--------------- QuickDiag | g3n-h@ckm@n | 2_23.09.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 13/10/2016 09:50:15 Updated 23/09/2016 | 10.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [jean- (Administrator)] - [DESKTOP-37KC94K] (S-1-5-21-4265624635-2019933758-61733912-1001) System: Microsoft Windows 10 Famille - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Extended ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001 ---------- | Video AMD Radeon HD 7310 Graphics - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184 Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:100 % CPU #2 value:100 % Total Overall CPU Usage value:100 % ---------- | Network Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 ---------- | Memory RAM = Total (MB) : 3748 | Free (MB) : 2132 Pagefile = Total (MB) : 7680 | Free (MB) : 5862 Virtual = Total (MB) : 4194 | Free (MB) : 3953 Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron - PartNumber: 8JTF51264AZ-1G6E1 - S/N: DEA02E9 ---------- | SID Users Administrateur : [S-1-5-21-4265624635-2019933758-61733912-500] DefaultAccount : [S-1-5-21-4265624635-2019933758-61733912-503] Invité : [S-1-5-21-4265624635-2019933758-61733912-501] jean- : [S-1-5-21-4265624635-2019933758-61733912-1001] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] AMD FUEL : [S-1-5-21-4265624635-2019933758-61733912-1002] SQLServer2005SQLBrowserUser$DESKTOP-37KC94K : [S-1-5-21-4265624635-2019933758-61733912-1003] MSSQL$ADK : [S-1-5-80-4287524181-3401991209-718407576-1481970793-3068686015] ---------- | Drives P:\ -> [Removable] | [ExtremePRO] | Total : 476.65 Go | Free : 372.73 Go -> FAT32 [USB] N:\ -> [Removable] | [COMPANION] | Total : 30.02 Go | Free : 2.11 Go -> FAT32 [USB] L:\ -> [Fixed] | [WD My Passport 3To] | Total : 2794.49 Go | Free : 222.74 Go -> NTFS [USB] F:\ -> [CDROM] | [Nouveau] | Total : 0.11 Go | Free : 0 Go -> CDFS [SATA] D:\ -> [Removable] | [PARTED MAGI] | Total : 57.89 Go | Free : 57.43 Go -> FAT32 [USB] C:\ -> [Fixed] | [OS] | Total : 930.26 Go | Free : 866.96 Go -> NTFS [SATA] Disk Usage Information [9 total Physical Disks] Physical Drive #0 [C:] : Read:364,459 bytes/sec, Written:16,566 bytes/sec Max Read:364,459 bytes/sec, Max Write:16,566 bytes/sec Physical Drive #1 [Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [P:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #7 [N:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #8 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:364,459 bytes/sec, Write Maximum:16,566 bytes/sec DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_WIRELESS_STICK&REV_1\D0E40BF4E788&0 DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001130911114113&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - External hard disk media - 4 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_EPSON&PROD_STORAGE&REV_1.00\8&39D170AA&0&534E4A593030303390&1 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_REALSIL&PROD_RTSUERLUN0&REV_1.00\0000 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9451\7&18D61DD&0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_EPSON&PROD_STORAGE&REV_1.00\8&39D170AA&0&534E4A593030303390&0 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1100\0116000000008682&0 ---------- | Windows updates No detected update !!! ---------- | Browsers IE : 11.0.14393.0 (© Microsoft Corporation. Tous droits réservés.) FF : 49.0.1.6109 (©Firefox and Mozilla Developers; available under the MPL 2 license.) Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 23.0.0.162 ---------- | Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 488 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 13:42:27] CPU Usage:0 % 756 | [Owner : | Parent : 616() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 13:42:27] CPU Usage:0 % 812 | [Owner : | Parent : 744() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.14393.206) = C:\Windows\System32\winlogon.exe [04/10/2016 03:14:16] CPU Usage:0 % 936 | [Owner : | Parent : 756(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.14393.0) = C:\Windows\System32\services.exe [16/07/2016 13:42:27] CPU Usage:4 % 944 | [Owner : | Parent : 756(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [03/10/2016 21:08:04] CPU Usage:0 % 68 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 748 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1076 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:8 % 1160 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1180 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1208 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1368 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1784 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1144 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 1236 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2680 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2688 | [Owner : | Parent : 936(services.exe) | ?????] - (.TeamViewer GmbH - TeamViewer 11.) - (11.0.65452.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [07/09/2016 06:04:46] CPU Usage:0 % 2720 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2780 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 2832 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe [16/07/2016 13:43:04] CPU Usage:0 % 2876 | [Owner : | Parent : 936(services.exe) | ?????] - (.Check Point Software Technologies, Ltd. - ZAPrivacyService.) - (1.0.0.0) = C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [30/06/2016 07:08:02] CPU Usage:0 % 4084 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 5940 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe [16/07/2016 13:43:06] CPU Usage:0 % 8392 | [Owner : jean- | Parent : 6620() | 117.73 Mo] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe [07/10/2016 13:40:54] CPU Usage:38 % 7824 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 7640 | [Owner : jean- | Parent : 6620() | 32.17 Mo] - (.SosVirus - Pre_Scan.) - (30.9.2016.1) = C:\Users\jean-\Desktop\pre-scan_6_30.09.2016.1.exe [13/10/2016 08:21:31] CPU Usage:0 % 9740 | [Owner : | Parent : 2644() | ?????] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files (x86)\Reason\Security\rsEngineHelper.exe [02/09/2016 16:23:05] CPU Usage:0 % 9832 | [Owner : | Parent : 936(services.exe) | ?????] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [09/09/2016 16:35:30] CPU Usage:0 % 2576 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.206) = C:\Windows\System32\spoolsv.exe [04/10/2016 03:14:38] CPU Usage:0 % 4292 | [Owner : | Parent : 9740(rsEngineHelper.exe) | ?????] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe [16/07/2016 13:42:23] CPU Usage:0 % 4040 | [Owner : jean- | Parent : 1076(svchost.exe) | 21.79 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 13:42:09] CPU Usage:0 % 4540 | [Owner : jean- | Parent : 4040(sihost.exe) | 97.7 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.206) = C:\Windows\explorer.exe [04/10/2016 03:13:34] CPU Usage:0 % 9428 | [Owner : jean- | Parent : 4540(explorer.exe) | 8.13 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe [04/09/2016 15:23:39] CPU Usage:0 % 4996 | [Owner : | Parent : 9832(Agent.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe [09/09/2016 16:37:18] CPU Usage:0 % 4876 | [Owner : jean- | Parent : 68(svchost.exe) | 67.83 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.187) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [03/10/2016 21:08:20] CPU Usage:0 % 5172 | [Owner : jean- | Parent : 68(svchost.exe) | 87.57 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.206) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [04/10/2016 03:14:53] CPU Usage:0 % 6072 | [Owner : jean- | Parent : 68(svchost.exe) | 25.43 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 13:42:05] CPU Usage:0 % 3260 | [Owner : | Parent : 936(services.exe) | ?????] - (.Rebit, Inc. - Rebit Pro Backup Service.) - (5.1.3001.14505) = C:\Program Files\Rebit\Rebit Pro\Rebit-Pro-Svc.exe [23/02/2015 10:44:42] CPU Usage:0 % 10176 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.14393.0) = C:\Windows\System32\vds.exe [16/07/2016 13:42:14] CPU Usage:0 % 5704 | [Owner : jean- | Parent : 1076(svchost.exe) | 11.8 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 13:42:36] CPU Usage:0 % 6712 | [Owner : jean- | Parent : 936(services.exe) | 31.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 13:42:27] CPU Usage:0 % 8500 | [Owner : jean- | Parent : 68(svchost.exe) | 13.17 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 13:42:27] CPU Usage:0 % 5660 | [Owner : jean- | Parent : 68(svchost.exe) | 8.62 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.187) = C:\Windows\System32\SettingSyncHost.exe [03/10/2016 21:08:22] CPU Usage:0 % 3100 | [Owner : jean- | Parent : 4540(explorer.exe) | 4.7 Mo] - (.Check Point Software Technologies Ltd. - ZoneAlarm.) - (14.3.119.0) = C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [28/07/2016 01:26:30] CPU Usage:0 % 2112 | [Owner : | Parent : 936(services.exe) | ?????] - (.Check Point Software Technologies Ltd. - ZoneAlarm.) - (14.3.119.0) = C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [28/07/2016 01:27:56] CPU Usage:0 % 7704 | [Owner : jean- | Parent : 68(svchost.exe) | 24.6 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.0) = C:\Windows\System32\smartscreen.exe [16/07/2016 13:42:05] CPU Usage:0 % 2344 | [Owner : | Parent : 1784(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 13:42:22] CPU Usage:0 % 3868 | [Owner : jean- | Parent : 4540(explorer.exe) | 28.58 Mo] - (.SosVirus - QuickDiag.) - (23.9.2016.1) = C:\Users\jean-\Desktop\quickdiag_2_23.09.2016.1.exe [13/10/2016 08:29:19] CPU Usage:0 % 6544 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Adaptateur inverse de performance WMI.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiApSrv.exe [16/07/2016 13:42:31] CPU Usage:0 % ---------- | MD5 [MD5.13BE475DA00AB05866CC3632F5AD54B0] - [04/10/2016 03:13:34] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4563.77 Ko] - (10.0.14393.206) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 13:42:36] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 13:42:16] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [03/10/2016 21:08:04] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 13:42:42] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.133390D061D94917125DC666DA67ECD0] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [443.95 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.958AD14CDF4EBB6BADDB13F8B39A97CF] - [31/08/2016 16:42:48] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1426.95 Ko] - (10.0.14393.5) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.1A3C4B5559CC49CC2C8B653365D375C7] - [04/10/2016 03:14:16] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [658.5 Ko] - (10.0.14393.206) : C:\WINDOWS\System32\Winlogon.exe [MD5.983266DA83FFF73DBDDD3730A4712228] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [569.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 13:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.7EAFDEF51136E8F2452CEBD8D084F108] - [16/07/2016 13:42:23] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 13:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 13:41:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 13:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [03/10/2016 21:08:24] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.C1294D97AAD475701EB35DF8422D6E15] - [04/10/2016 03:12:01] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1154.34 Ko] - (10.0.14393.206) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 13:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.5DD8CB01C0394F8D052763D2E3C6E684] - [03/10/2016 21:08:12] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2203.34 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 13:41:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 13:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 13:44:03] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.B705D8E3011268160833518FBD80FBCE] - [03/10/2016 21:08:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2478.34 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 13:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 13:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Cloud Antivirus.) - (1.6.7441.347) -- C:\Windows\system32\CcavGuard64.dll (.Zemana Ltd..-.Zemana AntiLogger Free.) - (1.8.2.328) -- C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(2).dll (.COMODO.-.Internet Security Essentials.) - (1.1.7388.29) -- C:\Windows\system32\IseGuard64.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll (..-..) - (1.3.210.1) -- C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll (.C-O-M-O-D-O.-.COMODO BackUp ShellExtension.) - (2.0.0.1834) -- C:\Program Files\COMODO\COMMON\ShellExtension.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1404) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6463) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.625) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (.Rebit, Inc..-.Rebit Pro Shell Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~2.DLL (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll (.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll (..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll (..-..) - (5.0.1.1) -- C:\WINDOWS\SYSTEM32\CHARTV.dll (..-..) - (0.0.0.0) -- C:\Program Files\Unlocker\UnlockerCOM.dll (..-..) - (11.12.945.9202) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll (.Nero AG.-.Nero Burning ROM Shell Extension.) - (17.0.8.0) -- C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\NeroShellExt.dll (.Nero AG.-.Nero Solution Explorer Dynamic Link Library.) - (17.0.0.3) -- C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\SolutionExplorer.dll (.IObit.-.IObitUnlockerExtension.) - (1.2.0.2) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\TeraCopy\TERACO~2.DLL (.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll (.IObit.-.Protected Folder Shell Extension.) - (4.2.0.0) -- C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll (.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files (x86)\KillSoft\KillCopy\killcopy_amd64.dll (..-..) - (1.0.0.2) -- C:\WINDOWS\SysWoW64\ISCM64.dll (.Glarysoft Ltd.-.MHContextHandler.dll.) - (1.0.0.5) -- C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll (.CHENGDU Yiwo Tech Development Co., Ltd..-.EverySync.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EUSyncExtMenux64.dll (.COMODO Security Solutions.-.COMODO BackUp Language DLL.) - (1.0.0.1813) -- C:\Program Files\COMODO\COMMON\LANG\GUILANG.dll (.COMODO.-.COMODO Cloud Antivirus.) - (1.6.7441.347) -- C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavhelper64.dll (.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (10.0.0.1409) -- C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll (..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Cloud Antivirus.) - (1.6.7441.347) -- C:\Windows\system32\CcavGuard64.dll (.COMODO.-.Internet Security Essentials.) - (1.1.7388.29) -- C:\Windows\system32\IseGuard64.dll (.Zemana Ltd..-.Zemana AntiLogger Free.) - (1.8.2.328) -- C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(2).dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\windows\system32\WerEtw.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up EaseUS EverySync - (EaseUS EverySync.lnk [Startup]) - User: DESKTOP-37KC94K\jean- OneDrive - ("C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- DAEMON Tools Pro Agent - ("C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- EPLTarget\P0000000000000000 - (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- Power2GoExpress10 - ("C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe" /Startup [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- KillCopy - ("C:\WINDOWS\system32\killcopy.exe" /kcresume /startup [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- COS - (C:\Program Files\COMODO\cCloud\cCloud.exe [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- Avanquest Message - ("C:\Users\jean-\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\Run]) - User: DESKTOP-37KC94K\jean- AdAwareTray - ("C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe" [HKLM\...\Run]) - User: Public Rebit 5 Dashboard - ("C:\Program Files\Rebit 5\DashUI.exe" [HKLM\...\Run]) - User: Public Rebit Pro Dashboard - ("C:\Program Files\Rebit\Rebit Pro\DashUI.exe" [HKLM\...\Run]) - User: Public - ( [HKLM\...\Run]) - User: Public ZAM - ("C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe" /minimized [HKLM\...\Run]) - User: Public RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\...\Run]) - User: Public WindowsDefender - ("%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun "EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" "Power2GoExpress10"="C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe" /Startup "KillCopy"="C:\WINDOWS\system32\killcopy.exe" /kcresume /startup "COS"=C:\Program Files\COMODO\cCloud\cCloud.exe [07/09/2016 13:44:45] "Avanquest Message"="C:\Users\jean-\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "DAEMON Tools Pro Agent"=0x03000000F795B3572305D201 "EPLTarget\P0000000000000000"=0x020000000000000000000000 "OneDrive"=0x020000000000000000000000 "COS"=0x03000000C0B2466C5B0AD201 "KillCopy"=0x030000001076476C5B0AD201 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=explorer.exe\1 "MRUList"=cba "b"=notepad\1 "c"=C:\Users\jean-\Downloads\zafwSetupWeb_143_119_000.exe\1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "AdAwareTray"="C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe" "Rebit 5 Dashboard"="C:\Program Files\Rebit 5\DashUI.exe" "Rebit Pro Dashboard"="C:\Program Files\Rebit\Rebit Pro\DashUI.exe" ""= "ZAM"="C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe" /minimized "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "WindowsDefender"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "AdAwareTray"=0x020000000000000000000000 "Rebit Pro Dashboard"=0x03000000F047956C5B0AD201 "Rebit 5 Dashboard"=0x0300000030AF896C5B0AD201 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "MalTray"=C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun "Nero BackItUp"="C:\Program Files (x86)\Nero\Nero BackItUp\BackItUp.exe" /WinStart "CLMLServer_For_P2G10"="C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe" "iSkysoft Helper Compact.exe"=C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [07/09/2016 13:26:42] "DelaypluginInstall"=C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [07/09/2016 13:26:21] "YouCam Service7"="C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe" /s "VMXPLXService"="C:\Program Files (x86)\CyberLink\Shared files\VMXPLXShare\Service\VMXPLXService.exe" /s "IseUI"=C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [03/10/2016 20:42:21] "AutoSave"=C:\Program Files (x86)\Avanquest\AutoSaveEssentials\Autosave Essentials.exe [24/10/2008 16:28:30] ""= "CCAV"="C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" -autorun "PlaysTV"="C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup "Raptr"=C:\PROGRA~2\Raptr Inc\Raptr\raptrstub.exe --startup "tvncontrol"="C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave "ZoneAlarm"="C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=1cd46a3d-d2a4-4605-aa3a-6ae662e "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=5 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(4)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(4)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=4 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [28/08/2016 