15129DF] - [02/10/2016 06:53:13] - |A| - [49472] - C:\Windows\system32\netfxperf.dll [MD5.302964DCAC79D618CC7B72C778DA9FD2] - [02/10/2016 06:53:14] - |A| - [295264] - C:\Windows\system32\PresentationHost.exe [MD5.DFF617498211FBB3D8D3FCC51A37B777] - [02/10/2016 06:53:15] - |A| - [99176] - C:\Windows\system32\PresentationHostProxy.dll [MD5.FD75CDFBF49B14838FB13BF7A72501EC] - [05/10/2016 15:50:38] - |A| - [101624] - C:\Windows\system32\R4EEA32A.dll [MD5.3D11C5B0A88CACA7F692D0CD7707938C] - [05/10/2016 15:50:38] - |A| - [364024] - C:\Windows\system32\R4EED32A.dll [MD5.89485103F2052050B73A66C618E0E9C3] - [05/10/2016 15:50:39] - |A| - [71712] - C:\Windows\system32\R4EEG32A.dll [MD5.5544159CC41A83F7E8385A55F6427B28] - [05/10/2016 15:50:39] - |A| - [116656] - C:\Windows\system32\R4EEL32A.dll [MD5.DD8FC466513C53893908C624E48C8003] - [05/10/2016 15:50:40] - |A| - [7170872] - C:\Windows\system32\R4EEP32A.dll [MD5.63789DC86CEBD34376C328FD7BA0F19E] - [05/10/2016 15:50:41] - |A| - [72203792] - C:\Windows\system32\RCoRes.dat [MD5.3F543A36903B818FA2F95DABD287B1DA] - [05/10/2016 15:50:51] - |A| - [2692848] - C:\Windows\system32\RltkAPO.dll [MD5.D8238BEAEB974CEE85EBCBED686E4410] - [05/10/2016 15:50:52] - |A| - [307240] - C:\Windows\system32\RP3DAA32.dll [MD5.BFBCB829B2222B5845EBC6A650B2D625] - [05/10/2016 15:50:52] - |A| - [307240] - C:\Windows\system32\RP3DHT32.dll [MD5.00000000000000000000000000000000] - [05/10/2016 16:10:50] - |D| - [2247176] - C:\Windows\system32\RTCOM [MD5.3270A1B2DA6F11417A71ED29E4A4ED6F] - [05/10/2016 15:51:08] - |A| - [181232] - C:\Windows\system32\RTEED32A.dll [MD5.89BF1270EA008031FFB6753E489418FA] - [05/10/2016 15:51:08] - |A| - [74384] - C:\Windows\system32\RTEEG32A.dll [MD5.16019C930D741A4BAA6B8F0D9C990EF0] - [05/10/2016 15:51:08] - |A| - [88280] - C:\Windows\system32\RTEEL32A.dll [MD5.13E5D4F82500B3FA67C7A6A9CB8D4C56] - [05/10/2016 15:51:09] - |A| - [371816] - C:\Windows\system32\RTEEP32A.dll [MD5.AD1E6CD6DC695CE47FF0113B0D8AAF40] - [05/10/2016 15:51:12] - |A| - [2424272] - C:\Windows\system32\RtkApoApi.dll [MD5.344D8FECB0957EFCA70377551D52B948] - [05/10/2016 15:51:16] - |A| - [1984120] - C:\Windows\system32\RtkCoInstII.dll [MD5.10062E02FB51DDCF0CC617AD31B0909F] - [05/10/2016 15:51:17] - |A| - [22160] - C:\Windows\system32\RtkCoLDR.dll [MD5.0276398694CA6C2A1F627F22C0749BC4] - [05/10/2016 15:51:19] - |A| - [2897152] - C:\Windows\system32\RtkPgExt.dll [MD5.8BE31B5139A7540659191A7C8BA03E85] - [05/10/2016 15:51:23] - |A| - [2826496] - C:\Windows\system32\RTSndMgr.cpl [MD5.9954823C33CC3646525F38874A12E1E6] - [05/10/2016 15:51:25] - |A| - [384528] - C:\Windows\system32\SEAPO32.dll [MD5.E58C2E557A693258753FCB0141486039] - [05/10/2016 15:51:26] - |A| - [589080] - C:\Windows\system32\SECOMN32.dll [MD5.349D5F7B226399EE8A16BB5EF002462C] - [05/10/2016 