12:41:29] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=944 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 ---------- | .LNK C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk (/SendTo) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk (--sendto) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Assistant d'enregistrement sur CD ou Mp3.lnk (-extfind Golden) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Convertisseur de fichiers audio.lnk (-extfind Switch) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Crescendo - Logiciel de notation de musique.lnk (-extfind Crescendo) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de dictée.lnk (-extfind Express) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de fichiers sonores.lnk (-extfind RecordPad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de streaming audio.lnk (-extfind SoundTap) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Extracteur de rip de CD audio.lnk (-extfind Rip) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Lecteur de synthèse vocale.lnk (-extfind Verbose) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Logiciel de mixage DJ.lnk (-extfind Zulu) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Logiciel de modification de la voix.lnk (-extfind Voxal) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Mixeur multipiste.lnk (-extfind MixPad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Serveur de streaming audio.lnk (-extfind BroadWave) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio\Éditeur de fichiers audio.lnk (-extfind WavePad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker\Shortcuts\Files and Process Monitor.lnk (/m) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker\Shortcuts\Files Monitor.lnk (/mf) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker\Shortcuts\Process Monitor.lnk (/mp) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker\Shortcuts\Taskmanager.lnk (/p) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It\Uninstall.lnk (/x {4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS EverySync.lnk (0) �8mbinh2(l*SG�m EVERYS~1.EXEL �$I�j$I�j.v EverySync.exe C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Convertisseur de fichiers graphiques.lnk (-extfind Pixillion) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Burn - CD, DVD ou Blu-Ray.lnk (-extfind ExpressBurn) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Dictate - Enregistreur.lnk (-extfind Express) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Rip - Extracteur de CD.lnk (-extfind Rip) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Zip - Compression de fichiers.lnk (-extfind ExpressZip) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de capture vidéo.lnk (-extfind Debut) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de comptabilité.lnk (-extfind ExpressAccounts) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de facturation.lnk (-extfind ExpressInvoice) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\MixPad - Mixeur multipiste.lnk (-extfind MixPad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\RecordPad - Enregistreur sonore.lnk (-extfind RecordPad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\SoundTap - Enregistreur de streaming.lnk (-extfind SoundTap) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Switch - Convertisseur de fichiers audio.lnk (-extfind Switch) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\WavePad - Éditeur audio.lnk (-extfind WavePad) C:\Users\jean-\Desktop\Pre_Scan_Donate.lnk (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) C:\Users\jean-\Desktop\Pre_Scan_Restore.lnk (C:\Pre_Scan) C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk (page=SettingsPagePCSystemDevices) C:\Users\Public\Desktop\Manuels EPSON.lnk ( /LA "FR" /FR "DESKTOP") C:\Users\Public\Desktop\NCH Suite.lnk (-suite) C:\Users\Public\Desktop\Optimisation en 1 clic.lnk ( /quickattendance) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk (-extsuite) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk (Identity Card) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk (Start Help -help) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software\EPSON Software Updater.lnk (/ST) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software\Manuels EPSON.lnk ( /LA "FR" /FR "STARTMENU") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012\Configuration Tools\SQL Server Configuration Manager.lnk (/32 C:\WINDOWS\SysWOW64\SQLServerManager11.msc) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Optimisation en 1 clic.lnk ( /quickattendance) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Enregistreur de streaming audio.lnk (-extfind SoundTap) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Extracteur de rip de CD audio.lnk (-extfind Rip) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Mixeur multipiste.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio\Éditeur de fichiers audio.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Convertisseur de cassette vidéo en DVD.lnk (-extfind GoldenVideos) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Logiciel de capture vidéo.lnk (-extfind Debut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Logiciel de création de diaporama.lnk (-extfind PhotoStage) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\Serveur de streaming vidéo.lnk (-extfind BroadCam) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit Pro\Rebit Pro.lnk (--show=full) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec\Optimisation en 1 clic.lnk ( /quickattendance) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Convertisseur de fichiers graphiques.lnk (-extfind Pixillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Burn - CD, DVD ou Blu-Ray.lnk (-extfind ExpressBurn) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Dictate - Enregistreur.lnk (-extfind Express) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Express Rip - Extracteur de CD.lnk (-extfind Rip) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de capture vidéo.lnk (-extfind Debut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de comptabilité.lnk (-extfind ExpressAccounts) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de facturation.lnk (-extfind ExpressInvoice) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Logiciel de transcription.lnk (-extfind Scribe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\MixPad - Mixeur multipiste.lnk (-extfind MixPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\Prism - Convertisseur de formats de fichiers vidéo.lnk (-extfind Prism) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\RecordPad - Enregistreur sonore.lnk (-extfind RecordPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\SoundTap - Enregistreur de streaming.lnk (-extfind SoundTap) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\VideoPad - Éditeur vidéo.lnk (-extfind VideoPad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software\WavePad - Éditeur audio.lnk (-extfind WavePad) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk (/7) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Doxillion - Convertisseur de documents.lnk (-extfind Doxillion) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Graveur de CD, DVD, BluRay.lnk (-extfind ExpressBurn) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Imprimante PDF gras.lnk (-extfind BoltPDF) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Lecteur de synthèse vocale.lnk (-extfind Verbose) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel Classic FTP.lnk (-extfind ClassicFTP) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel d'expansion dactylographique.lnk (-extfind FastFox) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de cryptage et de décryptage.lnk (-extfind Meo) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de sauvegarde.lnk (-extfind FileFort) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires\Logiciel de téléchargement.lnk (-extfind Fling) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Deployment and Imaging Tools Environment.lnk (/k "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\DandISetEnv.bat") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Windows Assessment Console.lnk (wac.exe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Windows Assessment Services - Client.lnk (WASC.exe) ---------- | AppCertDlls | AppInit_DLLs [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(2).dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(2).dll ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=0 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=100 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\jean-\AppData\Local\Microsoft\BingDesktop\themes\2016-10-12.jpg [12/10/2016 11:11:28] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9832038010000000 "MaxVirtualDesktopDimension"=1280 "MaxMonitorDimension"=1280 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010044E8080080070000B0040000D00CA49D6824D20143003A005C00550073006500720073005C006A00650061006E002D005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00420069006E0067004400650073006B0074006F0070005C007400680065006D00650073005C0032003000310036002D00310030002D00310032002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "AutoColorization"=1 "ImageColor"=2940974329 "PreferredUILanguages"=fr-FR "WaitToKillAppTimeout"=200 "AutoEndTasks"=1 "HungAppTimeout"=2000 "ActiveWndTrkTimeout"=0 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=145 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003628010000000000000000000000000001000000130000000000000063000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=7 "GlobalAssocChangedCounter"=124 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "SlowContextMenuEntries"=0x6244842FB87C9C48828C32A6422506AFBF2301005D54A9A2C2A0B4429708A0B2BADD77C89E82000062B06A59D2B415429F74E9109B0A8153D79500000D24645B365B9F4BA75F4925B6A53D5B19A2040034ADB3F9FCB96B41A0EEA957D2D8A78BE9E90200 "Browse For Folder Width"=347 "Browse For Folder Height"=328 "DesktopProcess"=1 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=1 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=0 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=1 "TaskbarGlomLevel"=0 "HideDrivesWithNoMedia"=0 "ReindexedProfile"=1 "TaskbarStateLastRun"=0xB2D6FB5700000000 "NoNetCrawling"=1 "DesktopLivePreviewHoverTime"=0 "ExtendedUIHoverTime"=0 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x0100000000000000FFFFFFFF "0"=0x43004F004E000000 "1"=0x63006F006E0066006900640065006E0074000000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "EnableFirstLogonAnimation"=0 "EnableLinkedConnections"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=95 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=6 "Max Cached Icons"=4000 "MultipleInvokePromptMinimum"=10000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "EnableFirstLogonAnimation"=0 "EnableLinkedConnections"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=95 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=54 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 "FirstLogon"=0 "PUUActive"=0x7BB4D78C0400000005002700827A0000417B000008090500D1000000010001007D7FADC47AF808007AF80800CD180000761600001C030000000000007C74030099050000D8000000C9F88AC23325D20131050200000000000100000000000000 "ParseAutoexec"=1 "AutoRestartShell"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=0 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=7210282440 "ShutdownFlags"=7 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "AutoAdminLogon"=0 "DefaultUserName"=jean-marie.carribon@wanadoo.fr "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "userinit"=C:\WINDOWS\SYSWOW64\userinit.exe, ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "SIGN.MEDIA=71D3B PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000002000000000000000000000000000058280000000000000100000001000000 "SIGN.MEDIA=61294E0 free download manager\FreeDownloadManagerPortable_3.9.7.1627.paf.exe"=0x5341435001000000000000000700000028000000002BA8006EF5A80001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000035260000000000000100000001000000 "G:\Ad-Aware Personal Security\Adaware_Installer.exe"=0x534143500100000000000000070000002800000088521A00794B1B000100000000000000000002067102000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000094790A00000000000100000001000000 "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe"=0x5341435001000000000000000700000028000000E00C9200363D920001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000079AB0200000000000100000001000000 "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000E8C62601C886270101000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000441B9500000000000300000003000000 "SIGN.MEDIA=64FFE PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x53414350010000000000000007000000280000005837030086C803000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002A623A00000000000100000001000000 "C:\Users\jean-\Downloads\filmora_setup_full1084.exe"=0x534143500100000000000000070000002800000090B612009B88130001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F6420300000000000200000002000000 "C:\Program Files\Windows Journal\Journal.exe"=0x534143500100000000000000070000002800000000B0200054AE210001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\Users\jean-\Downloads\UsbFix_8.263.exe"=0x534143500100000000000000070000002800000066892F00000000000100000000000000000001060001000019B4C529E312D1010000000000000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\Unlocker1.9.2.exe"=0x5341435001000000000000000700000028000000DF250600000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009D8F0000000000000100000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\KCinst.exe"=0x534143500100000000000000070000002800000011220900000000000100000000000000000001057100000019B4C529E312D10100000000000000000200000028000000000000000008004000000000000000000000000000000000793A0000000000000100000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\xpsolive.exe"=0x53414350010000000000000007000000280000001B970000000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000E6130000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\wood.exe"=0x534143500100000000000000070000002800000068D40100000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400004200000000000000020000000000012240000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\steam.exe"=0x5341435001000000000000000700000028000000CBAA0100000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000042000000000000000200000000000A1140000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\mac_os_x.exe"=0x534143500100000000000000070000002800000091310200000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400004200000000000000020000000000030120000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\kill_xp.exe"=0x5341435001000000000000000700000028000000602C0200000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000A61B0000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\kclite.exe"=0x5341435001000000000000000700000028000000AEA20100000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000042000000000000000200000000000CA150000000000000100000001000000010000000400000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\army.exe"=0x53414350010000000000000007000000280000003F930100000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000078130000000000000100000001000000010000000400000001000000 "E:\PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000019B4C529E312D1010000000000000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\filmora_setup_full1084.exe"=0x5341435001000000000000000700000028000000906812003E4D130001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F0380700000000000100000001000000 "E:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\Rebit 5 & Daemon Tools Pro 7 aout 2016\DTPro710-0595_paid.exe"=0x53414350010000000000000007000000280000002811C5012D0BC6010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B1080200000000000100000001000000 "E:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\rebitpro-setup-5.1.3001.14505.exe"=0x53414350010000000000000007000000280000005854F703DC7AF70301000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000C530100000000000100000001000000 "E:\barrow 2 & widen 100% sécurisé\efm du musée de l'homme & power2go 11 essentials managers\filmora_resource.exe"=0x5341435001000000000000000700000028000000C0665116434752160100000000000000000001060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000004B260200000000000100000001000000 "SIGN.MEDIA=272F660 PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005150A506000000000400000004000000 "C:\Program Files\Wondershare\Filmora\Filmora.exe"=0x534143500100000000000000070000002800000090003101F122310101000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000ADB7BC03000000000200000002000000 "C:\Users\jean-\AppData\Local\Temp\SoftwareUpdate_Temp\Data\Setup.exe"=0x5341435001000000000000000700000028000000685905004D4706000100000000000000000003060021000019B4C529E312D10100000080000000000200000028000000000000000000004000000000000000000000000000000000C13B0000000000000100000001000000 "C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE"=0x534143500100000000000000070000002800000018DE2900D53E2A000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000028939304000000000100000001000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C0723C01E3C13C0101000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files (x86)\KillSoft\KillCopy\killme.exe"=0x5341435001000000000000000700000028000000DCBA0000000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000040000000000000000000000000000BA150000000000000100000001000000 "SIGN.MEDIA=3DB5FE resizer-free.exe"=0x5341435001000000000000000700000028000000FEB53D00000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000D740200000000000100000001000000 "SIGN.MEDIA=1090E298 Backup data\Windows10Upgrade28084.exe"=0x5341435001000000000000000700000028000000805D5800B4CA580001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F3A56300000000000100000001000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files\IM-Magic\Partition Resizer\dm.resizer.exe"=0x534143500100000000000000070000002800000000BA8E000000000001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009A170B00000000000200000002000000 "G:\Diskeeper15-Professional-30day.exe"=0x53414350010000000000000007000000280000008810C102D624C1020100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000F1720600000000000100000001000000 "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"=0x534143500100000000000000070000002800000010A92000E5E5200001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040040000100000000000000000000000000B952B00000000000200000002000000 "C:\Program Files (x86)\Wondershare\1-Click PC Care\BoostSpeed.exe"=0x534143500100000000000000070000002800000090AA34006BA2350001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D0432801000000000600000006000000 "C:\Program Files\Unlocker\Unlocker.exe"=0x534143500100000000000000070000002800000000E801000000000001000000000000000000020673220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008F0A0000000000000100000001000000 "G:\PortableApps\AntRenamerPortable\AntRenamerPortable.exe"=0x5341435001000000000000000700000028000000406C030029CC03000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AFD70400000000000100000001000000 "G:\barrow 2 & widen 100% sécurisé\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CC830C00000000000100000001000000 "G:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DAC80400000000000200000002000000 "G:\LFS Ultra & 100% Sécurisé\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003CF50A00000000000100000001000000 "G:\LFS Ultra & 100% Sécurisé\hidefolder\hide_pro\LFS Ultra & 100% Sécurisé\LFS Ultra\lfs ultimate\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009F930800000000000100000001000000 "C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe"=0x5341435001000000000000000700000028000000D0ED0B004F0E0C0001000000000000000000000A7122000033504C2B57DFD101000000800000000002000000280000000000000000000040000000000000000000000000000000007E342801000000000300000003000000 "C:\Program Files (x86)\Wondershare\TidyMyMusic\TidyMyMusic.exe"=0x5341435001000000000000000700000028000000386D0D0047C80D0001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7530800000000000200000002000000 "C:\Program Files (x86)\Reason\Security\rsUI.exe"=0x5341435001000000000000000700000028000000F8C21D00DAD31D0001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005FB67D00000000000200000002000000 "C:\Program Files\Condusiv Technologies\Diskeeper\Diskeeper.exe"=0x5341435001000000000000000700000028000000F03A4900F0F2490001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000988B0300000000000100000001000000 "SIGN.MEDIA=64F9E PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x534143500100000000000000070000002800000068370300683204000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FECD2100000000000200000002000000 "C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe"=0x5341435001000000000000000700000028000000B0752900139F290001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006E140100000000000200000002000000 "C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe"=0x5341435001000000000000000700000028000000B0F40F005C5610000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003C800000000000000100000001000000 "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe"=0x5341435001000000000000000700000028000000207A1F00A70120000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BA370000000000000100000001000000 "C:\Program Files (x86)\NCH Software\Switch\switch.exe"=0x5341435001000000000000000700000028000000A07613006952140001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000461E0000000000000100000001000000 "C:\Program Files (x86)\NCH Software\Prism\prism.exe"=0x5341435001000000000000000700000028000000E0481600891B17000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002D1D0000000000000100000001000000 "C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"=0x534143500100000000000000070000002800000020B01700585718000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ED240000000000000100000001000000 "C:\Program Files (x86)\Folder Marker\FolderMarker.exe"=0x534143500100000000000000070000002800000008430E004D0C0F000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000008000000000000000000000000CDBD0100000000000200000002000000 "C:\Program Files (x86)\Reason\herdProtect\Scanner\herdProtectScan.exe"=0x5341435001000000000000000700000028000000101510008E741000010000000000000000000306F5020000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000621C0000000000000100000001000000 "C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe"=0x5341435001000000000000000700000028000000103F0B00522B0C0001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000DE0A1A00000000000100000001000000 "C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe"=0x5341435001000000000000000700000028000000D0392200A6E2220001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000005000000000000000000000400000000000000000000000000000000090718C0C000000000100000001000000000000000000000000000000000000000000000000000000D41C2701000000000300000000000000 "C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C0D2120023FA120001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F0190000000000000100000001000000 "C:\Users\jean-\OneDrive\avanquest achats 05_08_2016\FI_PRO_14.0.34.73_FRA.exe"=0x5341435001000000000000000700000028000000289E8603923D87030100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000008338000000000000200000002000000 "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000068550500221B06000100000000000000000000067102000033504C2B57DFD1010000000100000000 "C:\UsbFix\UsbFix.exe"=0x534143500100000000000000070000002800000000EE1B0036681C0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009A686A00000000000100000001000000 "SIGN.MEDIA=EAE23D02 filmora-80s-effect-pack.exe"=0x5341435001000000000000000700000028000000D8721A13C9641B130100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000BC570500000000000200000002000000 "SIGN.MEDIA=EAE23D02 ThunderbirdPortable_45.3.0_English.paf.exe"=0x5341435001000000000000000700000028000000D83441022C53410201000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000084062500000000000300000003000000 "G:\processclose_1.0.0.3.exe"=0x534143500100000000000000070000002800000000140F0001DC0F0001000000000000000000000A0021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001B070200000000000200000002000000 "SIGN.MEDIA=EAE23D02 filmora-fashion-effect-pack.exe"=0x5341435001000000000000000700000028000000F8B19406C7AF95060100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F91E0500000000000100000001000000 "C:\Users\jean-\Downloads\1-click-pc-care_full821.exe"=0x53414350010000000000000007000000280000006D3CDA000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000073B39700000000000100000001000000 "C:\Users\jean-\Downloads\tidymymusic_full1686.exe"=0x534143500100000000000000070000002800000000E22701519828010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002FB51200000000000100000001000000 "C:\Program Files (x86)\FileMarker.NET\FileMarker.NET.exe"=0x534143500100000000000000070000002800000008B50D0042A00E000100000000000000000002060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002B8F0100000000000100000001000000 "C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe"=0x5341435001000000000000000700000028000000B0DF0A00266C0B00010000000000000000000106F102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000081BA0100000000000100000001000000 "K:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\bitdefender, surfright, glary machin\susetupPro.exe"=0x5341435001000000000000000700000028000000783E6500AA1266000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A41A0500000000000100000001000000 "K:\PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000073832200000000000100000001000000 "K:\events nouveau logo blini\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000124C0C00000000000100000001000000 "K:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004EB00800000000000100000001000000 "K:\PortableApps\FreeFileSyncPortable\FreeFileSyncPortable.exe"=0x534143500100000000000000070000002800000078240300966303000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007E510600000000000300000003000000 "SIGN.MEDIA=4843E PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe"=0x534143500100000000000000070000002800000008C10400DFB905000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000089951700000000000100000001000000 "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe"=0x5341435001000000000000000700000028000000C0342400BB6724000100000000000000000003067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BAEEF900000000000100000001000000 "C:\Program Files (x86)\Glarysoft\Software Update Pro\Modifyiconmodule.exe"=0x5341435001000000000000000700000028000000D0CB10003671110001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000413E0000000000000200000002000000 "SIGN.MEDIA=EAE23D02 Nero_BurningROM2016-21.09.2015_stub_trial.exe"=0x5341435001000000000000000700000028000000000E27004FA327000100000000000000000001067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000008B230C00000000000100000001000000 "C:\Program Files (x86)\Nero\Nero 2016\Nero Launcher\NeroLauncher.exe"=0x5341435001000000000000000700000028000000F0F335013C78360101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000002F230500000000000200000002000000 "C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUpStart.exe"=0x5341435001000000000000000700000028000000082A070095CF070001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000057870200000000000100000001000000 "C:\Users\jean-\Downloads\everysync_trial.exe"=0x5341435001000000000000000700000028000000A87F91014209920101000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000009510100000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131171269795545164 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=0 "ProductType"=2 "InstallTime"=0xA18ABA5F1701D201 "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0x82B4F40A1901D201 "DisableAntiVirus"=0 "InstallLocation"=C:\Program Files\Windows Defender\ "OneTimeSqmDataSent"=1 "PassiveMode"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : MSAFD Irda [IrDA] ---------- | Hosts # 127.0.0.1 localhost # ::1 localhost ---------- | @ [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=https://fr.yahoo.com/?fr=fp-comodo&type=42_33220001005_1.5.398119.328_i_hp_sp "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x01000000190000009CE875E98720163FCC34735896D54F5A4F158F73069E5BBDB5020000000E00000069414B4363317259726E6F253364 "ImageStoreRandomFolder"=uhftd4b "OperationalData"=13 "EdgeSwitchingOSBuildNumber"=10586.th2_release.151029-1700 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C00000002000000030000000083FFFF0083FFFFFFFFFFFFFFFFFFFF240000002400000044030000A4020000 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xFEF799AA8503D201 "IE10TourShown"=1 "IE10TourShownTime"=0xFEF799AA8503D201 "Start Page_TIMESTAMP"=0x2314EC904908D201 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF10010000D400000090030000B4020000 "Use FormSuggest"=no "TabShutdownDelay"=0 "NotifyDownloadComplete"=yes [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0xFEF799AA8503D201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "DnsCacheTimeout"=7200 "KeepAliveTimeout"=300000 "MaxConnectionsPer1_0Server"=8 "MaxConnectionsPerServer"=8 "ReceiveTimeout"=60000 "ServerInfoTimeOut"=300000 "GlobalUserOffline"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://www.google.fr/ "Default_Search_URL"=http://www.google.fr/ "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://www.google.fr/?q={searchTerms} "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "TcpAutotuning"=0 "ProxyEnable"=0 "GlobalUserOffline"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://www.google.fr/ "Default_Search_URL"=http://www.google.fr/ "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://www.google.fr/?q={searchTerms} "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.google.fr/ "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100001001600000001000000000700005E01000006000000410300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030F11C209CE25C4EA73FCD197DEFA6AE0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=22 [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0AA24E16-07B3-4694-8357-3C21ACC5F516} "KnownProvidersUpgradeTime"=0xFEF799AA8503D201 "Version"=5 "UpgradeTime"=0xFEF799AA8503D201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=E-Web Print [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : ---------- | ElevationPolicy [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118}] - (C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\) - nero.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\5.1.50709.0\) - Silverlight.Configuration.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\5.1.50709.0\) - agcp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7481187c-dc80-4938-b27a-ac7e9f789dd1}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IPRELPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eb9906ed-9926-4092-94fc-dc57ddba4f7a}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IARNLPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\) - Silverlight.Configuration.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0}] - (C:\Program Files (x86)\Common Files\Adobe\Updater6) - Adobe_Updater.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader\) - AcroBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\) - agcp.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34372DD3-19BF-454f-BF23-8761F26CFFD2}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewps.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AcroRd32Info.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files (x86)\Windows Live\Mail\) - wlmail.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886D9852-A9A8-4b88-83D4-50FC6616C21D}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewpsbw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AdobeCollabSync.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files (x86)\Windows Live\Messenger\) - msnmsgr.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files (x86)\Windows Live\Writer\) - WindowsLiveWriter.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118}] - (C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\) - nero.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367}] : : [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] : : C:\PROGRA~3\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll ---------- | Ext\Stats [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\SysWOW64\mshtml.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] : : C:\Windows\SysWOW64\ieframe.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A05-F192-11D4-A65F-0040963251E5}] : : C:\Windows\SysWOW64\msxml6.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A0A-F192-11D4-A65F-0040963251E5}] : : C:\Windows\SysWOW64\msxml6.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] : : [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] : : C:\PROGRA~3\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] -> (E-Web Print) : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [27/11/2014 11:38:00] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] -> (iSkysoft iMedia Converter Deluxe 5.1.0) : C:\PROGRA~3\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [07/09/2016 14:08:08] ---------- | Chrome [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm] ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "e-webprint@epson.com"=C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on "ISVCU@iSkysoft.com"=C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll C:\Users\jean-\AppData\Roaming\Mozilla\Firefox\Profiles\1841evbk.default\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20160922113459"); user_pref("browser.startup.homepage_override.mstone", "49.0.1"); user_pref("extensions.blocklist.pingCountTotal", 2); user_pref("extensions.blocklist.pingCountVersion", 2); user_pref("extensions.bootstrappedAddons", "{\"e10srollout@mozilla.org\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\jean-\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1841evbk.default\\\\features\\\\{bcee46c5-f473-4ae7-9bfa-7b238974f648}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true}}"); user_pref("extensions.databaseSchema", 17); user_pref("extensions.e10s.rollout.hasAddon", false); user_pref("extensions.e10s.rollout.policy", "49a"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.1"); user_pref("extensions.getAddons.cache.lastUpdate", 1476268002); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.hotfix.lastVersion", "20160826.01"); user_pref("extensions.lastAppVersion", "49.0.1"); user_pref("extensions.lastPlatformVersion", "49.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{bcee46c5-f473-4ae7-9bfa-7b238974f648}\",\"addons\":{\"e10srollout@mozilla.org\":{\"version\":\"1.3\"}}}"); user_pref("extensions.xpiState", "{\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\jean-\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\1841evbk.default\\\\features\\\\{bcee46c5-f473-4ae7-9bfa-7b238974f648}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.3\",\"st\":1476268007668}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":false,\"v\":\"1.2\",\"st\":1474591843918},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.4\",\"st\":1474591843954},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1474591843955}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"49.0.1\",\"st\":1474591843917}},\"winreg-app-global\":{\"e-webprint@epson.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Epson Software\\\\E-Web Print\\\\Firefox Add-on\",\"e\":false,\"v\":\"1.23.00\",\"st\":1472446526455,\"mt\":1432708226000},\"ISVCU@iSkysoft.com\":{\"d\":\"C:\\\\ProgramData\\\\iSkysoft\\\\Video Converter Ultimate\\\\ISVCU@iSkysoft.com_xpi\",\"e\":false,\"v\":\"5.1.0\",\"st\":1473247582639,\"mt\":1458307132000}}}"); ---------- | Active Connections TCP 127.0.0.1:20158 DESKTOP-37KC94K:56941 ESTABLISHED 9428 TCP 127.0.0.1:56941 DESKTOP-37KC94K:20158 ESTABLISHED 4540 TCP 192.168.1.13:56313 waws-prod-bay-001.cloudapp.net:http TIME_WAIT 0 TCP 192.168.1.13:56314 li1252-218.members.linode.com:http TIME_WAIT 0 TCP 192.168.1.13:56315 li1252-218.members.linode.com:http TIME_WAIT 0 TCP 192.168.1.13:60706 a-0001.a-msedge.net:https ESTABLISHED 5172 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a778058e-ddb3-4e56-a8fe-5582c6425c94}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a778058e-ddb3-4e56-a8fe-5582c6425c94}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | ActiveX [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] - -> [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [10,0,14393,0] - -> [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,10011,16384] - -> [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [10,0,14393,206] - -> [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [11,187,14393,0] - -> [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,14393,82] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\inf\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{31699572-6286-3C1C-A03C-511D59181038}] - (.NET Framework) - [4,0,30319,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,14393,0] - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [10,0,14393,206] - @%SystemRoot%\system32\shell32.dll,-32969 -> U [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [11,187,14393,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,187,14393,0] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,14393,187] - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,10011,16384] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [10,0,14393,0] - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,10011,16384] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{71A5A636-652F-3BE0-BC14-02545E9F5EC7}] - (.NET Framework) - [4,0,30319,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [10,0,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,187,14393,0] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [10,0,14393,187] - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] - -> ---------- | Applications [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA} Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3} Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CLWFLService7 - AppID: {03C200E3-11BC-49ea-8BAB-3B09120AC3AE} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: Microsoft SQL Server Replication Remote Merge Agent 11.0 - AppID: {042A4340-A4D7-44DD-A22E-93278FB52475} Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B} Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96} Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B} Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A} Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323} Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: NeroShellExt - AppID: {10EBE05D-77B3-4C15-9080-6002AFD08B48} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80} Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0} Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B} Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC} Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A} Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A} Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31} Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC} Name: NAUpdate - AppID: {1AC9CDC0-9D87-4371-9DE7-65C3F39AE5E6} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: Disc soft DT Pro bus service - AppID: {1E9D16CB-FF03-481F-ABE2-F406C2808FE2} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69} Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A} Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00} Name: InstallAgentUserBroker - AppID: {28d08f70-46eb-4f26-a6cb-54b75132e100} Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: CMSVSWrap Object - AppID: {2B29DD0A-49D7-4C85-B4DA-64B1A22F1671} Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: DTS Package Host (32-bit) - AppID: {2CB1C2AA-A8EA-41CD-B439-25F4F4C846A9} Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37} Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C} Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD} Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606} Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97} Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F} Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90} Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d} Name: Microsoft SQL Server Replication Logreader Agent 11.0 - AppID: {368C2E48-7E89-4970-94C9-6757E96C49AF} Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB} Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C} Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2} Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B} Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6} Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1} Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E} Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61} Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85} Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C} Name: PIFUAC - AppID: {45CB30B1-B453-488a-9E8F-CE3C2ABFAAA7} Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E} Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849} Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B} Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB} Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d} Name: IndexedDbCacheServer - AppID: {49f6e667-6658-4bd1-9de9-6af87f9faf85} Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: DTS Task Host (32-bit) - AppID: {4D3E4495-4A1C-4AB6-BFCB-E4056EB546D0} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E} Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b} Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA} Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212} Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B} Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6} Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309} Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0} Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1} Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF} Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3} Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23} Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A} Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: AcroIEHelperShim - AppID: {77AB4812-5411-4EA9-8437-77AD0F230302} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: CLMLSvc_P2G10 - AppID: {7AF75464-3A22-4BB6-A2A0-F9ED5B72DD77} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E} Name: CnxtDSPdll - AppID: {81D6AA8D-5401-4EE7-A7A2-95133649C977} Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B} Name: wlcsdk - AppID: {83B16523-1802-47EF-A9A6-2B3C8B796A6F} Name: Microsoft SQL Server Integration Services 11.0 - AppID: {83B33982-693D-4824-B42E-7196AE61BB05} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54} Name: UACObject - AppID: {8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC} Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24} Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2} Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: SQLTaskConnections - AppID: {91A708A7-D12F-4B03-B8D0-DDE814119454} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60} Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE} Name: Microsoft SQL Server Replication Remote Dist Agent 11.0 - AppID: {99434DAB-0F08-4F30-8CCF-B3E80296C907} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276} Name: MalwareHunterContextHandler - AppID: {9D8C0710-8D32-4A42-84E5-210927BC6CB0} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57} Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe} Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3} Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C} Name: PDFShellInfo - AppID: {A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121} Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: IA3DUtility - AppID: {A7D71146-EBCD-4E6C-916C-E77865BCC53B} Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A} Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41} Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325} Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d} Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871} Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1} Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA} Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E} Name: VSSCOM - AppID: {B3E2C31B-A5EB-406C-890D-04D23EC4E315} Name: UACObject - AppID: {B49FBDA8-D846-43c4-ACAA-06D7794374C8} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755} Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: ewpsie_tb - AppID: {BBFE69BB-2EA4-49A6-99F3-9408974D0684} Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41} Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b} Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD} Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D} Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880} Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3} Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5} Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F} Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad} Name: EPTBL - AppID: {CACC252F-95A7-4741-BBE8-FB1F18C2826F} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F} Name: ShellExtension - AppID: {CB65493D-4F92-4301-8EDB-0C93266A3B51} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: CcavHelper - AppID: {CD10AF2C-3024-4CF0-B978-0FBB7C4FE14C} Name: Dispatch - AppID: {CD9DD8FF-5FE5-44AB-AA3E-646052717FFF} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: SwapAPODll - AppID: {CF85F74A-E465-4fb6-898F-8F72C2B84D8E} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: Microsoft SQL Server Replication Distribution Agent 11.0 - AppID: {D41192E9-AB13-4A23-AB3B-A5FED98306DB} Name: URLReqService - AppID: {D4859CE9-3B25-4235-8973-A74F5D9A04F2} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03} Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6} Name: IndexedDbBrokerServer - AppID: {dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6} Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61} Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a} Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E} Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F} Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886} Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744} Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: ImagXpr7 - AppID: {ED512BE6-6629-4FB4-953D-D0C353847163} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F} Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137} Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Microsoft SQL Server Replication Queuereader Agent 11.0 - AppID: {FD737704-43CB-4791-B4DB-EE8CDBC64450} Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C} Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D} Name: Microsoft SQL Server Replication Merge Agent 11.0 - AppID: {FDF7E044-456E-46C5-A396-807479AAFB4D} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{83B33982-693D-4824-B42E-7196AE61BB05}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{83B33982-693D-4824-B42E-7196AE61BB05}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD9DD8FF-5FE5-44AB-AA3E-646052717FFF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CD9DD8FF-5FE5-44AB-AA3E-646052717FFF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544" ---------- | Svchost - Netsvcs (Whitelisted) NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Adobe] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Akeo Consulting] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\AOMEI] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\AppDataLow] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ArcticLine] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Ashampoo] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ASProtect] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ATI] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Auslogics] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Avanquest] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BitTorrent] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BugSplat] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BVRP Software] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Caphyon] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\CheckPoint] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Code Sector] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\COMODO] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ComodoGroup] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\CyberLink] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Cygnus Solutions] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Disc Soft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EaseUS] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EPSON] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EPSON Software Updater] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ESET] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\GlarySoft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Google] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\IMSIDesign] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\iSkysoft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\KillSoft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Leadertech] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\LiberKey] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Licenses] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\LogiShrd] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Logitech] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Magix] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Mozilla] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\NCH Software] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\NCH Swift Sound] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Nero] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\PlaysTV] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Policies] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Raptr] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Realtek] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Reason] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Rebit] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\RegisteredApplications] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SEIKO EPSON CORPORATION] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SFR] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SyncEngines] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\sysinternals] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Trolltech] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\UsbFix] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\uTorrentPlus] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WinRAR SFX] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Wondershare] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Wow6432Node] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WSVCUPlugin] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Zemana] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Zone Labs] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\{6487FE51-5D05-4253-8338-2B2FAF2E0214}] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\{80768678-7367-4d4f-9DBE-4CD4AC6D02AF}] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\Ashampoo] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVC3] [HKLM\Software\Bitdefender] [HKLM\Software\Clients] [HKLM\Software\Code Sector] [HKLM\Software\COMODO] [HKLM\Software\ComodoGroup] [HKLM\Software\Condusiv Technologies] [HKLM\Software\CyberLink] [HKLM\Software\Disc Soft] [HKLM\Software\Diskeeper Corporation] [HKLM\Software\EPSON] [HKLM\Software\ESET] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Intel] [HKLM\Software\KeyCryptSDK] [HKLM\Software\Khronos] [HKLM\Software\Lavasoft] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\Reason] [HKLM\Software\Rebit] [HKLM\Software\Rebit 5] [HKLM\Software\RegisteredApplications] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Wondershare] [HKLM\Software\WOW6432Node] [HKLM\Software\Zemana] [HKLM\Software\ZmnGlobalSDK] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\Ashampoo] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\Auslogics] [HKLM\Software\WOW6432Node\Avanquest] [HKLM\Software\WOW6432Node\Avanquest Software] [HKLM\Software\WOW6432Node\BVRP Software] [HKLM\Software\WOW6432Node\CheckPoint] [HKLM\Software\WOW6432Node\COMODO] [HKLM\Software\WOW6432Node\ComodoGroup] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\Cygnus Solutions] [HKLM\Software\WOW6432Node\Driver-Soft] [HKLM\Software\WOW6432Node\EaseUS] [HKLM\Software\WOW6432Node\EaseUS Todo Backup] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\g3n-h@ckm@n] [HKLM\Software\WOW6432Node\GlarySoft] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\iSkysoft] [HKLM\Software\WOW6432Node\iSkysoftSysMenuDATA] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\KillSoft] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\logishrd] [HKLM\Software\WOW6432Node\Logitech] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NCH Software] [HKLM\Software\WOW6432Node\Nero] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\PlaysTV] [HKLM\Software\WOW6432Node\Raptr] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Reason] [HKLM\Software\WOW6432Node\Rebit] [HKLM\Software\WOW6432Node\Seiko Epson Corporation] [HKLM\Software\WOW6432Node\simplitec] [HKLM\Software\WOW6432Node\Software] [HKLM\Software\WOW6432Node\SOSVirus] [HKLM\Software\WOW6432Node\sysinternals] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\Turbo View & Convert] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WiseCleaner] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Zemana] [HKLM\Software\WOW6432Node\Zone Labs] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | FeatureControl [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "ServiceProvider.exe"="8000" "TuneItUp.exe"="8000" "utorrentie.exe"="11000" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION] "utorrentie.exe"="0" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "utorrentie.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" "Filmora.exe"="9999" "sllauncher.exe"="8000" "PhotoDirector8.exe"="8000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" "sllauncher.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "excel.exe"="1" "infopath.exe"="1" "powerpnt.exe"="1" "winword.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "BackItUp.exe"="1" "BackItUpUpdate.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" "sllauncher.exe"="8000" "BackItUp.exe"="9000" "BackItUpUpdate.exe"="9000" "Power2Go10.exe"="8000" "YouCam7.exe"="9000" "WiseJetSearch.exe"="11000" "TBConsoleUI.exe"="9999" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" "sllauncher.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "sllauncher.exe"="6" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "sllauncher.exe"="6" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" "WindowsLiveWriter.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" "sllauncher.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "excel.exe"="1" "infopath.exe"="1" "powerpnt.exe"="1" "winword.