15:51:26] - |A| - [786352] - C:\Windows\system32\SEHDRA32.dll [MD5.5A85326C1AF5CCEB89EDBBE85492AFEE] - [05/10/2016 15:51:27] - |A| - [78488] - C:\Windows\system32\SFAPO.dll [MD5.4DF6079A15ABEF384E8AAC0BD151F328] - [05/10/2016 15:51:27] - |A| - [83648] - C:\Windows\system32\SFCOM.dll [MD5.1E76941BC881C37C4E4876F5276D38F9] - [05/10/2016 15:51:30] - |A| - [225048] - C:\Windows\system32\SFNHK.dll [MD5.27466FEFB4C7CB9DC1C9C5A3CAF48608] - [05/10/2016 15:51:31] - |A| - [936624] - C:\Windows\system32\SFSS_APO.dll [MD5.A8D14181D81D16671E37060639CA240B] - [05/10/2016 15:51:31] - |A| - [927800] - C:\Windows\system32\sl3apo32.dll [MD5.83B3732FEE5EDDE9F207EBDEF93D3596] - [05/10/2016 15:51:32] - |A| - [1180224] - C:\Windows\system32\slcnt32.dll [MD5.307C2AF4D48C6741B382A8725E0ED910] - [05/10/2016 15:51:36] - |A| - [231880] - C:\Windows\system32\slprp32.dll [MD5.126BE3EB9DF08B53E17CBA03BA25DAA2] - [05/10/2016 15:51:36] - |A| - [1604792] - C:\Windows\system32\sltech32.dll [MD5.00000000000000000000000000000000] - [04/10/2016 03:06:33] - |D| - [1739776] - C:\Windows\system32\SPReview [MD5.C6872344A77F98AE796323570D08EA5C] - [05/10/2016 15:51:38] - |A| - [401056] - C:\Windows\system32\SRAPO.dll [MD5.722A437816D6626005838237FF9A3B48] - [05/10/2016 15:51:38] - |A| - [341160] - C:\Windows\system32\SRCOM.dll [MD5.D73632FB99B81F2FC1FC7E82DC066286] - [05/10/2016 15:51:39] - |A| - [1074056] - C:\Windows\system32\SRRPTR.dll [MD5.74F8308BA7CCD8543AA62EAB775BE9D9] - [05/10/2016 15:51:39] - |A| - [183616] - C:\Windows\system32\SRSHP360.dll [MD5.C2FAD3703D8F90FDC41A75E016AC8FB2] - [05/10/2016 15:51:40] - |A| - [196008] - C:\Windows\system32\SRSTSHD.dll [MD5.D6423452A774D4877B75690C53BF0167] - [05/10/2016 15:51:40] - |A| - [357160] - C:\Windows\system32\SRSTSXT.dll [MD5.BC4D350F7357CD75FE83537C7DDB86B2] - [05/10/2016 15:51:40] - |A| - [150560] - C:\Windows\system32\SRSWOW.dll [MD5.C56378F3A1D91D7A6F93B3699D6608FB] - [05/10/2016 15:51:41] - |A| - [144688] - C:\Windows\system32\tadefxapo.dll [MD5.E84D51CBE228613E27E2A3B1CABA2A10] - [05/10/2016 15:51:41] - |A| - [860528] - C:\Windows\system32\tadefxapo2.dll [MD5.6F3783873B424249809A74BCD50B79D3] - [05/10/2016 15:51:42] - |A| - [67760] - C:\Windows\system32\TepeqAPO.dll [MD5.E47A90E7F33F1A89B520807B9B1E7E07] - [05/10/2016 15:51:42] - |A| - [1400808] - C:\Windows\system32\tosade.dll [MD5.C07561D592FE895866E1EBDDFA3E671E] - [05/10/2016 15:51:43] - |A| - [575936] - C:\Windows\system32\tosasfapo32.dll [MD5.71A5BB7BC9E65F4467B7C397C1CF9A2E] - [05/10/2016 15:51:43] - |A| - [151920] - C:\Windows\system32\toseaeapo32.dll [MD5.ADEAE582B470575CE3DF799E1E0CDB2F] - [05/10/2016 15:51:44] - |A| - [863616] - C:\Windows\system32\tossaeapo32.dll [MD5.E4F32CAB9658A6116909DD0559419823] - [05/10/2016 