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.00000000000000000000000000000000] - [03/10/2016 20:52:45] - |D| - [26482892] - C:\Program Files (x86)\Avanquest [MD5.00000000000000000000000000000000] - [03/10/2016 20:28:46] - |AD| - [3127447] - C:\Program Files (x86)\Avanquest update [MD5.00000000000000000000000000000000] - [13/10/2016 08:54:44] - |D| - [44204127] - C:\Program Files (x86)\CheckPoint [MD5.00000000000000000000000000000000] - [03/10/2016 20:42:17] - |D| - [19467000] - C:\Program Files (x86)\COMODO [MD5.00000000000000000000000000000000] - [12/10/2016 12:42:22] - |D| - [32175208] - C:\Program Files (x86)\Driver-Soft [MD5.00000000000000000000000000000000] - [05/10/2016 19:36:58] - |AD| - [5538848] - C:\Program Files (x86)\ISO to USB [MD5.00000000000000000000000000000000] - [11/10/2016 08:46:11] - |AD| - [93587717] - C:\Program Files (x86)\Mozilla Firefox [MD5.00000000000000000000000000000000] - [11/10/2016 08:47:23] - |D| - [262595] - C:\Program Files (x86)\Mozilla Maintenance Service [MD5.00000000000000000000000000000000] - [05/10/2016 14:26:14] - |D| - [0] - C:\Program Files (x86)\Raptr [MD5.00000000000000000000000000000000] - [05/10/2016 14:27:22] - |D| - [383352580] - C:\Program Files (x86)\Raptr Inc [MD5.00000000000000000000000000000000] - [04/10/2016 07:21:10] - |D| - [64649869] - C:\Program Files (x86)\simplitec [MD5.13BE475DA00AB05866CC3632F5AD54B0] - [04/10/2016 03:13:34] - |A| - [4673296] - C:\WINDOWS\explorer.exe [MD5.FC689BE36FA4254D8576A23B697B6B17] - [04/10/2016 03:14:24] - |A| - [130560] - C:\WINDOWS\splwow64.exe [MD5.934521750E93D7F5311B49EE4EAE5271] - [13/10/2016 09:17:12] - |A| - [332716] - C:\WINDOWS\ZAM.krnl.trace [MD5.F516F09B9D96759DF7222705EBB19953] - [13/10/2016 09:17:12] - |A| - [306276] - C:\WINDOWS\ZAM_Guard.krnl.trace [MD5.FEEDE918DD476ADF16D05F2F6BEAE774] - [04/10/2016 08:47:54] - |A| - [49152] - C:\WINDOWS\Installer\1d1676a.msi [MD5.B23E83F39E48A3C1B9FED09CCA2D6616] - [13/10/2016 08:55:20] - |A| - [10862080] - C:\WINDOWS\Installer\3ed3f8.msi [MD5.0AAF9BE6AB100DF1ECA27A6F6C91F6C1] - [13/10/2016 08:55:15] - |A| - [6151680] - C:\WINDOWS\Installer\3ed3fd.msi [MD5.98CD50DB1406BD3ACC3473658A32D3CA] - [03/10/2016 23:10:28] - |RA| - [53339648] - C:\WINDOWS\Installer\d79ae1.msp [MD5.4C8CE7556917CD925A093B72CF16D0B6] - [03/10/2016 20:32:43] - |A| - [136930] - C:\WINDOWS\Installer\MSI223C.tmp [MD5.63B1683833CC9EDAE9797E1948A4CF53] - [03/10/2016 20:34:23] - |A| - [50432] - C:\WINDOWS\Installer\MSIA890.tmp [MD5.63B1683833CC9EDAE9797E1948A4CF53] - [03/10/2016 20:34:23] - |A| - [50432] - C:\WINDOWS\Installer\MSIA95C.tmp [MD5.77D80FB4087AE4316EC67F86D6C7AC77] - [05/10/2016 14:24:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36} [MD5.F8BAB404362E7A71F1D18D66389134CC] - [12/10/2016 11:13:58] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00} [MD5.8FB5DC455785E0BAA02B9C2E5D86318B] - [13/10/2016 08:58:53] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8220EEFE-38CD-377E-8595-13398D740ACE} [MD5.31A231B50C7DB6182F8C160D4D3768D4] - [13/10/2016 09:01:35] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8A7820F0-5261-42FC-9790-4D932E7BC5B1} [MD5.4276FE00734463BD9D945B1D2B5B0EB8] - [05/10/2016 14:25:11] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{929FBD26-9020-399B-9A7A-751D61F0B942} [MD5.87FD2F24B3F9BAB2E120392F18C741EB] - [12/10/2016 12:49:53] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{9E04F23D-3E2E-4A62-AEBF-8BC952400657} [MD5.ADBD4A96580B90BB127243B4A991255D] - [05/10/2016 14:25:05] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A749D8E6-B613-3BE3-8F5F-045C84EBA29B} [MD5.189FEC42EA7D6632FE746E683E4DFA9D] - [13/10/2016 09:02:13] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B025F14A-25E6-46CA-9308-1B1D3393CAC8} [MD5.2285046F7658966853A011A614F8450E] - [04/10/2016 08:48:32] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BBEC10F9-AC15-41EE-A271-0B1077F53740} [MD5.BE6F4FE9976376E45B28CE044A0BAF6D] - [12/10/2016 11:13:42] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} [MD5.E7FD77B3DCBF0D84A842FBDAF0208318] - [05/10/2016 14:25:39] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F389A14F-B924-E628-4E4F-8D93AFB0215F} [MD5.1040810D317D3A4D41BD983CC26DE1F2] - [05/10/2016 14:24:45] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607} [MD5.00000000000000000000000000000000] - [12/10/2016 12:50:07] - |D| - [17886] - C:\WINDOWS\Installer\{9E04F23D-3E2E-4A62-AEBF-8BC952400657} [MD5.00000000000000000000000000000000] - [05/10/2016 14:25:47] - |D| - [41530] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F} [MD5.B12D82277BD6133ACEAF8F60E5A2EA21] - [04/10/2016 03:14:55] - |A| - [424960] - C:\WINDOWS\system32\aadcloudap.dll [MD5.77F6997F18D6C22806111ADB59CDD3D2] - [04/10/2016 03:14:56] - |A| - [1107456] - C:\WINDOWS\system32\aadtb.dll [MD5.3E605CE3C04165B3718B1E4C1E7F5085] - [04/10/2016 03:13:13] - |A| - [284160] - C:\WINDOWS\system32\AboveLockAppHost.dll [MD5.BDD9BD6910DB26CCC136CB1E2271D1C6] - [04/10/2016 03:13:11] - |A| - [441856] - C:\WINDOWS\system32\AccountsRt.dll [MD5.7A6428929BBDB854042D83494DD13101] - [03/10/2016 21:07:19] - |A| - [5511680] - C:\WINDOWS\system32\aclui.dll [MD5.64D6DAF0FCC16F7F05CD629CC00A60E8] - [04/10/2016 03:14:27] - |A| - [160768] - C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll [MD5.BDCF02173186A49AB4B9EAEF5B555ED1] - [03/10/2016 21:08:27] - |A| - [68096] - C:\WINDOWS\system32\AddressParser.dll [MD5.1B070DB48CC151B0A2DBF62C10687079] - [04/10/2016 03:14:34] - |A| - [1218912] - C:\WINDOWS\system32\aeinv.dll [MD5.618EAA72DD130C38F8AE0D7994167AE6] - [04/10/2016 03:12:04] - |A| - [445765] - C:\WINDOWS\system32\ApnDatabase.xml [MD5.8909765835EEE337C718EAF2CA931A2C] - [03/10/2016 21:07:16] - |A| - [170496] - C:\WINDOWS\system32\AppCapture.dll [MD5.EBB2F503484E75D293613279EA3CB7EA] - [04/10/2016 03:14:27] - |A| - [1060352] - C:\WINDOWS\system32\AppContracts.dll [MD5.73FAA5517CCD1332F00192A303CF2026] - [04/10/2016 03:13:08] - |A| - [125952] - C:\WINDOWS\system32\appinfo.dll [MD5.E2AAF07BEB81E6E4CAC382F0B2CA551C] - [03/10/2016 21:08:27] - |A| - [140288] - C:\WINDOWS\system32\AppointmentActivation.dll [MD5.E5E8355A42EF15E56617EC7197953EB8] - [04/10/2016 03:12:05] - |A| - [771072] - C:\WINDOWS\system32\AppointmentApis.dll [MD5.11684DCA3DF7A22051CB9DB289F807CD] - [04/10/2016 03:14:29] - |A| - [1469120] - C:\WINDOWS\system32\appraiser.dll [MD5.21DC11DA29484AE026E536F2EA7E79E5] - [04/10/2016 03:12:08] - |A| - [560128] - C:\WINDOWS\system32\AppReadiness.dll [MD5.9617BFEF3E4D8D4CB2C62FCFBA51AABB] - [04/10/2016 03:13:20] - |A| - [176128] - C:\WINDOWS\system32\apprepapi.dll [MD5.1CC092A4CE877889925BBCFFB5F69DBC] - [04/10/2016 03:13:24] - |A| - [379904] - C:\WINDOWS\system32\apprepsync.dll [MD5.7E22C42866DC78186FE382A4DB61414E] - [04/10/2016 03:13:15] - |A| - [406016] - C:\WINDOWS\system32\AppXDeploymentClient.dll [MD5.CB452DA937BF1977FA21973062AD325E] - [03/10/2016 21:07:19] - |A| - [956416] - C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll [MD5.DA4D5721BA92CE6AF1466C5C9D4A7475] - [04/10/2016 03:12:55] - |A| - [1690112] - C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll [MD5.92397A07CDAD0CB73957A305F33DB634] - [04/10/2016 03:12:56] - |A| - [2264064] - C:\WINDOWS\system32\AppXDeploymentServer.dll [MD5.5D8F83419BA1C7863FD5A61CD48344ED] - [04/10/2016 03:12:41] - |A| - [590960] - C:\WINDOWS\system32\AudioSes.dll [MD5.A0F7114A69A67316B9707F1809061F86] - [04/10/2016 03:12:53] - |A| - [942080] - C:\WINDOWS\system32\audiosrv.dll [MD5.56A81460571A74A268B5D529FC65791C] - [04/10/2016 03:13:10] - |A| - [146432] - C:\WINDOWS\system32\AuthBroker.dll [MD5.AAD9D7162339D9309CA8D4EF1F05C0C4] - [03/10/2016 21:07:17] - |A| - [881664] - C:\WINDOWS\system32\authui.dll [MD5.FD1107005087488531DF837302F2ABF1] - [04/10/2016 03:12:58] - |A| - [1908224] - C:\WINDOWS\system32\AzureSettingSyncProvider.dll [MD5.3413167278CBF08DAE6D5EDDA1C36A94] - [04/10/2016 03:13:19] - |A| - [57856] - C:\WINDOWS\system32\BackgroundMediaPolicy.dll [MD5.A0164A9FEF887AE1E693F8763AFB9D24] - [03/10/2016 21:07:16] - |A| - [605184] - C:\WINDOWS\system32\bcastdvr.exe [MD5.2B4D3AEAAD02954F8C191BC2D67949AD] - [04/10/2016 03:14:34] - |A| - [361472] - C:\WINDOWS\system32\bdesvc.dll [MD5.ABAE5C42642A9EC0E4DE48A2582E8EA9] - [04/10/2016 03:14:22] - |A| - [33792] - C:\WINDOWS\system32\bdeui.dll [MD5.6CEF0C703030EF548C116A3D65CD94A9] - [04/10/2016 03:12:04] - |A| - [280472] - C:\WINDOWS\system32\bdeunlock.exe [MD5.6E10195D98E708B11D2A78AF4C51D1B8] - [03/10/2016 21:08:05] - |A| - [7792640] - C:\WINDOWS\system32\BingMaps.dll [MD5.974FA5866D2F4FB4D7FDEB4BDB911071] - [03/10/2016 21:08:06] - |A| - [820736] - C:\WINDOWS\system32\BingOnlineServices.dll [MD5.BD33624B1F5C35F519E87B53DBC30B34] - [04/10/2016 03:12:56] - |A| - [770560] - C:\WINDOWS\system32\bisrv.dll [MD5.94E46B3464C0971C64BBBA33F19E27ED] - [04/10/2016 03:15:06] - |A| - [112128] - C:\WINDOWS\system32\BitLockerDeviceEncryption.exe [MD5.92C8FB2FC12757888339C0CC30A99B5A] - [04/10/2016 03:12:43] - |A| - [171520] - C:\WINDOWS\system32\biwinrt.dll [MD5.C29A5DDEF61432C02D7EC6720D4B2A65] - [04/10/2016 03:14:30] - |A| - [582656] - C:\WINDOWS\system32\BootMenuUX.dll [MD5.2DF0DE73B794D2D16A1468A4E046B7A6] - [04/10/2016 03:13:13] - |A| - [3753984] - C:\WINDOWS\system32\bootux.dll [MD5.24B65D4E88E96C2BD26277FF731402FF] - [04/10/2016 03:12:01] - |A| - [94720] - C:\WINDOWS\system32\browserbroker.dll [MD5.DE02D4663E20AA4875EDE755731F24D8] - [04/10/2016 03:13:26] - |A| - [92672] - C:\WINDOWS\system32\BthRadioMedia.dll [MD5.6C2FBD0580EBC02B723E9DFDE160609E] - [04/10/2016 03:14:57] - |A| - [104960] - C:\WINDOWS\system32\CastLaunch.dll [MD5.E08C00B7044F58E7D53CB4F6451D3ABB] - [03/10/2016 21:08:03] - |A| - [227840] - C:\WINDOWS\system32\cdd.dll [MD5.31F1640593CE34D9E5CD049A71787B7F] - [04/10/2016 03:14:44] - |A| - [5111296] - C:\WINDOWS\system32\cdp.dll [MD5.2439A82EC0BB421FA2B21E0A1C6C997F] - [04/10/2016 03:14:34] - |A| - [410624] - C:\WINDOWS\system32\cdpsvc.dll [MD5.4279D54DD2273B06EEAD7006D6938813] - [04/10/2016 03:14:34] - |A| - [339456] - C:\WINDOWS\system32\cdpusersvc.dll [MD5.9A08B837ACD1F011C7412AE936288599] - [04/10/2016 03:13:35] - |A| - [2914304] - C:\WINDOWS\system32\CertEnroll.dll [MD5.E3B13782BD1570B72B084C932555E887] - [04/10/2016 03:13:55] - |A| - [8122880] - C:\WINDOWS\system32\Chakra.dll [MD5.5725D2F9E67D2D2F944777384BFC5EC3] - [03/10/2016 21:08:20] - |A| - [1081856] - C:\WINDOWS\system32\Chakradiag.dll [MD5.A972DDEFFEF76A9643A65F07C6762154] - [03/10/2016 21:08:21] - |A| - [140288] - C:\WINDOWS\system32\Chakrathunk.dll [MD5.9B98474C622059BFB1FFA17A93E34C1D] - [04/10/2016 03:12:05] - |A| - [748544] - C:\WINDOWS\system32\ChatApis.dll [MD5.66631B2AA34415118970A1A3CDEBD241] - [04/10/2016 03:15:13] - |A| - [634944] - C:\WINDOWS\system32\ci.dll [MD5.C50FBFDC76EAF8D22EC203B433D0EEFE] - [03/10/2016 21:08:45] - |A| - [200704] - C:\WINDOWS\system32\ClipboardServer.dll [MD5.D2AC79B1D85E68D377FAB1B240D2DB52] - [04/10/2016 03:14:47] - |A| - [1377016] - C:\WINDOWS\system32\ClipUp.exe [MD5.3586DC3E48B56A222752D11AB4DC61A2] - [04/10/2016 03:12:39] - |A| - [241504] - C:\WINDOWS\system32\CloudExperienceHost.dll [MD5.FD26769349ACB971AA1F073A0F2E0096] - [04/10/2016 03:12:40] - |A| - [160096] - C:\WINDOWS\system32\CloudExperienceHostBroker.dll [MD5.F229D439360A1B31108772B1DC922EAE] - [04/10/2016 03:14:25] - |A| - [146784] - C:\WINDOWS\system32\CloudExperienceHostCommon.dll [MD5.621BE7A39C4A2E06E2D9A223A8AB2DD2] - [03/10/2016 21:07:16] - |A| - [178528] - C:\WINDOWS\system32\CloudExperienceHostUser.dll [MD5.3A92354FCB3EFAF96FCD4D09033BE8B0] - [04/10/2016 03:14:19] - |A| - [715264] - C:\WINDOWS\system32\clusapi.dll [MD5.43A8752487FD220B0B79A2BB5E9E7362] - [04/10/2016 03:14:24] - |A| - [36864] - C:\WINDOWS\system32\cmintegrator.dll [MD5.B1F78E588635D91D829D936C572D491C] - [03/10/2016 21:07:42] - |A| - [2913104] - C:\WINDOWS\system32\combase.dll [MD5.84E6B2DA8122301E92682EFA38D687E7] - [04/10/2016 03:14:29] - |A| - [50880] - C:\WINDOWS\system32\CompatTelRunner.exe [MD5.2D1EB38090218C4EE313C69808D89AA0] - [04/10/2016 03:12:57] - |A| - [1639424] - C:\WINDOWS\system32\comsvcs.dll [MD5.BD4167C80AF17E32DA4476BB4FB51527] - [04/10/2016 03:15:01] - |A| - [266240] - C:\WINDOWS\system32\ConsoleLogon.dll [MD5.F729F21451A7948444ACA11FE3E51C48] - [03/10/2016 21:08:27] - |A| - [54784] - C:\WINDOWS\system32\ContactActivation.dll [MD5.27F24251BCB386B217EF8BF131558B91] - [04/10/2016 03:12:16] - |A| - [1013760] - C:\WINDOWS\system32\ContactApis.dll [MD5.0611AD525FD80B4C963761EC77B30F20] - [04/10/2016 03:15:11] - |A| - [603488] - C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll [MD5.03DCC01047713690E312B013C60881AE] - [04/10/2016 03:13:21] - |A| - [764936] - C:\WINDOWS\system32\CoreMessaging.dll [MD5.9E05512FF72865FC863F477210462C12] - [04/10/2016 03:14:26] - |A| - [2681200] - C:\WINDOWS\system32\CoreUIComponents.dll [MD5.92775327FB6A80C98E085D1C1C8CC879] - [04/10/2016 03:11:59] - |A| - [886784] - C:\WINDOWS\system32\CPFilters.dll [MD5.00D26DFCB55A8F1EE67A5EE3614F9C75] - [03/10/2016 21:07:31] - |A| - [461312] - C:\WINDOWS\system32\CredProvDataModel.dll [MD5.8F62D1468DB8FB4675C2C560C89B9281] - [04/10/2016 03:14:18] - |A| - [243712] - C:\WINDOWS\system32\credprovhost.dll [MD5.02562A5596A3B437FABC2188C8A700EA] - [04/10/2016 03:14:57] - |A| - [166912] - C:\WINDOWS\system32\credprovslegacy.dll [MD5.9986D7EBBAFF059D84EEA475988B1569] - [04/10/2016 03:13:15] - |A| - [376832] - C:\WINDOWS\system32\CryptoWinRT.dll [MD5.F1E2170B311D75405C53DFDFBDB6DC01] - [03/10/2016 21:07:46] - |A| - [58368] - C:\WINDOWS\system32\csrsrv.dll [MD5.E1913C16CFFA87214FD9BA876117DE77] - [04/10/2016 03:12:57] - |A| - [5611008] - C:\WINDOWS\system32\d2d1.dll [MD5.729D859A5FF0C0C27274992B06CEB2BA] - [03/10/2016 21:07:50] - |A| - [1006080] - C:\WINDOWS\system32\D3D12.dll [MD5.D4E3D58577C7FD66FE71431FDAE992B6] - [04/10/2016 03:12:49] - |A| - [4474368] - C:\WINDOWS\system32\D3DCompiler_47.dll [MD5.8C8591CD7FDFDD27BA2395E6EB4C6316] - [04/10/2016 03:13:21] - |A| - [280064] - C:\WINDOWS\system32\DataExchange.dll [MD5.108530293C21AAC17E8BC4EB6F8E3FFB] - [04/10/2016 03:15:15] - |A| - [462336] - C:\WINDOWS\system32\daxexec.dll [MD5.7B8270ADE3831F59CB0A1FBE2B650E45] - [03/10/2016 21:08:36] - |A| - [5384192] - C:\WINDOWS\system32\dbgeng.dll [MD5.7E430C33D24BC0DC76F56FF459EFA44D] - [03/10/2016 21:08:37] - |A| - [650240] - C:\WINDOWS\system32\DbgModel.dll [MD5.17CA16C7B5AFE34B919D5C86C0E41C5D] - [03/10/2016 21:08:19] - |A| - [289792] - C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll [MD5.08AAAE6D7F7DE043569BE264F87C0A53] - [04/10/2016 03:13:21] - |A| - [90400] - C:\WINDOWS\system32\devenum.dll [MD5.4E3054221246A393DEFCA21DC53C6EBE] - [04/10/2016 03:14:20] - |A| - [329728] - C:\WINDOWS\system32\deviceaccess.dll [MD5.8866B5372DEDC71284EE7B78CC04FABC] - [04/10/2016 03:15:08] - |A| - [268800] - C:\WINDOWS\system32\DeviceCensus.exe [MD5.731AA93CBBD05C7F966979CB5F3D6D96] - [03/10/2016 21:07:50] - |A| - [2083840] - C:\WINDOWS\system32\DeviceFlows.DataModel.dll [MD5.C14012793C3ACA305EF6C8585280E2EC] - [04/10/2016 03:14:33] - |A| - [553312] - C:\WINDOWS\system32\devinv.dll [MD5.E866C3B273EC6AD4F9EB493A8293BDF8] - [04/10/2016 03:12:17] - |A| - [1984512] - C:\WINDOWS\system32\diagtrack.dll [MD5.90E3F3D5CE46DBFBF23F41F172693908] - [04/10/2016 03:11:55] - |A| - [187904] - C:\WINDOWS\system32\dialclient.dll [MD5.3A6DCF83ADC03B5E25CD9B40D2F2FC0C] - [04/10/2016 03:14:29] - |A| - [250368] - C:\WINDOWS\system32\discan.dll [MD5.D4DAA9883E0540792E0FA693A1C55DD5] - [04/10/2016 03:13:10] - |A| - [185344] - C:\WINDOWS\system32\DisplayManager.dll [MD5.5A14B5B990D991E445E8B9F37F972048] - [03/10/2016 21:07:16] - |A| - [295424] - C:\WINDOWS\system32\dlnashext.dll [MD5.09B799F275F275071C4926C016E6E1DC] - [04/10/2016 03:13:14] - |A| - [455168] - C:\WINDOWS\system32\dmenrollengine.dll [MD5.7E2F080D02FE2D426A2D518F9FF13CFE] - [03/10/2016 21:07:51] - |A| - [523712] - C:\WINDOWS\system32\DMRServer.dll [MD5.96B8A433F6407DE34850927C96C6CE9B] - [04/10/2016 03:13:28] - |A| - [646136] - C:\WINDOWS\system32\dnsapi.dll [MD5.731A157FCC3D1913C629A659903CD00C] - [04/10/2016 03:13:41] - |A| - [498960] - C:\WINDOWS\system32\DolbyDecMFT.dll [MD5.1FAD8BB61127B02934C015CF9B159016] - [03/10/2016 21:07:48] - |A| - [323584] - C:\WINDOWS\system32\domgmt.dll [MD5.2A4755DC0F7D3D2ED7D5C10EE85C2658] - [03/10/2016 21:07:49] - |A| - [1232384] - C:\WINDOWS\system32\dosvc.dll [MD5.22D240F8745F0F64C4638E472F30BB7D] - [03/10/2016 21:08:44] - |A| - [471552] - C:\WINDOWS\system32\DscCore.dll [MD5.F46203F56E5E156F1DC712D7A834F23D] - [04/10/2016 03:13:12] - |A| - [480768] - C:\WINDOWS\system32\dsreg.dll [MD5.215A56F35692B2819D5F7721B99B2DCB] - [04/10/2016 03:13:34] - |A| - [686592] - C:\WINDOWS\system32\dsregcmd.exe [MD5.C4DC88BE2140CB670A2AF6572B11D1BB] - [04/10/2016 03:12:04] - |A| - [128864] - C:\WINDOWS\system32\dwmapi.dll [MD5.A202D35D81D24303896611D2E823E9B5] - [03/10/2016 21:07:49] - |A| - [2289664] - C:\WINDOWS\system32\dwmcore.dll [MD5.C8138A3A2AC76EE9C5621F81B66977EE] - [04/10/2016 03:13:32] - |A| - [2476544] - C:\WINDOWS\system32\DWrite.dll [MD5.E02113EEBBD2689486B49F08103C70C8] - [03/10/2016 21:07:51] - |A| - [327168] - C:\WINDOWS\system32\eapp3hst.dll [MD5.D4A0A180E2C1A26F5DE4C3517DE0C414] - [03/10/2016 21:07:51] - |A| - [243200] - C:\WINDOWS\system32\eappcfg.dll [MD5.3D5B06EC01C5772DDB8AB82A769A0D97] - [03/10/2016 21:07:51] - |A| - [105984] - C:\WINDOWS\system32\eappgnui.dll [MD5.B6E61F3A3FFE0CE73446BAE0CEDDFA40] - [03/10/2016 21:07:51] - |A| - [302592] - C:\WINDOWS\system32\eapphost.dll [MD5.6314D8E070122C9FEF0FD9E6C46F8F9C] - [03/10/2016 21:07:51] - |A| - [71168] - C:\WINDOWS\system32\eappprxy.dll [MD5.5D24617DC3937CC787F4BC83BBCE6D37] - [04/10/2016 03:13:15] - |A| - [168960] - C:\WINDOWS\system32\easwrt.dll [MD5.E8AB971BBF9209B6AAB73B479CAD0C08] - [04/10/2016 03:13:49] - |A| - [22566912] - C:\WINDOWS\system32\edgehtml.dll [MD5.0E4A43E73F7E2F899840604C95F4F20A] - [04/10/2016 03:14:33] - |A| - [918848] - C:\WINDOWS\system32\EditionUpgradeManagerObj.dll [MD5.86F79599661F394F0872B16A4C5DDF97] - [04/10/2016 03:15:02] - |A| - [590336] - C:\WINDOWS\system32\efswrt.dll [MD5.D75F3EA1414FED5320A2F79A1BFAB642] - [04/10/2016 03:12:06] - |A| - [1145344] - C:\WINDOWS\system32\EmailApis.dll [MD5.D909A0DA4753420B637608EC0656518F] - [03/10/2016 21:08:26] - |A| - [438784] - C:\WINDOWS\system32\EncDec.dll [MD5.545149D35BFCA000EF5C9B499D1B1474] - [04/10/2016 03:13:08] - |A| - [180224] - C:\WINDOWS\system32\enrollmentapi.dll [MD5.7A45B4DF40230233E929C4C65D99637B] - [04/10/2016 03:13:26] - |A| - [1004032] - C:\WINDOWS\system32\enterprisecsps.dll [MD5.4F9CF843068D4B798704F9C80EDED818] - [03/10/2016 21:07:51] - |A| - [755656] - C:\WINDOWS\system32\evr.dll [MD5.7B3B3E87A3F4657D6D0D2C27EA24940F] - [03/10/2016 21:08:27] - |A| - [263680] - C:\WINDOWS\system32\ExSMime.dll [MD5.AEACA1EC0BFD8B391AA885F84B7547A0] - [03/10/2016 21:08:27] - |A| - [23552] - C:\WINDOWS\system32\ExtrasXmlParser.dll [MD5.0E39F65BAAF5CDB33364AA21B8929EC8] - [04/10/2016 03:13:08] - |A| - [108032] - C:\WINDOWS\system32\Family.Authentication.dll [MD5.58D3CF7B6A81CF339FD79B685E2EC52A] - [04/10/2016 03:13:09] - |A| - [156160] - C:\WINDOWS\system32\Family.Client.dll [MD5.B6D8AC9F86058C0D3E113AB9CE2A6045] - [04/10/2016 03:13:18] - |A| - [259072] - C:\WINDOWS\system32\Family.SyncEngine.dll [MD5.4D67522D166CCF6248E05B4CF3D9B9C1] - [04/10/2016 03:14:13] - |A| - [49664] - C:\WINDOWS\system32\ffbroker.dll [MD5.2E09FABC2AA103221465AA41824C468E] - [04/10/2016 03:14:57] - |A| - [440320] - C:\WINDOWS\system32\fhcfg.dll [MD5.08B4B6F99095070EDAB121137C9E2D8B] - [04/10/2016 03:12:46] - |A| - [1840640] - C:\WINDOWS\system32\FntCache.dll [MD5.0464DED372C0A0A6759B1811E6A2C132] - [04/10/2016 03:12:44] - |A| - [122368] - C:\WINDOWS\system32\FontProvider.dll [MD5.136D6E6AC155A8347E5DC9FE39D3735A] - [04/10/2016 03:14:58] - |A| - [804864] - C:\WINDOWS\system32\FrameServer.dll [MD5.8D914BDAEFF4B543D400F82D4F0EDED1] - [04/10/2016 03:13:34] - |A| - [730112] - C:\WINDOWS\system32\fveapi.dll [MD5.677E316602D6B09DFDBABA04BFDACEED] - [04/10/2016 03:13:29] - |A| - [216576] - C:\WINDOWS\system32\fveapibase.dll [MD5.6022AD4239F695BCE924A06D6038CC4E] - [04/10/2016 03:12:00] - |A| - [329728] - C:\WINDOWS\system32\fvecpl.dll [MD5.F843E23A3C2ECB0F4F2A43F926A5CCC0] - [04/10/2016 03:14:21] - |A| - [171008] - C:\WINDOWS\system32\fvenotify.exe [MD5.1E18B058D4F0D5C3E7F5CFE47A94420B] - [04/10/2016 03:14:25] - |A| - [279040] - C:\WINDOWS\system32\fveui.dll [MD5.9FD020C23D5D9E735C79B301D411394C] - [04/10/2016 03:12:04] - |A| - [796672] - C:\WINDOWS\system32\fvewiz.dll [MD5.BFDF459D728848CF5185E34337266805] - [04/10/2016 03:11:54] - |A| - [775168] - C:\WINDOWS\system32\GamePanel.exe [MD5.47EC861F0FEBDB9B871042284A788F0B] - [04/10/2016 03:13:23] - |A| - [206096] - C:\WINDOWS\system32\gdi32.dll [MD5.4BC39BBF1742D61ABA71F77E128490A1] - [04/10/2016 03:12:12] - |A| - [1572768] - C:\WINDOWS\system32\gdi32full.dll [MD5.6EF2E07E84A1FFE9EC9F4F011F15D86D] - [03/10/2016 21:08:44] - |A| - [1656320] - C:\WINDOWS\system32\GdiPlus.dll [MD5.31D946E3821F704822FDBD32F4A4A4EC] - [04/10/2016 03:14:28] - |A| - [587968] - C:\WINDOWS\system32\generaltel.dll [MD5.E1D9F8088DF40CF7834A665DB1394128] - [04/10/2016 03:12:37] - |A| - [467456] - C:\WINDOWS\system32\Geolocation.dll [MD5.713A176494CEC107E663CAD6C2B27F77] - [04/10/2016 03:14:35] - |A| - [1227264] - C:\WINDOWS\system32\gpsvc.dll [MD5.E946CC81160AA615984969B1D125E842] - [04/10/2016 03:15:12] - |A| - [434528] - C:\WINDOWS\system32\hal.dll [MD5.FC4CEA31278FBD2EE7DDDFDDB8E1EDEF] - [03/10/2016 21:08:45] - |A| - [2183792] - C:\WINDOWS\system32\hevcdecoder.dll [MD5.E7DB055ED7522BCDBEC4ABEEEBE73810] - [04/10/2016 03:12:47] - |A| - [988512] - C:\WINDOWS\system32\hvax64.exe [MD5.0D1F0D00BB3C912C94C2904E4809ABEF] - [04/10/2016 03:12:49] - |A| - [1100128] - C:\WINDOWS\system32\hvix64.exe [MD5.251C189428E8AC6D6A6CC61A3D409994] - [04/10/2016 03:12:46] - |A| - [947552] - C:\WINDOWS\system32\hvloader.efi [MD5.4A96938B80638CFBA2BD9A1650093B3E] - [04/10/2016 03:12:45] - |A| - [811872] - C:\WINDOWS\system32\hvloader.exe [MD5.704609D80666FCB1DAE91260CF2CBB20] - [04/10/2016 03:14:28] - |A| - [305152] - C:\WINDOWS\system32\icsvc.dll [MD5.0F621B52259D88A719AA20C6D04E3D72] - [04/10/2016 03:12:05] - |A| - [349696] - C:\WINDOWS\system32\icsvcext.dll [MD5.69DFAB574E4CD63DC6C8DA14F52E3DF1] - [03/10/2016 21:07:59] - |A| - [115200] - C:\WINDOWS\system32\IdCtrls.dll [MD5.E3D3A23AD03ADC3C54925A43B9722B10] - [03/10/2016 21:08:01] - |A| - [223744] - C:\WINDOWS\system32\ie4uinit.exe [MD5.761D711A1684F94ED4BF813BA12BA12E] - [03/10/2016 21:08:00] - |A| - [1637888] - C:\WINDOWS\system32\ieapfltr.dll [MD5.E280D2BCD0B40F74562BBAEDA08868FA] - [04/10/2016 03:12:36] - |A| - [387584] - C:\WINDOWS\system32\iedkcs32.dll [MD5.36C5FE85FA27C7748E6B1C0D23C1883D] - [04/10/2016 03:13:04] - |A| - [13081088] - C:\WINDOWS\system32\ieframe.dll [MD5.232466190E40375620F391C446153911] - [04/10/2016 03:13:21] - |A| - [690176] - C:\WINDOWS\system32\ieproxy.dll [MD5.3E91E7FFD8C3311F486B3CD24287D1D8] - [04/10/2016 03:13:38] - |A| - [2750384] - C:\WINDOWS\system32\iertutil.dll [MD5.682AE21BED327CD7FCC2E38C07C2D04E] - [04/10/2016 03:13:09] - |A| - [501248] - C:\WINDOWS\system32\imapi2.dll [MD5.6D65E9129CBF98C3E8EC92748BAF6B1E] - [03/10/2016 21:08:00] - |A| - [261120] - C:\WINDOWS\system32\indexeddbserver.dll [MD5.D049BB61B59682BC13784373C43E756D] - [04/10/2016 03:12:40] - |A| - [2095616] - C:\WINDOWS\system32\inetcpl.cpl [MD5.3ED5CD5AAC16C71F48F27A152C488986] - [03/10/2016 21:08:03] - |A| - [2820096] - C:\WINDOWS\system32\InputService.dll [MD5.0E550735893CEA366AA14F1AAB4C8B66] - [04/10/2016 03:14:15] - |A| - [211456] - C:\WINDOWS\system32\InstallAgent.exe [MD5.2C5C98166F96A67F25D5474569D07D2E] - [03/10/2016 21:08:32] - |A| - [259584] - C:\WINDOWS\system32\InstallAgentUserBroker.exe [MD5.31540C866B8BD453E26A97E3CCC0AB7A] - [03/10/2016 21:07:17] - |A| - [303968] - C:\WINDOWS\system32\invagent.dll [MD5.216D1CAB55946DD1AB5A9460534FB8FC] - [03/10/2016 20:42:23] - |A| - [304304] - C:\WINDOWS\system32\iseguard64.dll [MD5.00350F126205876E948A4AA4B5D08AD1] - [03/10/2016 21:08:06] - |A| - [1060352] - C:\WINDOWS\system32\JpMapControl.dll [MD5.127612A7EEDAE57787AAB1ECA9D3E1CE] - [03/10/2016 21:08:21] - |A| - [4747776] - C:\WINDOWS\system32\jscript9.dll [MD5.F787916668CAD51DB1163F3CDAFA29E1] - [03/10/2016 21:08:21] - |A| - [805888] - C:\WINDOWS\system32\jscript9diag.dll [MD5.A81E1560E8D2002E3949B07883E250A0] - [03/10/2016 21:07:59] - |A| - [52224] - C:\WINDOWS\system32\jsproxy.dll [MD5.64BE4A72B2D9251019865EE849F981F6] - [03/10/2016 21:07:11] - |A| - [20320] - C:\WINDOWS\system32\kdhvcom.dll [MD5.4E5A691D828F74BB01A37C77C8F46896] - [03/10/2016 21:08:21] - |A| - [932864] - C:\WINDOWS\system32\kerberos.dll [MD5.E7342F3DFB50ED62429C67398E6C4042] - [04/10/2016 03:13:33] - |A| - [2213248] - C:\WINDOWS\system32\KernelBase.dll [MD5.284FB9A8807C14BC0FD3A60F4BA1F6D3] - [03/10/2016 21:08:26] - |A| - [43008] - C:\WINDOWS\system32\LaunchWinApp.exe [MD5.D58671AC0273F3977656483CC664644D] - [04/10/2016 03:14:46] - |A| - [1292640] - C:\WINDOWS\system32\LicenseManager.dll [MD5.50B62D4F4850954756A72F435C512921] - [04/10/2016 03:14:32] - |A| - [1130496] - C:\WINDOWS\system32\localspl.dll [MD5.63036AE43B673B6C57B999251CD5E8A4] - [03/10/2016 21:08:04] - |A| - [382272] - C:\WINDOWS\system32\LockAppHost.exe [MD5.051AF7615195E187FC4F635FE25358C4] - [04/10/2016 03:15:11] - |A| - [717824] - C:\WINDOWS\system32\LogonController.dll [MD5.78EAF6AFD27154D6DFD21E57D0685F19] - [04/10/2016 03:13:25] - |A| - [218008] - C:\WINDOWS\system32\LsaIso.exe [MD5.07165F8C0100A658CA510A4D97664939] - [04/10/2016 03:15:16] - |A| - [1491968] - C:\WINDOWS\system32\lsasrv.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [03/10/2016 21:08:04] - |A| - [57400] - C:\WINDOWS\system32\lsass.exe [MD5.06276381A0797FD417E7068C1210FA06] - [04/10/2016 03:15:00] - |A| - [691712] - C:\WINDOWS\system32\lsm.dll [MD5.5E5F3E06A07420A2C5D31E66A3EECF76] - [04/10/2016 03:14:31] - |A| - [211968] - C:\WINDOWS\system32\manage-bde.exe [MD5.36970CA9668201F0FEE8F409E43FC159] - [03/10/2016 21:08:06] - |A| - [446464] - C:\WINDOWS\system32\MapConfiguration.dll [MD5.62E11028D11890DC615430ECDEFA0A68] - [03/10/2016 21:08:06] - |A| - [905216] - C:\WINDOWS\system32\MapControlCore.dll [MD5.A2CB862ACA913DAF3B26D40443C18C95] - [03/10/2016 21:08:06] - |A| - [2560] - C:\WINDOWS\system32\MapControlStringsRes.dll [MD5.65C1C36CCC92C0241AD5072BE5692511] - [03/10/2016 21:08:06] - |A| - [2947072] - C:\WINDOWS\system32\MapGeocoder.dll [MD5.ADBAE62EA6497B01ADEED82ACBB2A969] - [03/10/2016 21:08:06] - |A| - [3435008] - C:\WINDOWS\system32\MapRouter.dll [MD5.1FC92CE59786C5B18A536F081551F629] - [03/10/2016 21:08:06] - |A| - [150528] - C:\WINDOWS\system32\MapsBtSvc.dll [MD5.51BC3949AA4D326EA2CB81A209CE8A80] - [03/10/2016 21:08:06] - |A| - [15360] - C:\WINDOWS\system32\MapsBtSvcProxy.dll [MD5.3CE841CC4ACEB503CD643A493A9A71A1] - [03/10/2016 21:08:06] - |A| - [95232] - C:\WINDOWS\system32\MapsCSP.dll [MD5.102732A12AEE82635C0C83797C9A8180] - [03/10/2016 21:08:06] - |A| - [1029632] - C:\WINDOWS\system32\MapsStore.dll [MD5.54D7849E41B05131F28F9F18E60C0B6C] - [03/10/2016 21:08:06] - |A| - [49152] - C:\WINDOWS\system32\mapstoasttask.dll [MD5.7C56370359E42E7ADA21B02D65B6291C] - [03/10/2016 21:08:07] - |A| - [40448] - C:\WINDOWS\system32\mapsupdatetask.dll [MD5.D1D0A6BB482B5B59811A0ECB52413801] - [04/10/2016 03:15:16] - |A| - [845824] - C:\WINDOWS\system32\MbaeApiPublic.dll [MD5.F64D9D9C0620FDC8C758469FD7C07D23] - [04/10/2016 03:15:10] - |A| - [671744] - C:\WINDOWS\system32\mbsmsapi.dll [MD5.24D8BF7FC12018076E3D9C5C9A75DD37] - [04/10/2016 03:14:59] - |A| - [936960] - C:\WINDOWS\system32\MCRecvSrc.dll [MD5.561AE74AEA63C9182749FF3FA8F29424] - [03/10/2016 21:07:51] - |A| - [484352] - C:\WINDOWS\system32\MDEServer.exe [MD5.5B5800C896A4E27BEF4EDD6CE1B51D6A] - [03/10/2016 21:08:22] - |A| - [133632] - C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll [MD5.3E0D2395AD6E1E5608329DB32F061E7B] - [03/10/2016 21:08:08] - |A| - [595488] - C:\WINDOWS\system32\mf.dll [MD5.4018B38B6F7E6DB6B72F3E63154189FA] - [03/10/2016 21:08:05] - |A| - [811416] - C:\WINDOWS\system32\MFCaptureEngine.dll [MD5.630FE130BA93FEE1F22480D97AA1AAA5] - [04/10/2016 03:12:19] - |A| - [4131464] - C:\WINDOWS\system32\mfcore.dll [MD5.E09ED4CA6D106487563E8653A2201E1F] - [04/10/2016 03:13:29] - |A| - [271872] - C:\WINDOWS\system32\mfksproxy.dll [MD5.644AB6105F0166B71D30F4DEF1E87682] - [04/10/2016 03:12:07] - |A| - [3776512] - C:\WINDOWS\system32\MFMediaEngine.dll [MD5.2A26057CEB90257D11B59FD5B846A86C] - [04/10/2016 03:12:03] - |A| - [1990640] - C:\WINDOWS\system32\mfmp4srcsnk.dll [MD5.DCBD829E55AE723ADC574FEF893EBC86] - [04/10/2016 03:12:19] - |A| - [1300600] - C:\WINDOWS\system32\mfmpeg2srcsnk.dll [MD5.0C8C18F6F890D3559972C5107DFAA115] - [04/10/2016 03:12:16] - |A| - [1071728] - C:\WINDOWS\system32\mfnetcore.dll [MD5.A6A6DA69CBF625D829C9A7A4FD5D2827] - [03/10/2016 21:08:09] - |A| - [1453992] - C:\WINDOWS\system32\mfnetsrc.dll [MD5.3FEA1390440B5D8328DE6D74F28408AE] - [04/10/2016 03:12:10] - |A| - [1472536] - C:\WINDOWS\system32\mfplat.dll [MD5.D7CBE48DA8CB26B6A968BA4450010389] - [04/10/2016 03:12:10] - |A| - [862064] - C:\WINDOWS\system32\mfreadwrite.dll [MD5.1889991208109778F16631A309D1FB07] - [04/10/2016 03:15:12] - |A| - [296960] - C:\WINDOWS\system32\mfsensorgroup.dll [MD5.EA81D9AA51249D13B79DA51D729D9B55] - [04/10/2016 03:12:15] - |A| - [1066104] - C:\WINDOWS\system32\mfsvr.dll [MD5.512D1E8943E4622EAF985599711A1035] - [03/10/2016 21:08:07] - |A| - [110080] - C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll [MD5.138A8D7DAE9F4DBEC3D1A80F0F9DC51B] - [03/10/2016 21:08:07] - |A| - [9216] - C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll [MD5.C655B54A03DF0944368EE274A6EDB3B8] - [03/10/2016 21:08:07] - |A| - [9728] - C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll [MD5.01787CDCF3EE263FE288A9D405FEC856] - [04/10/2016 03:15:02] - |A| - [1105408] - C:\WINDOWS\system32\MiracastReceiver.dll [MD5.7BFB3310D5AEC25E893DB7506EA45F90] - [04/10/2016 03:13:42] - |A| - [3288064] - C:\WINDOWS\system32\mispace.dll [MD5.558DB459564A8330F04EC9EB9C7AD6C0] - [04/10/2016 03:14:42] - |A| - [960000] - C:\WINDOWS\system32\modernexecserver.dll [MD5.CCDF9A041D4DBAE87B2BB750C89B982E] - [03/10/2016 21:08:07] - |A| - [7654912] - C:\WINDOWS\system32\mos.dll [MD5.ED5B42D75F3DEE93040B3930DA9F3009] - [03/10/2016 21:08:07] - |A| - [77312] - C:\WINDOWS\system32\moshost.dll [MD5.AA5EE98CE729DB181B789CFBCFFA78EA] - [03/10/2016 21:08:07] - |A| - [78848] - C:\WINDOWS\system32\MosHostClient.dll [MD5.8C269C9B1A5EA49B92E2057F0BDC0180] - [03/10/2016 21:08:07] - |A| - [313856] - C:\WINDOWS\system32\moshostcore.dll [MD5.BCE92B3274515F014920690F44B67767] - [03/10/2016 21:08:07] - |A| - [409088] - C:\WINDOWS\system32\MosResource.dll [MD5.D06617FC96D8B0581E902795A5AAC160] - [03/10/2016 21:08:07] - |A| - [88064] - C:\WINDOWS\system32\MosStorage.dll [MD5.DD9328C2025498C73EF628F050C12F27] - [04/10/2016 03:13:27] - |A| - [512000] - C:\WINDOWS\system32\mprapi.dll [MD5.4F4B012722E634AFD4A282A730130AAB] - [04/10/2016 03:12:43] - |A| - [857600] - C:\WINDOWS\system32\mprddm.dll [MD5.13F6B64235C60167052364BF7D99E4CA] - [04/10/2016 03:15:13] - |A| - [496128] - C:\WINDOWS\system32\mprdim.dll [MD5.EB70BCAE115DE9A94BC7A0D1E548503D] - [04/10/2016 03:12:31] - |A| - [228352] - C:\WINDOWS\system32\MSAC3ENC.DLL [MD5.92C741014DA532BAEC1CDDBCF8705B5E] - [03/10/2016 21:07:19] - |A| - [3116544] - C:\WINDOWS\system32\MSAJApi.dll [MD5.899A520E5B6B8631DF6863BBD33A4264] - [04/10/2016 03:14:50] - |A| - [512416] - C:\WINDOWS\system32\MSAudDecMFT.dll [MD5.476E0A2CCADFEC3805F3DD129778552F] - [04/10/2016 03:12:25] - |A| - [1418304] - C:\WINDOWS\system32\msctf.dll [MD5.56011121696D83905A5054AEEC026E94] - [04/10/2016 03:12:42] - |A| - [1589248] - C:\WINDOWS\system32\msdtctm.dll [MD5.64245A85E4E6D29143B3A256908DE06C] - [03/10/2016 21:08:00] - |A| - [758784] - C:\WINDOWS\system32\msfeeds.dll [MD5.A71894760975865B3C5C8850A8CBCB6F] - [04/10/2016 03:13:33] - |A| - [3202048] - C:\WINDOWS\system32\msftedit.dll [MD5.8B9A6A165A92486C07B9F554CF37974B] - [04/10/2016 03:13:53] - |A| - [23680512] - C:\WINDOWS\system32\mshtml.dll [MD5.A60CAE46657189DAE840AA3BABF4240C] - [03/10/2016 21:08:00] - |A| - [2755584] - C:\WINDOWS\system32\mshtml.tlb [MD5.45D020AB611938B2657BAFC6B69369CC] - [03/10/2016 21:08:00] - |A| - [88576] - C:\WINDOWS\system32\mshtmled.dll [MD5.51AB18D662F77FBD559C5081F7CDC9C7] - [03/10/2016 21:08:11] - |A| - [2481768] - C:\WINDOWS\system32\msmpeg2vdec.dll [MD5.EA4853F0512A7F39A4FFF28148A28228] - [04/10/2016 03:13:11] - |A| - [6664192] - C:\WINDOWS\system32\mspaint.exe [MD5.D6385441483A1797D5A44DBF0976C3D4] - [04/10/2016 03:15:00] - |A| - [123904] - C:\WINDOWS\system32\mssprxy.dll [MD5.267D8909F09C0602EDBBB05CB83DA7DE] - [04/10/2016 03:15:21] - |A| - [2538496] - C:\WINDOWS\system32\mssrch.dll [MD5.4363ECA0BE56C43B19D4150F9B12248D] - [03/10/2016 21:08:25] - |A| - [3299328] - C:\WINDOWS\system32\mstsc.exe [MD5.7ADDB2CBF239DC716CC6353F09A846C1] - [04/10/2016 03:12:54] - |A| - [8075264] - C:\WINDOWS\system32\mstscax.dll [MD5.063963975B05544B787594D127AB9A97] - [04/10/2016 03:14:32] - |A| - [404832] - C:\WINDOWS\system32\msv1_0.dll [MD5.42D6CF19DD2D1706F49C81AA552C4E94] - [04/10/2016 03:12:06] - |A| - [725664] - C:\WINDOWS\system32\MSVideoDSP.dll [MD5.B8B2347EDEA711D8E945EB8BB6D8D342] - [04/10/2016 03:14:13] - |A| - [1291264] - C:\WINDOWS\system32\MSVPXENC.dll [MD5.2A9E92E7043B2E7D3AE4A60EBDDD425B] - [04/10/2016 03:13:31] - |A| - [2446704] - C:\WINDOWS\system32\msxml6.dll [MD5.6146F7C1804A477B0AD016A70DDBEBAE] - [03/10/2016 21:08:12] - |A| - [2560] - C:\WINDOWS\system32\msxml6r.dll [MD5.3726EF4008DFFB6258778D975AA8C890] - [03/10/2016 21:08:07] - |A| - [25088] - C:\WINDOWS\system32\nativemap.dll [MD5.FD144051CA5ECD79D1DF37683266A1C2] - [04/10/2016 03:12:31] - |A| - [1040896] - C:\WINDOWS\system32\NaturalLanguage6.dll [MD5.F7A02A7308F58D3476AE35E5D67D1697] - [04/10/2016 03:14:58] - |A| - [2800128] - C:\WINDOWS\system32\netshell.dll [MD5.850992AF7A24E30F9E42BF26243935AB] - [04/10/2016 03:15:16] - |A| - [1037312] - C:\WINDOWS\system32\nettrace.dll [MD5.7901B4C512F2221E310ED5F1D4471E8C] - [04/10/2016 03:12:52] - |A| - [671232] - C:\WINDOWS\system32\NetworkCollectionAgent.dll [MD5.46CCDDAB599D4F8442A4DCE0A8A2AB3F] - [03/10/2016 21:08:20] - |A| - [2510848] - C:\WINDOWS\system32\NetworkMobileSettings.dll [MD5.5E72192C698748993FBDD9A43104CEEF] - [04/10/2016 03:14:57] - |A| - [321024] - C:\WINDOWS\system32\NetworkUXBroker.dll [MD5.18C3A4597089DE493B179CF37A9414A0] - [04/10/2016 03:14:27] - |A| - [51200] - C:\WINDOWS\system32\NfcRadioMedia.dll [MD5.A0C4869E805A1610A7EB58FC51E974F1] - [04/10/2016 03:13:18] - |A| - [640000] - C:\WINDOWS\system32\ngccredprov.dll [MD5.074798FBC9CCAF414196D15281FB402D] - [04/10/2016 03:13:09] - |A| - [408576] - C:\WINDOWS\system32\NgcCtnr.dll [MD5.101451B1BC1C1F7E7B5C8CB8C4DAF5C7] - [04/10/2016 03:13:10] - |A| - [573952] - C:\WINDOWS\system32\NgcCtnrGidsHandler.dll [MD5.A5A60483329D5A48A795DD614DE67585] - [04/10/2016 03:13:30] - |A| - [983040] - C:\WINDOWS\system32\ngcsvc.dll [MD5.8B56CEBE7DECE2C9C2E419CA0B22611F] - [04/10/2016 03:13:23] - |A| - [492544] - C:\WINDOWS\system32\nltest.exe [MD5.86B3A2029E6271039E6BE17FB9379570] - [03/10/2016 21:08:07] - |A| - [936448] - C:\WINDOWS\system32\NMAA.dll [MD5.1E619B8774710B2603C7E4666947AA65] - [03/10/2016 21:08:07] - |A| - [366592] - C:\WINDOWS\system32\NmaDirect.dll [MD5.848523D03450893CF609F127EB9C7A2A] - [04/10/2016 03:14:33] - |A| - [631296] - C:\WINDOWS\system32\NotificationController.dll [MD5.B5E346A9B8A4C2DF249CE17D8754DCF1] - [04/10/2016 03:15:08] - |A| - [730112] - C:\WINDOWS\system32\nshwfp.dll [MD5.10BFF36C7A591BBDEB0184F1072BA3DE] - [04/10/2016 03:12:44] - |A| - [1883784] - C:\WINDOWS\system32\ntdll.dll [MD5.EAAE501B33FBD6B5D2DA403FCDB31BD3] - [04/10/2016 03:15:20] - |A| - [7812960] - C:\WINDOWS\system32\ntoskrnl.exe [MD5.9C10BA91BEDCF39E459C43938E53980F] - [04/10/2016 03:11:53] - |A| - [30208] - C:\WINDOWS\system32\odbcconf.dll [MD5.63437B53CFE390C962994F2FC12DDE6E] - [04/10/2016 03:15:12] - |A| - [237056] - C:\WINDOWS\system32\offlinesam.dll [MD5.B806307A60DFB681EF841DDC8B298C4D] - [03/10/2016 21:07:42] - |A| - [1274712] - C:\WINDOWS\system32\ole32.dll [MD5.4953EA5B815BA55C8E114FFDFF08B119] - [03/10/2016 21:08:13] - |A| - [773200] - C:\WINDOWS\system32\oleaut32.dll [MD5.5A426D9B8C437A4AE96ACA2D0B2077B2] - [04/10/2016 03:13:18] - |A| - [368640] - C:\WINDOWS\system32\OneBackupHandler.dll [MD5.F4F0BF823CC5E817BA22A290AC1C7CDB] - [03/10/2016 21:08:22] - |A| - [526848] - C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll [MD5.7168BED02D5BC6E28412CCC354947510] - [04/10/2016 03:14:30] - |A| - [295936] - C:\WINDOWS\system32\pdh.dll [MD5.B07ECD0CDCA2328AB8050FC3EF3B172C] - [03/10/2016 21:08:25] - |A| - [678912] - C:\WINDOWS\system32\PhoneProviders.dll [MD5.D0D57322ABC7473E54472D8374169CC5] - [03/10/2016 21:08:26] - |A| - [781824] - C:\WINDOWS\system32\PhoneService.dll [MD5.F73F93BEF14F667DD3020D188C19D3D3] - [03/10/2016 21:08:26] - |A| - [2560] - C:\WINDOWS\system32\PhoneServiceRes.dll [MD5.B6D1C3A260C55CCE398B6FF9EC0FBA68] - [03/10/2016 21:08:26] - |A| - [315904] - C:\WINDOWS\system32\Phoneutil.dll [MD5.F539E9DA822B8F2D6B42ABBAF063D11E] - [03/10/2016 21:08:26] - |A| - [2560] - C:\WINDOWS\system32\PhoneutilRes.dll [MD5.B4AB2C0177715FFAED88A1223212043A] - [04/10/2016 03:11:55] - |A| - [203776] - C:\WINDOWS\system32\PimIndexMaintenance.dll [MD5.00CEFC9E97CE483DC706FFC9A5809EF6] - [04/10/2016 03:11:57] - |A| - [442368] - C:\WINDOWS\system32\PlayToDevice.dll [MD5.C721DD51B73F84ADB51EBEACECE59E84] - [04/10/2016 03:12:01] - |A| - [538624] - C:\WINDOWS\system32\PlayToManager.dll [MD5.3EC99D79D646A7819F557B93E6BA2C03] - [04/10/2016 03:14:17] - |A| - [279552] - C:\WINDOWS\system32\PlayToReceiver.dll [MD5.6DC285761193CDDA2CC55E7BFEA0F5D0] - [03/10/2016 21:08:15] - |A| - [1891328] - C:\WINDOWS\system32\pnidui.dll [MD5.ABDEFBFA05C3BD84A10EC7A7FB1DA597] - [03/10/2016 21:08:27] - |A| - [65024] - C:\WINDOWS\system32\POSyncServices.dll [MD5.6761EC8C3C7E1548B4806402152AADED] - [04/10/2016 03:14:17] - |A| - [132096] - C:\WINDOWS\system32\PrintWSDAHost.dll [MD5.1F115AF75EFBAC28479B4F94A3F8D4A3] - [04/10/2016 03:15:07] - |A| - [358400] - C:\WINDOWS\system32\profsvc.dll [MD5.37AE763690826DE44C19360E71C7D32F] - [03/10/2016 21:08:16] - |A| - [349184] - C:\WINDOWS\system32\provengine.dll [MD5.E95A85734483272959E83CDCCCDD9B90] - [04/10/2016 03:12:50] - |A| - [208896] - C:\WINDOWS\system32\provops.dll [MD5.A930C3B99C6B3322449FEF7A3C3F5F9A] - [04/10/2016 03:13:12] - |A| - [322048] - C:\WINDOWS\system32\PsmServiceExtHost.dll [MD5.344576F2EBA8B564924D480B04A13456] - [04/10/2016 03:14:57] - |A| - [456192] - C:\WINDOWS\system32\puiobj.dll [MD5.190CBFF97F393540EF4838EC976E8AD8] - [04/10/2016 03:12:00] - |A| - [90624] - C:\WINDOWS\system32\pwrshplugin.dll [MD5.8B7A9CCCB695444CBCDF352DF8748422] - [04/10/2016 03:12:04] - |A| - [645120] - C:\WINDOWS\system32\qedit.dll [MD5.BFDCC935236AAEBA39CD3DE9BC2F73DA] - [04/10/2016 03:13:39] - |A| - [1053184] - C:\WINDOWS\system32\qmgr.dll [MD5.AE2A643651EDD2853FB0F832D4BDFC91] - [04/10/2016 03:13:29] - |A| - [347648] - C:\WINDOWS\system32\rascustom.dll [MD5.3C0A10FFC3CB95D249CA64D62BC912EF] - [04/10/2016 03:13:20] - |A| - [648192] - C:\WINDOWS\system32\rasmans.dll [MD5.1E9B4FCA29395AF5079042145FF51470] - [03/10/2016 21:08:16] - |A| - [4148224] - C:\WINDOWS\system32\rdpcorets.dll [MD5.75F9326557A12ADA430FC1ABFEDA5F79] - [04/10/2016 03:15:07] - |A| - [92512] - C:\WINDOWS\system32\rdpudd.dll [MD5.FA62C4E1D753B489832DD0A7033665EE] - [04/10/2016 03:15:06] - |A| - [650752] - C:\WINDOWS\system32\RDXService.dll [MD5.CC03DA769F85909EF21F709A8673D683] - [04/10/2016 03:14:26] - |A| - [366080] - C:\WINDOWS\system32\RDXTaskFactory.dll [MD5.5F85A4820C33842B356D96D7EE82230D] - [04/10/2016 03:14:28] - |A| - [1117024] - C:\WINDOWS\system32\ReAgent.dll [MD5.4A9FCD5DED6580C05CD21C4AEFAD36B1] - [04/10/2016 03:13:20] - |A| - [156672] - C:\WINDOWS\system32\RelPost.exe [MD5.BB2645420933FA55C020BC2D23E3A85E] - [04/10/2016 03:14:33] - |A| - [1082368] - C:\WINDOWS\system32\reseteng.dll [MD5.1A8141D43CDB23C3C76984DC9ED8DB6C] - [04/10/2016 03:14:42] - |A| - [1817088] - C:\WINDOWS\system32\ResetEngine.dll [MD5.035087546E5EFC28361F2318A27A47B4] - [04/10/2016 03:14:21] - |A| - [374784] - C:\WINDOWS\system32\resutils.dll [MD5.5DAA644F17780FC4E3F4820A46D38FEC] - [04/10/2016 03:13:28] - |A| - [140800] - C:\WINDOWS\system32\RMapi.dll [MD5.AA0C8470DB94853FCE9738354B1B4D72] - [04/10/2016 03:11:55] - |A| - [128000] - C:\WINDOWS\system32\rshx32.dll [MD5.F4133CC0DA6212D9BA4E1CB2323F1310] - [04/10/2016 03:14:19] - |A| - [458752] - C:\WINDOWS\system32\RTMediaFrame.dll [MD5.876580619AC09C460BFBDE479C85BA46] - [04/10/2016 03:15:14] - |A| - [883712] - C:\WINDOWS\system32\samsrv.dll [MD5.BBF4C59CEED3F1A4A25EAC72CA71AA7F] - [04/10/2016 03:11:58] - |A| - [966144] - C:\WINDOWS\system32\sbe.dll [MD5.DA7928F262B8D6F785E9E0F8438DB0C8] - [04/10/2016 03:15:08] - |A| - [390144] - C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll [MD5.FD570747DA6093A0865317EB1A9A4C47] - [04/10/2016 03:15:06] - |A| - [205824] - C:\WINDOWS\system32\SearchFilterHost.exe [MD5.A46C9F2E70128121413E5EDDEB831012] - [04/10/2016 03:15:14] - |A| - [903680] - C:\WINDOWS\system32\SearchIndexer.exe [MD5.FDB2D414D895B2C32B2423E047A80C46] - [04/10/2016 03:15:10] - |A| - [349184] - C:\WINDOWS\system32\SearchProtocolHost.exe [MD5.8D07A8388DCCE76F09A4E1F4C1DCB4E5] - [04/10/2016 03:15:17] - |A| - [1000288] - C:\WINDOWS\system32\SecConfig.efi [MD5.ABD9641B376E5AD307E37AD1B511AB00] - [04/10/2016 03:15:07] - |A| - [455520] - C:\WINDOWS\system32\securekernel.exe [MD5.F48535714BED7DD784853889B4594B26] - [04/10/2016 03:14:25] - |A| - [70656] - C:\WINDOWS\system32\Sens.dll [MD5.2B4E090D06C60853C5C00CF255F9E02A] - [03/10/2016 21:08:22] - |A| - [1312768] - C:\WINDOWS\system32\SensorDataService.exe [MD5.5CA9A710B1E6C65CEB11D3A7F0BA8510] - [04/10/2016 03:12:44] - |A| - [411648] - C:\WINDOWS\system32\SensorsApi.dll [MD5.C09A42163878A082C3F0D0A3DFE95714] - [04/10/2016 03:14:34] - |A| - [417792] - C:\WINDOWS\system32\SensorService.dll [MD5.82CF273F0E8F243789683DEB40757569] - [04/10/2016 