15:51:44] - |A| - [230920] - C:\Windows\system32\tossaemaxapo32.dll [MD5.65D0B5B54C31E576E198D4AA12B15F5D] - [05/10/2016 15:51:46] - |A| - [1832072] - C:\Windows\system32\WavesGUILib.dll [MD5.3A6E33ADBC5A8D3702CB8D42C5938E73] - [05/10/2016 15:51:47] - |A| - [1791800] - C:\Windows\system32\WavesLib.dll [MD5.79565CFC9352A733E91E865C0A24BD2B] - [05/10/2016 20:54:33] - |A| - [5252] - C:\Windows\system32\Drivers\fvstore.dat [MD5.6C29792C1D0FC59B5FC1B0F05DF53FB9] - [01/10/2016 05:31:29] - |A| - [142344] - C:\Windows\system32\Drivers\KeyCrypt32.sys [MD5.A1D52DB330E18B5A7A718D31D950CA87] - [06/10/2016 06:17:21] - |A| - [24448] - C:\Windows\system32\Drivers\mbam.sys [MD5.24A4B357D906D3CB52F370338FA3B62C] - [06/10/2016 06:17:22] - |A| - [123264] - C:\Windows\system32\Drivers\mbamchameleon.sys [MD5.5023F594D5448E16F920157174C61358] - [06/10/2016 06:18:11] - |A| - [170200] - C:\Windows\system32\Drivers\MBAMSwissArmy.sys [MD5.33991F04AD6486D934BA14564B4CF823] - [06/10/2016 06:17:22] - |A| - [53120] - C:\Windows\system32\Drivers\mwac.sys [MD5.9AEC402939B7A460C907FCD0DD1FDA4F] - [05/10/2016 15:50:53] - |A| - [4486133] - C:\Windows\system32\Drivers\RTAIODAT.DAT [MD5.229D439BA6C020E16F6A17B042F951B4] - [05/10/2016 15:51:19] - |A| - [3681024] - C:\Windows\system32\Drivers\RTKVHDA.sys [MD5.7D7FBC9504575D97885A858EA93684F5] - [05/10/2016 15:51:24] - |A| - [5804772] - C:\Windows\system32\Drivers\rtvienna.dat ---------- | Drives R: Q: P: [30/04/2016 19:13:58] - |A| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - P:\BitTorrent (1).exe [30/04/2016 19:17:08] - |RA| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - P:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe [24/05/2016 08:34:30] - |A| - (. - .) - [64] - (0.0.0.0) - P:\a2whitelist.ini [24/05/2016 06:32:13] - |A| - (. - .) - [5774] - (0.0.0.0) - P:\a2settings.ini O: N: [09/05/2011 20:08:50] - |N| - (. - Télécharge et installe VirtualBox portable.) - [301259] - (3.3.6.1) - N:\VirtualBoxPortable.exe [04/05/2011 17:11:58] - |N| - (. - .) - [472466] - (0.8.0.2) - N:\Framakey.exe [03/05/2011 11:24:12] - |N| - (. - .) - [2054] - (0.0.0.0) - N:\Framakey.ini H: [01/01/1601 02:00:00] - |R| - (.Copyright (C) 2013-2016 Macrorit. - Macrorit Partition Extender Free.) - [3381728] - (1.0.0.0) - H:\extender-free-setup.exe G: F: E: D: [02/10/2016 13:58:36] - |A| - (.© 2012 SurfRight B.V. - HitmanPro.Kickstart.) - [143640] - (1.0.0.0) - D:\Kickstarter.exe [02/10/2016 13:58:36] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11579432] - (3.7.14.280) - D:\HitmanPro_x64.exe [02/10/2016 13:58:41] - |A| - (.© 2006-2016 SurfRight, a Sophos company - HitmanPro 3.7.) - [11003784] - (3.7.14.280) - D:\HitmanPro.exe ---------- | C: [25/09/2016 21:28:31] - |D| - [0] - C:\$GetCurrent [14/07/2009 04:36:15] - |SHD| - [516] - C:\$RECYCLE.BIN