03:15:12] - |A| - [387072] - C:\WINDOWS\system32\SessEnv.dll [MD5.86C62045B7C3BF027F59040C18A2A7D8] - [03/10/2016 21:08:20] - |A| - [509952] - C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll [MD5.36EFBD600E8FB5549F1B94BD84A23A94] - [04/10/2016 03:13:09] - |A| - [234496] - C:\WINDOWS\system32\SettingsHandlers_Flights.dll [MD5.805D0EC01A82A5F023F070A5D4B7E981] - [04/10/2016 03:13:51] - |A| - [4749312] - C:\WINDOWS\system32\SettingsHandlers_nt.dll [MD5.F3D957A6E524592C3482E1FC2DBCB18D] - [03/10/2016 21:08:23] - |A| - [540160] - C:\WINDOWS\system32\SettingSync.dll [MD5.B3DEE8AD2A53818CDC47F2060F744E25] - [03/10/2016 21:08:22] - |A| - [1062912] - C:\WINDOWS\system32\SettingSyncCore.dll [MD5.36D5B4C6107F695E3DF767F4510F425C] - [03/10/2016 21:08:22] - |A| - [584544] - C:\WINDOWS\system32\SettingSyncHost.exe [MD5.A97FE5B437504DD890F30EFE2F8598BB] - [04/10/2016 03:13:17] - |A| - [125952] - C:\WINDOWS\system32\setupugc.exe [MD5.582FDDA54866BB23C1675341CD80A0A2] - [04/10/2016 03:13:36] - |A| - [1361408] - C:\WINDOWS\system32\SharedStartModel.dll [MD5.B04E630A7318B2B71FB6F2DFF0588172] - [04/10/2016 03:14:28] - |A| - [716800] - C:\WINDOWS\system32\ShareHost.dll [MD5.E9015AAE4BF97656ECC6931718BAFE17] - [04/10/2016 03:12:24] - |A| - [22219328] - C:\WINDOWS\system32\shell32.dll [MD5.1F32156F2C7C3842C91DC2C13F5D94C0] - [03/10/2016 21:08:23] - |A| - [231424] - C:\WINDOWS\system32\shutdownux.dll [MD5.610F800CAFD26F05BB8F9FFBF184E3EB] - [04/10/2016 03:12:05] - |A| - [169056] - C:\WINDOWS\system32\skci.dll [MD5.D233EAE2A9D48485321816486ED635EF] - [04/10/2016 03:13:08] - |A| - [23552] - C:\WINDOWS\system32\smphost.dll [MD5.4A8EE2A88953D8D38F2B806908AE50E0] - [04/10/2016 03:12:02] - |A| - [432640] - C:\WINDOWS\system32\SndVolSSO.dll [MD5.4D46291324AE1C7B53B83B2FFB899DC3] - [04/10/2016 03:14:31] - |A| - [130560] - C:\WINDOWS\system32\SpaceAgent.exe [MD5.7FF21D471CF407AC48AE387CA6A1D0D2] - [04/10/2016 03:14:32] - |A| - [627200] - C:\WINDOWS\system32\SpaceControl.dll [MD5.F531526D51EBB96A08911C79D6377E64] - [04/10/2016 03:13:42] - |A| - [35328] - C:\WINDOWS\system32\spaceman.exe [MD5.E9FBF181DC305FCEEF42BFCCA001893D] - [04/10/2016 03:15:14] - |A| - [1535488] - C:\WINDOWS\system32\SpeechPal.dll [MD5.63F12E1361F06E5395EDABB587CE093A] - [04/10/2016 03:14:38] - |A| - [788992] - C:\WINDOWS\system32\spoolsv.exe [MD5.F0F615E0E416DBD05DC8C0A499052608] - [04/10/2016 03:14:30] - |A| - [538112] - C:\WINDOWS\system32\sppcext.dll [MD5.DE750B2FDCB53E8834B1295A07F9B22F] - [04/10/2016 03:14:49] - |A| - [1600632] - C:\WINDOWS\system32\sppobjs.dll [MD5.3DFC1881AEE1C606333E9E82B4343C79] - [04/10/2016 03:14:55] - |A| - [5622088] - C:\WINDOWS\system32\sppsvc.exe [MD5.5EBD40DB0F9BBF749B7D662DC61967B2] - [04/10/2016 03:14:37] - |A| - [773168] - C:\WINDOWS\system32\sppwinob.dll [MD5.E3BAD602586FAB4B9F66313063B3F99D] - [03/10/2016 21:08:04] - |A| - [172528] - C:\WINDOWS\system32\sspicli.dll [MD5.DC714BE3C7020F761CE02AA42712C0B3] - [04/10/2016 03:13:41] - |A| - [2860032] - C:\WINDOWS\system32\storagewmi.dll [MD5.A4C06F97B5B9170588935C482BB6D3EA] - [04/10/2016 03:14:20] - |A| - [743424] - C:\WINDOWS\system32\StoreAgent.dll [MD5.7594864D793660B483A8C0961EA6B858] - [04/10/2016 03:13:09] - |A| - [634368] - C:\WINDOWS\system32\StructuredQuery.dll [MD5.2F7EA7EFF4F12E899DB2307AA7A0AF8A] - [04/10/2016 03:13:19] - |A| - [310784] - C:\WINDOWS\system32\SyncSettings.dll [MD5.C512708C0558E9C668E677301560877E] - [04/10/2016 03:14:28] - |A| - [354264] - C:\WINDOWS\system32\systemreset.exe [MD5.12374028713EAC8C2746C6FE518FFCE9] - [04/10/2016 03:15:10] - |A| - [175616] - C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll [MD5.454E29C1A273EA41E14F062AF586057F] - [04/10/2016 03:14:26] - |A| - [360040] - C:\WINDOWS\system32\SystemSettingsAdminFlows.exe [MD5.D0F82A43D9CD0FF1D8EE77D5C5602832] - [03/10/2016 21:08:19] - |A| - [2852864] - C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll [MD5.CA3001B4B80E1F1A2D345A5D01676890] - [04/10/2016 03:14:36] - |A| - [680448] - C:\WINDOWS\system32\tdh.dll [MD5.A07903E282010196D98E8D280A43A24E] - [04/10/2016 03:12:10] - |A| - [875520] - C:\WINDOWS\system32\TokenBroker.dll [MD5.46C84924542A3FDEB68A435BE6129E75] - [04/10/2016 03:12:03] - |A| - [531456] - C:\WINDOWS\system32\TpmCoreProvisioning.dll [MD5.207052CB01E914B291AC5A212F87FEFF] - [04/10/2016 03:15:19] - |A| - [3405824] - C:\WINDOWS\system32\tquery.dll [MD5.9F09DBCBA51949C10EDD91D1102591DC] - [04/10/2016 03:12:34] - |A| - [998912] - C:\WINDOWS\system32\TSWorkspace.dll [MD5.288FDF8ADB9921FD784ED4B1F846CFFA] - [04/10/2016 03:13:38] - |A| - [1157000] - C:\WINDOWS\system32\twinapi.appcore.dll [MD5.096BC26E7B66E610EFD455A6A5C0F87E] - [04/10/2016 03:13:25] - |A| - [971264] - C:\WINDOWS\system32\twinui.appcore.dll [MD5.7DD873EFF2D0CA71F1E60B131FA348C5] - [04/10/2016 03:13:50] - |A| - [9129984] - C:\WINDOWS\system32\twinui.dll [MD5.F723552F65D44FE693DB1A383825B3A8] - [03/10/2016 21:07:17] - |A| - [95232] - C:\WINDOWS\system32\tzautoupdate.dll [MD5.C11126DCD217F5213CED85E7D990B5AB] - [03/10/2016 21:07:57] - |A| - [2560] - C:\WINDOWS\system32\tzres.dll [MD5.C2E28727C477ACAF394F69EE6BF0F301] - [04/10/2016 03:13:16] - |A| - [1710080] - C:\WINDOWS\system32\UIAutomationCore.dll [MD5.43AB902EE68F5FDF6FF6BC20C383D21F] - [04/10/2016 03:11:53] - |A| - [584192] - C:\WINDOWS\system32\UIRibbonRes.dll [MD5.8A0775232E1BC52EA49DC682CB279415] - [04/10/2016 03:12:31] - |A| - [295424] - C:\WINDOWS\system32\unimdm.tsp [MD5.6F190B115FBAD4D268148E549BC41428] - [04/10/2016 03:13:31] - |A| - [628736] - C:\WINDOWS\system32\uReFS.dll [MD5.1C9342201B5363946F622B72B530DF42] - [04/10/2016 03:13:39] - |A| - [1779712] - C:\WINDOWS\system32\urlmon.dll [MD5.85B548343071325CAE75847E3E5DEE5D] - [04/10/2016 03:15:15] - |A| - [324608] - C:\WINDOWS\system32\usbmon.dll [MD5.D5D6826EA81C3089EE79BB701820D1B3] - [03/10/2016 21:08:32] - |A| - [1359360] - C:\WINDOWS\system32\usercpl.dll [MD5.9E78D7CF1E781E9A3E8F3434E6EDF49E] - [03/10/2016 21:08:27] - |A| - [8192] - C:\WINDOWS\system32\UserDataAccessRes.dll [MD5.AA614E179022050A89FED112EFAF03E8] - [03/10/2016 21:08:27] - |A| - [44032] - C:\WINDOWS\system32\UserDataLanguageUtil.dll [MD5.8C59437748797591C59F709EEFD087C6] - [03/10/2016 21:08:27] - |A| - [64512] - C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll [MD5.4887704D6548C768D9C3D9DFF397947D] - [04/10/2016 03:12:01] - |A| - [118784] - C:\WINDOWS\system32\UserDataTimeUtil.dll [MD5.50469D6A7AA765EAB8E758F4DFBBD011] - [03/10/2016 21:08:27] - |A| - [45568] - C:\WINDOWS\system32\UserDataTypeHelperUtil.dll [MD5.EF7991A68FE884E48D525F8F551517C7] - [04/10/2016 03:13:10] - |A| - [196096] - C:\WINDOWS\system32\UserDeviceRegistration.dll [MD5.1999D852A6818920C3F6AD87EF1AFA33] - [04/10/2016 03:13:12] - |A| - [101888] - C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll [MD5.AA24C61D88E36BA1144072227922173D] - [04/10/2016 03:13:20] - |A| - [1020928] - C:\WINDOWS\system32\usermgr.dll [MD5.4FA75E7B191C94B8A3E6E188C3EBDC1E] - [04/10/2016 03:13:12] - |A| - [268800] - C:\WINDOWS\system32\UserMgrProxy.dll [MD5.BDF29C72FE1EE3AFC138186261503B0C] - [03/10/2016 21:08:21] - |A| - [590848] - C:\WINDOWS\system32\vbscript.dll [MD5.4AD49C57D4EBF99E94A17419F874FD8A] - [03/10/2016 21:08:27] - |A| - [187904] - C:\WINDOWS\system32\VCardParser.dll [MD5.DA983A338551065286A2D4631AB3DD78] - [04/10/2016 03:12:05] - |A| - [427008] - C:\WINDOWS\system32\vmrdvcore.dll [MD5.FF6ADEA5D3F3CE53EC174901842C27D6] - [04/10/2016 03:14:23] - |A| - [105984] - C:\WINDOWS\system32\VPNv2CSP.dll [MD5.8F657F25211D7D95E258FBBCD13CCC31] - [04/10/2016 03:15:13] - |A| - [327680] - C:\WINDOWS\system32\wc_storage.dll [MD5.3ABA3E1E15D6C9321BCD3B76765462D0] - [04/10/2016 03:13:14] - |A| - [963584] - C:\WINDOWS\system32\WebcamUi.dll [MD5.DA91DCED65091DDD6240F02214E09050] - [04/10/2016 03:15:11] - |A| - [560640] - C:\WINDOWS\system32\webio.dll [MD5.7188CC9F62B0F140922EBA599BCF518D] - [04/10/2016 03:13:36] - |A| - [1709056] - C:\WINDOWS\system32\wevtsvc.dll [MD5.C62578B495990431FB1C3A01DE66EE2A] - [03/10/2016 21:08:37] - |A| - [137728] - C:\WINDOWS\system32\wificonnapi.dll [MD5.61C1E2E2F4F4ECC08C7CEF7A8042CA24] - [03/10/2016 21:08:37] - |A| - [1349120] - C:\WINDOWS\system32\wifinetworkmanager.dll [MD5.940D27811B8613CF0DE102546E38E520] - [03/10/2016 21:08:37] - |A| - [423776] - C:\WINDOWS\system32\wifitask.exe [MD5.3CF052C22F34174BE783DAF2F3A81D8A] - [03/10/2016 21:08:37] - |A| - [210944] - C:\WINDOWS\system32\win32k.sys [MD5.DFE63AFB3AB12374D6C12B0BB8B6EE54] - [04/10/2016 03:12:27] - |A| - [3617792] - C:\WINDOWS\system32\win32kfull.sys [MD5.8288990E24CD357EA8A06265CE148B6A] - [04/10/2016 03:14:31] - |A| - [832512] - C:\WINDOWS\system32\win32spl.dll [MD5.0482CFC6D06935953519340A0D360329] - [03/10/2016 21:08:37] - |A| - [114192] - C:\WINDOWS\system32\win32u.dll [MD5.43ED68085CC11AB7B04A33AF87B25655] - [04/10/2016 03:14:29] - |A| - [896512] - C:\WINDOWS\system32\Windows.AccountsControl.dll [MD5.30A4C80008169E0CE2BA1436C9AC5FE5] - [04/10/2016 03:12:37] - |A| - [114688] - C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll [MD5.D870D75BBFA03E0C60453EF4578E3BF8] - [04/10/2016 03:12:34] - |A| - [358912] - C:\WINDOWS\system32\Windows.ApplicationModel.dll [MD5.7DF606FE81782DF9346EFC6D43127964] - [04/10/2016 03:12:33] - |A| - [324608] - C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll [MD5.6CA86CCD28D2762F95AD67AD15612473] - [04/10/2016 03:14:41] - |A| - [1859264] - C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll [MD5.44121E45D5CEB8CB47472A097402CA13] - [03/10/2016 21:08:24] - |A| - [320000] - C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll [MD5.8EA2499D6E19EEB839743C673CECF7BD] - [04/10/2016 03:14:19] - |A| - [561664] - C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll [MD5.E74143CBE0A2E3D58FE2D9E050724D46] - [04/10/2016 03:15:01] - |A| - [431616] - C:\WINDOWS\system32\Windows.Cortana.Desktop.dll [MD5.FD7AA9952C13AE05085B4BDCAEBD3075] - [04/10/2016 03:14:45] - |A| - [7219200] - C:\WINDOWS\system32\Windows.Data.Pdf.dll [MD5.DD0DD05D5802ECCF13AACC850E0BE24C] - [04/10/2016 03:12:36] - |A| - [651264] - C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll [MD5.F3EBB0888080EA46AB799C170B496BF7] - [04/10/2016 03:12:52] - |A| - [1275392] - C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll [MD5.638726E0678BE3D7E6DCB35979D2720E] - [04/10/2016 03:13:14] - |A| - [279552] - C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll [MD5.E3A0175FF4E72E30DC7A119CE7EA626D] - [04/10/2016 03:13:13] - |A| - [568320] - C:\WINDOWS\system32\Windows.Devices.LowLevel.dll [MD5.B6CF321927474D3DD66B4327DE0FDA65] - [04/10/2016 03:12:35] - |A| - [460800] - C:\WINDOWS\system32\Windows.Devices.Midi.dll [MD5.5D50C23273ECDD2D88B5230E920478FA] - [04/10/2016 03:13:17] - |A| - [2424320] - C:\WINDOWS\system32\Windows.Devices.Perception.dll [MD5.4820547167E09AB8789B3BEE732F2E78] - [04/10/2016 03:15:00] - |A| - [337408] - C:\WINDOWS\system32\Windows.Devices.Picker.dll [MD5.EB768593C4BBCCC8A70AE0B9A6F7CDB7] - [04/10/2016 03:14:28] - |A| - [949248] - C:\WINDOWS\system32\Windows.Devices.PointOfService.dll [MD5.D3C0E70622CF6BFCC098E12581684FED] - [04/10/2016 03:14:57] - |A| - [90624] - C:\WINDOWS\system32\Windows.Devices.Printers.dll [MD5.2D93C1B3A7743D6F685DB4E7C04E626B] - [04/10/2016 03:14:18] - |A| - [186368] - C:\WINDOWS\system32\Windows.Devices.Radios.dll [MD5.901D8AC5AEB329F50A272ADDE4F8E006] - [04/10/2016 03:14:18] - |A| - [216576] - C:\WINDOWS\system32\Windows.Devices.Scanners.dll [MD5.872B2A079C34CB034CB7FAB456D3ED0A] - [04/10/2016 03:12:41] - |A| - [765440] - C:\WINDOWS\system32\Windows.Devices.Sensors.dll [MD5.247BBF1EBC3B9CD0E16578686DBF12C2] - [04/10/2016 03:13:12] - |A| - [171520] - C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll [MD5.3404ED20AE5286C613A8F1014ACCE8AD] - [04/10/2016 03:11:56] - |A| - [912384] - C:\WINDOWS\system32\Windows.Devices.SmartCards.dll [MD5.3FB04928F39985489D8602251E8B0C9A] - [04/10/2016 03:13:13] - |A| - [343552] - C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll [MD5.5D60697028FF1649E3B69D6DA8C14193] - [04/10/2016 03:13:14] - |A| - [437248] - C:\WINDOWS\system32\Windows.Devices.Usb.dll [MD5.6798086EAE80DBAD99DD255C1F02ECCB] - [04/10/2016 03:14:17] - |A| - [194048] - C:\WINDOWS\system32\Windows.Devices.WiFi.dll [MD5.3ECD136507875B5282913D8B24D4EEAB] - [04/10/2016 03:13:19] - |A| - [505856] - C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll [MD5.1153E3F32082C2283D4255EB3BDD5FE1] - [04/10/2016 03:12:33] - |A| - [169984] - C:\WINDOWS\system32\Windows.Energy.dll [MD5.51C5F949CD2220813B185189C1408A68] - [04/10/2016 03:14:25] - |A| - [547840] - C:\WINDOWS\system32\Windows.Gaming.Input.dll [MD5.C6C562772ADC6BACF5C780ED2CAEDD4F] - [04/10/2016 03:12:35] - |A| - [467968] - C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll [MD5.B36CB46A2DFFA5B69B4B0E72BA8B91C3] - [04/10/2016 03:14:39] - |A| - [1586176] - C:\WINDOWS\system32\Windows.Globalization.dll [MD5.896FF9C1393D667DCE31657ACB4DDCB0] - [04/10/2016 03:14:58] - |A| - [2208768] - C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll [MD5.077BE7BD9ECDED0AB0478E3818CCACA6] - [04/10/2016 03:13:15] - |A| - [611328] - C:\WINDOWS\system32\Windows.Graphics.Printing.dll [MD5.A5767C71E1F56A6BCC13F8C35FDA861C] - [04/10/2016 03:12:45] - |A| - [472064] - C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll [MD5.44A5CAF4E736BCD4360015BB3B841179] - [04/10/2016 03:13:12] - |A| - [407552] - C:\WINDOWS\system32\Windows.Internal.Management.dll [MD5.D0080BFE4CD5D36DBC6FBC137B5B0F7E] - [03/10/2016 21:07:55] - |A| - [208896] - C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll [MD5.72504CCBEEB0765FEB201F32A4438A48] - [04/10/2016 03:11:57] - |A| - [1217024] - C:\WINDOWS\system32\Windows.Media.Audio.dll [MD5.569A4736FD3A75705CE96CB9B8F5B9BE] - [04/10/2016 03:13:26] - |A| - [720896] - C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll [MD5.F0ECBA9411082A38CCD6C02C91D2646B] - [04/10/2016 03:12:33] - |A| - [139776] - C:\WINDOWS\system32\Windows.Media.Devices.dll [MD5.15882DD6A92B3E03AB1F881A413F0B5C] - [04/10/2016 03:12:12] - |A| - [6285312] - C:\WINDOWS\system32\Windows.Media.dll [MD5.1C5F6FAA20301F1BA5813182CFBC729C] - [04/10/2016 03:12:05] - |A| - [1403392] - C:\WINDOWS\system32\Windows.Media.Editing.dll [MD5.03D44A7F93EC1F5D21D286AF5697F513] - [04/10/2016 03:12:37] - |A| - [1507840] - C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll [MD5.56F7319A3D2C1072A5B95D4E710825C0] - [04/10/2016 03:14:20] - |A| - [852480] - C:\WINDOWS\system32\Windows.Media.Import.dll [MD5.B6F97FEDAE70E044637D47827679860F] - [04/10/2016 03:12:02] - |A| - [372440] - C:\WINDOWS\system32\Windows.Media.MediaControl.dll [MD5.1592DF03B5ABC1EF0FCE26E13DCC3435] - [04/10/2016 03:14:17] - |A| - [1080320] - C:\WINDOWS\system32\Windows.Media.Ocr.dll [MD5.4E63157560E827689EF97CACA04709D3] - [04/10/2016 03:13:28] - |A| - [718848] - C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll [MD5.29B36C288108BC2E014BAA3C9C61069A] - [04/10/2016 03:13:27] - |A| - [702976] - C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll [MD5.D459D074A94AF2BFC310DE558A322254] - [04/10/2016 03:13:46] - |A| - [8158672] - C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll [MD5.8997D076842ED295185A83E56E6302D7] - [04/10/2016 03:13:49] - |A| - [1643008] - C:\WINDOWS\system32\Windows.Media.Speech.dll [MD5.C6FACF5D524F94DA53BEF41CE9075CA4] - [04/10/2016 03:13:39] - |A| - [568832] - C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll [MD5.5E6A4B729FF8C016493B9391055ECEE6] - [04/10/2016 03:14:24] - |A| - [1078784] - C:\WINDOWS\system32\Windows.Media.Streaming.dll [MD5.48C7E4A2B5B15A2CBF9814B469A06B56] - [04/10/2016 03:11:56] - |A| - [924672] - C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll [MD5.F71D648B177CC7A5A8DA6556B6C2D9CA] - [04/10/2016 03:11:55] - |A| - [701952] - C:\WINDOWS\system32\Windows.Networking.Connectivity.dll [MD5.00BFF0887D31BF0A2F86AB978209A5B7] - [04/10/2016 03:12:07] - |A| - [911872] - C:\WINDOWS\system32\Windows.Networking.dll [MD5.C8BA63E2A9B605FEEA74CDE1E69887C5] - [04/10/2016 03:12:00] - |A| - [223744] - C:\WINDOWS\system32\Windows.Networking.HostName.dll [MD5.EA63392ADF9A0984C356554729346E17] - [04/10/2016 03:12:33] - |A| - [113664] - C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll [MD5.2C89C590F55F983B922EB705E4F5C009] - [04/10/2016 03:14:36] - |A| - [1087488] - C:\WINDOWS\system32\Windows.Networking.Vpn.dll [MD5.BAB2F86DE0219361898F99B710E33FBF] - [04/10/2016 03:14:58] - |A| - [418304] - C:\WINDOWS\system32\Windows.Perception.Stub.dll [MD5.1388E367C75008A010301C89D842CFEE] - [04/10/2016 03:14:23] - |A| - [252416] - C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll [MD5.D55AC147BCDC3DA3EDA4F8F58BF276A8] - [04/10/2016 03:12:01] - |A| - [800768] - C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll [MD5.6FB48F624829BFD03D67E3666822D170] - [03/10/2016 21:08:30] - |A| - [58880] - C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll [MD5.503E713F77489EBA9B5DF7073B3D39E6] - [04/10/2016 03:13:31] - |A| - [4136960] - C:\WINDOWS\system32\Windows.StateRepository.dll [MD5.8E4429385D2E80A28DADCD91D814E5E9] - [04/10/2016 03:13:08] - |A| - [73216] - C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll [MD5.F75448D9720E9370216282E143AAE94A] - [04/10/2016 03:13:09] - |A| - [122880] - C:\WINDOWS\system32\Windows.StateRepositoryClient.dll [MD5.F3B429117D333934F1A743587BCF23D2] - [04/10/2016 03:13:26] - |A| - [328008] - C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll [MD5.248159632BE13F7D55DAE11405879728] - [04/10/2016 03:13:01] - |A| - [7219672] - C:\WINDOWS\system32\windows.storage.dll [MD5.CFFF0F8196624A07049A1906CBB8961A] - [04/10/2016 03:13:08] - |A| - [82432] - C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll [MD5.85DE7DC5329739FB2BD481ECDE38388E] - [03/10/2016 21:08:29] - |A| - [363520] - C:\WINDOWS\system32\Windows.UI.BioFeedback.dll [MD5.67AA275094BF77BC92C193D447CEBE5F] - [03/10/2016 21:08:29] - |A| - [418304] - C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll [MD5.9B3299A537477779F55BEC8CC267F3CA] - [03/10/2016 21:08:30] - |A| - [1388544] - C:\WINDOWS\system32\Windows.UI.Cred.dll [MD5.FCA6EDAFA4B69EE5A5B59686716CC9E0] - [04/10/2016 03:12:43] - |A| - [257024] - C:\WINDOWS\system32\Windows.UI.CredDialogController.dll [MD5.43165ADA4B93B958D6CEF6CFAABEBA0C] - [04/10/2016 03:15:09] - |A| - [816640] - C:\WINDOWS\system32\Windows.UI.dll [MD5.55AD1D10E6956654B365F71E0E9606D6] - [03/10/2016 21:08:37] - |A| - [1726976] - C:\WINDOWS\system32\Windows.UI.Immersive.dll [MD5.A19442728A283A172FB25123B9B5388B] - [04/10/2016 03:15:12] - |A| - [1266176] - C:\WINDOWS\system32\Windows.UI.Input.Inking.dll [MD5.83F7B0AA4B6484035A989686B1C1E152] - [04/10/2016 03:12:31] - |A| - [2688512] - C:\WINDOWS\system32\Windows.UI.Logon.dll [MD5.54CB34A93FC1956590046D14BB46D38F] - [04/10/2016 03:15:22] - |A| - [908800] - C:\WINDOWS\system32\Windows.UI.Search.dll [MD5.C4792A381CAD4D49DC2959894277DD32] - [03/10/2016 21:08:31] - |A| - [49152] - C:\WINDOWS\system32\Windows.UI.Shell.dll [MD5.E510EC98F5114BE003D2C61E98BFEFA3] - [03/10/2016 21:07:50] - |A| - [17187840] - C:\WINDOWS\system32\Windows.UI.Xaml.dll [MD5.475594097E9D06D3421B70C70276668D] - [04/10/2016 03:12:33] - |A| - [642048] - C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll [MD5.D6F1F925CCB39146CF9E761C7F6B078A] - [04/10/2016 03:12:40] - |A| - [1424896] - C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll [MD5.BAEC308109D4DBBE4471DEAFB839EE10] - [04/10/2016 03:12:53] - |A| - [1369088] - C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll [MD5.4C9EB8B2F81D8A34E5CBAFB0B859251C] - [03/10/2016 21:07:50] - |A| - [1631232] - C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll [MD5.A9449810BAC0AC337A0B8B3EA7C2046E] - [04/10/2016 03:14:17] - |A| - [237568] - C:\WINDOWS\system32\Windows.Web.Diagnostics.dll [MD5.7A81B442D8D8898ABADFDBE1D8EB1F5C] - [04/10/2016 03:12:10] - |A| - [774656] - C:\WINDOWS\system32\Windows.Web.dll [MD5.9DE8B8D04449679970252C5523146577] - [04/10/2016 03:12:01] - |A| - [1328128] - C:\WINDOWS\system32\Windows.Web.Http.dll [MD5.47D3A0C1CABB67C0244CDF4EF73CFAC4] - [04/10/2016 03:13:22] - |A| - [1738040] - C:\WINDOWS\system32\WindowsCodecs.dll [MD5.DC6A4D7940590C96D6AFA588D74F5F5A] - [04/10/2016 03:13:35] - |A| - [2668544] - C:\WINDOWS\system32\wininet.dll [MD5.5076736DF3556AAF02ECCF3C4A6F88C6] - [04/10/2016 03:12:51] - |A| - [1353768] - C:\WINDOWS\system32\winload.efi [MD5.5CF4D5CE0DE4D4FDD685FE3B1A23EEB8] - [04/10/2016 03:12:50] - |A| - [1172472] - C:\WINDOWS\system32\winload.exe [MD5.1A3C4B5559CC49CC2C8B653365D375C7] - [04/10/2016 03:14:16] - |A| - [674304] - C:\WINDOWS\system32\winlogon.exe [MD5.60931F113781C1FE5B9DFB2BD2FBE08B] - [03/10/2016 21:08:38] - |A| - [1694712] - C:\WINDOWS\system32\winmde.dll [MD5.C1D251B3B93024A3727DBC6288CB1421] - [04/10/2016 03:12:48] - |A| - [1051112] - C:\WINDOWS\system32\winresume.efi [MD5.B16FF02E29A57896377E516C70CD68B3] - [04/10/2016 03:12:48] - |A| - [894096] - C:\WINDOWS\system32\winresume.exe [MD5.90D408D3F440591978DB7E81C1129EA5] - [04/10/2016 03:12:07] - |A| - [147456] - C:\WINDOWS\system32\winsrv.dll [MD5.FD5ECCC4DCB749A903D4E05C5954C707] - [04/10/2016 03:13:27] - |A| - [341936] - C:\WINDOWS\system32\wintrust.dll [MD5.E28309DC8F4F99134993C12071E74A11] - [04/10/2016 03:15:10] - |A| - [1267512] - C:\WINDOWS\system32\WinTypes.dll [MD5.B581907FD94F1FF148BF695331F67612] - [04/10/2016 03:15:11] - |A| - [283648] - C:\WINDOWS\system32\wkssvc.dll [MD5.CF8840234456D3C84876BD4D76FF0663] - [04/10/2016 03:12:40] - |A| - [296448] - C:\WINDOWS\system32\wlancfg.dll [MD5.7671078AEF4C0203B053A9642C401FF7] - [03/10/2016 21:08:13] - |A| - [2370048] - C:\WINDOWS\system32\wlansvc.dll [MD5.99851A3A6834FBC0D531911E00BFA8FF] - [04/10/2016 03:15:29] - |A| - [13434368] - C:\WINDOWS\system32\wmp.dll [MD5.E4BF5B9D5DE1EA3E60A45AFBC64ABB72] - [03/10/2016 21:08:38] - |A| - [1555456] - C:\WINDOWS\system32\WMPDMC.exe [MD5.F5CE6B08E4E3F474F7D00D6B555E6BE3] - [03/10/2016 21:08:32] - |A| - [2049480] - C:\WINDOWS\system32\wmpmde.dll [MD5.53C21D9AD412078037B9029FEBC3B690] - [04/10/2016 03:15:11] - |A| - [387872] - C:\WINDOWS\system32\wmpps.dll [MD5.1C4B0EAC668B9135B06E47B6B767BD85] - [04/10/2016 03:15:08] - |A| - [431616] - C:\WINDOWS\system32\WpAXHolder.dll [MD5.16A5D9153ED28F8B944779DAAB27D51C] - [04/10/2016 03:13:29] - |A| - [945664] - C:\WINDOWS\system32\WpcWebFilter.dll [MD5.2330E681265607D4AD6C9C9763A3A8A6] - [04/10/2016 03:13:24] - |A| - [864256] - C:\WINDOWS\system32\wpnapps.dll [MD5.19DBA20EA39E641B940156DF8D2E96E2] - [04/10/2016 03:12:08] - |A| - [424640] - C:\WINDOWS\system32\ws2_32.dll [MD5.D2A8C83B9C7C153E94E78A4AE85183A9] - [04/10/2016 03:13:27] - |A| - [32256] - C:\WINDOWS\system32\WSManHTTPConfig.exe [MD5.858D157886D47E085493325D347459B8] - [04/10/2016 03:13:17] - |A| - [2716672] - C:\WINDOWS\system32\WsmSvc.dll [MD5.3DB84DA17A3A717FE8B82DBA4E4C87B1] - [04/10/2016 03:14:39] - |A| - [1912320] - C:\WINDOWS\system32\wsp_fs.dll [MD5.F26923BA996418AEE92E9116F3B4CAC8] - [04/10/2016 03:14:38] - |A| - [1553408] - C:\WINDOWS\system32\wsp_health.dll [MD5.BBC56FDD21EB4264EEC87EE1E56049D4] - [04/10/2016 03:14:39] - |A| - [947200] - C:\WINDOWS\system32\wsp_sr.dll [MD5.8DC162262762E46F37D89D31B59EF69D] - [03/10/2016 21:08:33] - |A| - [26408] - C:\WINDOWS\system32\wuauclt.exe [MD5.92E3A595ECA98F09B72A1E68ACB4651A] - [03/10/2016 21:08:33] - |A| - [2315264] - C:\WINDOWS\system32\wuaueng.dll [MD5.EF4A6C0CD82605DF6575780B99ED78DA] - [03/10/2016 21:08:33] - |A| - [32768] - C:\WINDOWS\system32\wups2.dll [MD5.62DB63BA7A9BC04D7BBB83D558797A97] - [03/10/2016 21:08:36] - |A| - [857440] - C:\WINDOWS\system32\WWAHost.exe [MD5.C3D638E0DD7A716F6C8CAC1630286B2F] - [04/10/2016 03:14:37] - |A| - [527808] - C:\WINDOWS\system32\WWanAPI.dll [MD5.56FE23313A840471CF2C7FC8CA7AA637] - [03/10/2016 21:08:39] - |A| - [468992] - C:\WINDOWS\system32\wwanconn.dll [MD5.D14A397FD0DF8DBFEF68F69B16F0160C] - [03/10/2016 21:08:39] - |A| - [6574592] - C:\WINDOWS\system32\wwanmm.dll [MD5.D4F2FFCF5D199152DD01026D3AA38138] - [03/10/2016 21:08:39] - |A| - [1282048] - C:\WINDOWS\system32\wwansvc.dll [MD5.B740472F6A76DF422DD557AF957B70BE] - [03/10/2016 21:07:16] - |A| - [157696] - C:\WINDOWS\system32\XamlTileRender.dll [MD5.F39D6915451D9226AC9A5E7AE70E2ABA] - [04/10/2016 03:14:37] - |A| - [1013248] - C:\WINDOWS\system32\XblAuthManager.dll [MD5.5E80576858544345D4CFC61306A0280C] - [04/10/2016 03:12:11] - |A| - [4596224] - C:\WINDOWS\system32\xpsrchvw.exe [MD5.FA8ECC3B89550DACD7A055BD83ECE757] - [04/10/2016 00:20:10] - |A| - [139769] - C:\WINDOWS\system32\Drivers\ccavsfi.dat [MD5.5008FF3BBB078956C60DCA0044CF175B] - [03/10/2016 21:07:42] - |A| - [379744] - C:\WINDOWS\system32\Drivers\Classpnp.sys [MD5.8833A059270A60CE347FEB9A7951B3F4] - [03/10/2016 21:08:03] - |A| - [681304] - C:\WINDOWS\system32\Drivers\ClipSp.sys [MD5.964943933D448935595C450AC4E8A5B1] - [04/10/2016 03:13:25] - |A| - [23392] - C:\WINDOWS\system32\Drivers\cmimcext.sys [MD5.7878A65B1D949B4E2880DD2EF7B8D8D7] - [03/10/2016 21:07:05] - |A| - [187232] - C:\WINDOWS\system32\Drivers\dumpsd.sys [MD5.D2EC2AD9C2F514AEECD5EC2B46107228] - [04/10/2016 03:13:37] - |A| - [2190176] - C:\WINDOWS\system32\Drivers\dxgkrnl.sys [MD5.0108B58F6CD981EEEB5FFA25D1B75228] - [04/10/2016 03:13:21] - |A| - [401760] - C:\WINDOWS\system32\Drivers\dxgmms1.sys [MD5.33ADC48D971260DD3DAA264CB7CF145C] - [04/10/2016 03:13:41] - |A| - [657760] - C:\WINDOWS\system32\Drivers\dxgmms2.sys [MD5.2A9817B5A9260D8F60D52E36BEF10443] - [03/10/2016 21:07:07] - |A| - [118112] - C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys [MD5.8EEC4925C03E375C4EC496E45C44139A] - [04/10/2016 03:13:29] - |A| - [649568] - C:\WINDOWS\system32\Drivers\fvevol.sys [MD5.68FDFCE44D29EE8AE52E3CCB46BB0554] - [03/10/2016 21:08:26] - |A| - [409944] - C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS [MD5.BAFD8946905DF03E6ECDDB154A4BAA9C] - [04/10/2016 03:13:25] - |A| - [1046880] - C:\WINDOWS\system32\Drivers\http.sys [MD5.74FC79C52395B10FFD0B55CF22CF88FC] - [03/10/2016 21:07:11] - |A| - [73568] - C:\WINDOWS\system32\Drivers\hvservice.sys [MD5.AFFAC761AE0FA633BB09E86F15186778] - [03/10/2016 20:42:23] - |A| - [50392] - C:\WINDOWS\system32\Drivers\isedrv.sys [MD5.0B779E9FC426CA2268D28181FA6C222F] - [04/10/2016 03:15:01] - |A| - [39424] - C:\WINDOWS\system32\Drivers\kbdhid.sys [MD5.8E6E3C6D32042055F918C457B3CB683C] - [07/10/2016 13:41:15] - |A| - [159360] - C:\WINDOWS\system32\Drivers\KeyCrypt64.sys [MD5.705C0F8BCCEF6E7CB704CCB454192D7E] - [03/10/2016 21:08:04] - |A| - [133472] - C:\WINDOWS\system32\Drivers\ksecdd.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [03/10/2016 21:08:24] - |A| - [450392] - C:\WINDOWS\system32\Drivers\mrxsmb.sys [MD5.200E4A385F5F370D8866BAE25B0D9D32] - [03/10/2016 21:08:23] - |A| - [282624] - C:\WINDOWS\system32\Drivers\mrxsmb10.sys [MD5.F7C22604CD8AFB9AF1C1E3CE39A5A09F] - [04/10/2016 03:12:51] - |A| - [223584] - C:\WINDOWS\system32\Drivers\mrxsmb20.sys [MD5.C1294D97AAD475701EB35DF8422D6E15] - [04/10/2016 03:12:01] - |A| - [1182048] - C:\WINDOWS\system32\Drivers\ndis.sys [MD5.5DD8CB01C0394F8D052763D2E3C6E684] - [03/10/2016 21:08:12] - |A| - [2256224] - C:\WINDOWS\system32\Drivers\ntfs.sys [MD5.9DB326B54C03EF2892E7551D8B354036] - [04/10/2016 03:12:43] - |A| - [128352] - C:\WINDOWS\system32\Drivers\partmgr.sys [MD5.D723D2C98598B0DF5832427740B2825D] - [04/10/2016 03:12:06] - |A| - [335712] - C:\WINDOWS\system32\Drivers\pci.sys [MD5.EDAF0E161BE98CCC4FC9671481600745] - [04/10/2016 03:12:40] - |A| - [435040] - C:\WINDOWS\system32\Drivers\rdbss.sys [MD5.2A8832563C2826665517B91195085476] - [04/10/2016 03:15:09] - |A| - [279904] - C:\WINDOWS\system32\Drivers\sdbus.sys [MD5.43AC4C5CC233BCE9D7C46DA0E7EC0676] - [04/10/2016 03:12:13] - |A| - [557408] - C:\WINDOWS\system32\Drivers\spaceport.sys [MD5.E83830BB74AE8CBECEA0ECD94DE436F9] - [03/10/2016 21:08:24] - |A| - [409088] - C:\WINDOWS\system32\Drivers\srv.sys [MD5.1312896CAE6AF0D4557DB7B37283C116] - [04/10/2016 03:12:09] - |A| - [713216] - C:\WINDOWS\system32\Drivers\srv2.sys [MD5.F13EE0DB1FB1D6946AC3228D7EFCFC8F] - [03/10/2016 21:08:24] - |A| - [248320] - C:\WINDOWS\system32\Drivers\srvnet.sys [MD5.53EB8CE34B55A1EE63424C8DB7388BFC] - [04/10/2016 03:13:24] - |A| - [130912] - C:\WINDOWS\system32\Drivers\storahci.sys [MD5.B66D8C75C9BC59D637177AB3B1C569A6] - [04/10/2016 03:13:29] - |A| - [81760] - C:\WINDOWS\system32\Drivers\stornvme.sys [MD5.B705D8E3011268160833518FBD80FBCE] - [03/10/2016 21:08:26] - |A| - [2537824] - C:\WINDOWS\system32\Drivers\tcpip.sys [MD5.3D04046C468AD2868A093925B5E2AA0A] - [04/10/2016 03:15:12] - |A| - [218976] - C:\WINDOWS\system32\Drivers\tpm.sys [MD5.92F6E3E6D3F1795263EB34B37F74AEF7] - [04/10/2016 03:12:02] - |A| - [74080] - C:\WINDOWS\system32\Drivers\vpci.sys [MD5.1337576E07B5A8B7B2B95ECF34F723F7] - [13/10/2016 09:04:34] - |A| - [438990] - C:\WINDOWS\system32\Drivers\vsconfig.xml [MD5.E330144B97D493AA886000DCAAA8DAF5] - [04/10/2016 03:15:09] - |A| - [119648] - C:\WINDOWS\system32\Drivers\wcifs.sys [MD5.8CB606A3057355FD5A9DBDD1A0AC94EF] - [04/10/2016 03:12:41] - |A| - [719360] - C:\WINDOWS\system32\Drivers\WdiWiFi.sys [MD5.88B66D75B0D26B449C83D54C87F30553] - [04/10/2016 03:13:19] - |A| - [51712] - C:\WINDOWS\system32\Drivers\winhvr.sys [MD5.882268966D842AB6CEEA4341761D10C0] - [04/10/2016 03:11:54] - |A| - [873472] - C:\WINDOWS\syswow64\aadtb.dll [MD5.60022914420DFE9782BEED4FA37FC135] - [04/10/2016 03:14:56] - |A| - [238080] - C:\WINDOWS\syswow64\AboveLockAppHost.dll [MD5.7E1DE305D91428A2AE496EA0BCEFFA3E] - [03/10/2016 21:12:20] - |A| - [5398016] - C:\WINDOWS\syswow64\aclui.dll [MD5.F05624A666CECC5181AD269AEFDAA77C] - [03/10/2016 21:12:12] - |A| - [54784] - C:\WINDOWS\syswow64\AddressParser.dll [MD5.D67B0E9226FBA4C7703B86563863759E] - [04/10/2016 03:12:11] - |A| - [819200] - C:\WINDOWS\syswow64\AppContracts.dll [MD5.4D0BBCC85007F01B1E69B926B97D38FA] - [03/10/2016 21:12:12] - |A| - [118272] - C:\WINDOWS\syswow64\AppointmentActivation.dll [MD5.72CD97BCAB7157556C0C08AD94629887] - [04/10/2016 03:15:02] - |A| - [710144] - C:\WINDOWS\syswow64\AppointmentApis.dll [MD5.7FD803FE42619F3BBF62CB5B6A502371] - [04/10/2016 03:11:59] - |A| - [125952] - C:\WINDOWS\syswow64\apprepapi.dll [MD5.40D0A2274D7F09A26F050908681E396D] - [04/10/2016 03:11:58] - |A| - [284672] - C:\WINDOWS\syswow64\apprepsync.dll [MD5.4C12149E1B87094B5698130F15F9D06E] - [04/10/2016 03:14:26] - |A| - [484584] - C:\WINDOWS\syswow64\AudioSes.dll [MD5.1918A666B0C06F8D01D3AD58ECAF8962] - [04/10/2016 03:13:09] - |A| - [117760] - C:\WINDOWS\syswow64\AuthBroker.dll [MD5.C6BF51DA6A0432F44B911EF145D85B1B] - [03/10/2016 21:12:19] - |A| - [798208] - C:\WINDOWS\syswow64\authui.dll [MD5.195F81928AB386B06237D03BB2AB4030] - [04/10/2016 03:12:53] - |A| - [1255936] - C:\WINDOWS\syswow64\AzureSettingSyncProvider.dll [MD5.6F3D42F378F6D0CAB2E9429270346555] - [04/10/2016 03:12:00] - |A| - [49664] - C:\WINDOWS\syswow64\BackgroundMediaPolicy.dll [MD5.BF938FDD9DF3A4E3815A259AA2CD8105] - [04/10/2016 03:14:18] - |A| - [491008] - C:\WINDOWS\syswow64\bcastdvr.exe [MD5.5224BBB6DEEDC15D8E91FCCE206EA876] - [04/10/2016 03:14:21] - |A| - [156672] - C:\WINDOWS\syswow64\BcastDVRHelper.dll [MD5.19E7B87856BF75039B3D11391BD68898] - [03/10/2016 21:12:04] - |A| - [5376000] - C:\WINDOWS\syswow64\BingMaps.dll [MD5.12559576CCE18136E18CF41F2FAA02AE] - [03/10/2016 21:12:04] - |A| - [536576] - C:\WINDOWS\syswow64\BingOnlineServices.dll [MD5.69EAF28B7B37F1DEAE7E8E9104C76EAA] - [04/10/2016 03:13:24] - |A| - [152064] - C:\WINDOWS\syswow64\biwinrt.dll [MD5.32EBA2B303552078CBAD94B664D0BAF1] - [04/10/2016 03:12:15] - |A| - [3196416] - C:\WINDOWS\syswow64\cdp.dll [MD5.BE3AF359A61EA04BD359926EDE812512] - [04/10/2016 03:13:32] - |A| - [2646016] - C:\WINDOWS\syswow64\CertEnroll.dll [MD5.0FBF889D7030D9A976F9534A78F23056] - [04/10/2016 03:13:56] - |A| - [6043136] - C:\WINDOWS\syswow64\Chakra.dll [MD5.EAE949AB1668244B2301D05564441D4D] - [04/10/2016 03:13:58] - |A| - [822784] - C:\WINDOWS\syswow64\Chakradiag.dll [MD5.5750D828D956B7B0247C291540746497] - [03/10/2016 21:12:09] - |A| - [121344] - C:\WINDOWS\syswow64\Chakrathunk.dll [MD5.E03351BA370442A9C204967ADDC540D4] - [04/10/2016 03:15:10] - |A| - [567808] - C:\WINDOWS\syswow64\ChatApis.dll [MD5.F205CE29B7DE05821E38D4B5123606FC] - [04/10/2016 03:11:57] - |A| - [171520] - C:\WINDOWS\syswow64\ClipboardServer.dll [MD5.F9395430C1598073772B72732EEB43A6] - [04/10/2016 03:15:07] - |A| - [116576] - C:\WINDOWS\syswow64\CloudExperienceHostCommon.dll [MD5.00B45696F9D77E154B1B053CFE06C1EF] - [04/10/2016 03:15:00] - |A| - [558080] - C:\WINDOWS\syswow64\clusapi.dll [MD5.533730C3449FAA3F13EA58D0AF494525] - [03/10/2016 21:11:55] - |A| - [2166232] - C:\WINDOWS\syswow64\combase.dll [MD5.F02766CB652FA385BCB3A4CBB599CCD1] - [04/10/2016 03:11:54] - |A| - [1320448] - C:\WINDOWS\syswow64\comsvcs.dll [MD5.29F0526733193BBCEE9611A13BD3450A] - [03/10/2016 21:12:13] - |A| - [48128] - C:\WINDOWS\syswow64\ContactActivation.dll [MD5.EEB33D69A7ED3C6580D3FFC9BE604F9F] - [04/10/2016 03:15:02] - |A| - [850944] - C:\WINDOWS\syswow64\ContactApis.dll [MD5.C86EDCB03663159D4C43BF4DBD387B63] - [04/10/2016 03:14:12] - |A| - [483840] - C:\WINDOWS\syswow64\CoreMessaging.dll [MD5.28A9062F97909B3370DF3F54B6705E10] - [04/10/2016 03:13:20] - |A| - [2048496] - C:\WINDOWS\syswow64\CoreUIComponents.dll [MD5.DFE37ED6419006BCCDBE5E1442A8E35B] - [04/10/2016 03:14:21] - |A| - [709120] - C:\WINDOWS\syswow64\CPFilters.dll [MD5.56B9442F5B481F1124473651319CE84C] - [04/10/2016 03:11:55] - |A| - [391168] - C:\WINDOWS\syswow64\CredProvDataModel.dll [MD5.3AAA62FE99A777E4509D049FEC0E86AB] - [04/10/2016 03:11:55] - |A| - [203776] - C:\WINDOWS\syswow64\credprovhost.dll [MD5.E1707BFA4F8994B457ED3F127CDEDDAA] - [04/10/2016 03:14:56] - |A| - [143872] - C:\WINDOWS\syswow64\credprovslegacy.dll [MD5.46746EF216A1F174337B881CC158BB70] - [04/10/2016 03:13:18] - |A| - [285696] - C:\WINDOWS\syswow64\cryptngc.dll [MD5.7A5508100B6C66E90AEBA459015BE29D] - [04/10/2016 03:14:20] - |A| - [288256] - C:\WINDOWS\syswow64\CryptoWinRT.dll [MD5.505DC1F4C21AF1FF96F77629FC2AD67E] - [04/10/2016 03:15:17] - |A| - [5061120] - C:\WINDOWS\syswow64\d2d1.dll [MD5.BE1917512F791F91C57082917E4D9CD8] - [04/10/2016 03:14:14] - |A| - [3733504] - C:\WINDOWS\syswow64\D3DCompiler_47.dll [MD5.7D1CEE0AEC344815661C8C45CEFC1643] - [04/10/2016 03:13:20] - |A| - [257536] - C:\WINDOWS\syswow64\DataExchange.dll [MD5.D316839AF251780E05512FB0F79AC684] - [04/10/2016 03:15:14] - |A| - [327168] - C:\WINDOWS\syswow64\daxexec.dll [MD5.57895C7CFF374517ABC79CCCC3C77716] - [03/10/2016 21:12:16] - |A| - [4557824] - C:\WINDOWS\syswow64\dbgeng.dll [MD5.55AAAA3C2A11EE0F48BFB10D222C4A7F] - [03/10/2016 21:12:16] - |A| - [461312] - C:\WINDOWS\syswow64\DbgModel.dll [MD5.00C916B8ECDCDF87DEA9889EC87F0452] - [04/10/2016 03:15:09] - |A| - [83120] - C:\WINDOWS\syswow64\devenum.dll [MD5.B81F9232875F0BD99CECC074B125EF55] - [03/10/2016 21:11:56] - |A| - [1755136] - C:\WINDOWS\syswow64\DeviceFlows.DataModel.dll [MD5.D47B2048C4FFC2C9E8B8432924BAD3AE] - [04/10/2016 03:12:32] - |A| - [141312] - C:\WINDOWS\syswow64\dialclient.dll [MD5.A37C6C9DD3857EF4FB2D3E81794C01EE] - [04/10/2016 03:13:09] - |A| - [138240] - C:\WINDOWS\syswow64\DisplayManager.dll [MD5.368723D42FC32B4742A4D2648758C4BF] - [04/10/2016 07:21:11] - |A| - [120200] - C:\WINDOWS\syswow64\DLLDEV32i.dll [MD5.73332BE0A5E2F7F04CCCEFD2F82A337C] - [04/10/2016 03:13:12] - |A| - [248832] - C:\WINDOWS\syswow64\dlnashext.dll [MD5.A42678CA82C560D4177897EF126F54F3] - [04/10/2016 03:12:36] - |A| - [395264] - C:\WINDOWS\syswow64\dmenrollengine.dll [MD5.227CFE3EDA82029AAC1C088A16297CD7] - [04/10/2016 03:12:44] - |A| - [496872] - C:\WINDOWS\syswow64\dnsapi.dll [MD5.5A2094BF5BD084E03C4B40DF09F323A2] - [04/10/2016 03:15:08] - |A| - [455040] - C:\WINDOWS\syswow64\DolbyDecMFT.dll [MD5.6E714A5BD2D15AA9A30A468F690F8F21] - [04/10/2016 03:13:15] - |A| - [404992] - C:\WINDOWS\syswow64\dsreg.dll [MD5.A839B2CF099C3F328E6D369E29B14E02] - [04/10/2016 03:15:10] - |A| - [113504] - C:\WINDOWS\syswow64\dwmapi.dll [MD5.47F407D8B4F7C17A525165F6A30E7107] - [03/10/2016 21:11:56] - |A| - [1993216] - C:\WINDOWS\syswow64\dwmcore.dll [MD5.00729C84D1A937C2AEA68D96585776A2] - [04/10/2016 03:13:27] - |A| - [2005504] - C:\WINDOWS\syswow64\DWrite.dll [MD5.F998BC859F9AE1224848D828B9AA6ABD] - [03/10/2016 21:11:57] - |A| - [243712] - C:\WINDOWS\syswow64\eapp3hst.dll [MD5.95CFC05F34079A4B2CE4BBABC05BDEDA] - [03/10/2016 21:11:57] - |A| - [197120] - C:\WINDOWS\syswow64\eappcfg.dll [MD5.1239C51284092F90C31583F699FA1062] - [03/10/2016 21:11:57] - |A| - [91648] - C:\WINDOWS\syswow64\eappgnui.dll [MD5.8FC85E2CFA234AE5857A3AA9CDB109F6] - [03/10/2016 21:11:57] - |A| - [235008] - C:\WINDOWS\syswow64\eapphost.dll [MD5.31CEC1815AF7F92E1C466F49EC944751] - [03/10/2016 21:11:57] - |A| - [57344] - C:\WINDOWS\syswow64\eappprxy.dll [MD5.96CF576C969DD111DBF27CD2F0BDEB0B] - [04/10/2016 03:14:03] - |A| - [19416576] - C:\WINDOWS\syswow64\edgehtml.dll [MD5.354F66B3BC3994C91813564D031EA436] - [04/10/2016 03:12:36] - |A| - [431616] - C:\WINDOWS\syswow64\efswrt.dll [MD5.607FB84683D4C07BD563E75B979F657B] - [04/10/2016 03:15:11] - |A| - [857600] - C:\WINDOWS\syswow64\EmailApis.dll [MD5.804DCE6D165D93ED74A5472B84B6D429] - [03/10/2016 21:11:57] - |A| - [640976] - C:\WINDOWS\syswow64\evr.dll [MD5.97EFD2087A51AD739A8DED87D4DA86A1] - [04/10/2016 03:12:58] - |A| - [4311736] - C:\WINDOWS\syswow64\explorer.exe [MD5.7C24C4B6F34B1DD483858494F0F86780] - [03/10/2016 21:12:13] - |A| - [224256] - C:\WINDOWS\syswow64\ExSMime.dll [MD5.0203CAE673FF9072FEC0B63262D53DB2] - [03/10/2016 21:12:13] - |A| - [18944] - C:\WINDOWS\syswow64\ExtrasXmlParser.dll [MD5.4A0F35BA2C067E26E5EAE4D2AE8F20EF] - [04/10/2016 03:14:56] - |A| - [55296] - C:\WINDOWS\syswow64\findnetprinters.dll [MD5.1C6F31756DE0CAC502A743382892C620] - [03/10/2016 23:15:24] - |A| - [828408] - C:\WINDOWS\syswow64\FlashPlayerApp.exe [MD5.A636D341E03F15A161068383B538EFF1] - [03/10/2016 23:15:24] - |A| - [176632] - C:\WINDOWS\syswow64\FlashPlayerCPLApp.cpl [MD5.A38BCC4DF4DA792C71F6FBA54299F893] - [04/10/2016 03:14:31] - |A| - [170960] - C:\WINDOWS\syswow64\gdi32.dll [MD5.335AD6364832B2D841C507D85F656516] - [04/10/2016 03:12:13] - |A| - [1415752] - C:\WINDOWS\syswow64\gdi32full.dll [MD5.DBAC0006851C7A147586B1B28A16C4FF] - [03/10/2016 21:12:27] - |A| - [1456640] - C:\WINDOWS\syswow64\GdiPlus.dll [MD5.B59DE1CB6FB45B0C2DDD99E30C90CE50] - [04/10/2016 03:11:53] - |A| - [357376] - C:\WINDOWS\syswow64\Geolocation.dll [MD5.9D966551A9046C1E05702ACF803B23A5] - [03/10/2016 21:12:18] - |A| - [1966288] - C:\WINDOWS\syswow64\hevcdecoder.dll [MD5.4406A3C1D05048CAC6FA68187D65C820] - [03/10/2016 21:12:26] - |A| - [1509376] - C:\WINDOWS\syswow64\ieapfltr.dll [MD5.D872EC93DE3F1769B3EEF3136B4D3CBC] - [04/10/2016 03:12:37] - |A| - [340480] - C:\WINDOWS\syswow64\iedkcs32.dll [MD5.A910CF80A32A59A1DBDE1EFEDC5400DA] - [04/10/2016 03:13:02] - |A| - [12174848] - C:\WINDOWS\syswow64\ieframe.dll [MD5.2D9995FB26F8DA18F3BE6A02EA853657] - [04/10/2016 03:13:18] - |A| - [306176] - C:\WINDOWS\syswow64\ieproxy.dll [MD5.DAF616C0996DDF62C247CC0A8321F1AD] - [04/10/2016 03:13:37] - |A| - [2256080] - C:\WINDOWS\syswow64\iertutil.dll [MD5.3413953BCB2081A1D46262B645745C0E] - [04/10/2016 03:14:56] - |A| - [433664] - C:\WINDOWS\syswow64\imapi2.dll [MD5.6D6B1D985326848BFA5C951DF72489DB] - [03/10/2016 21:12:01] - |A| - [198656] - C:\WINDOWS\syswow64\indexeddbserver.dll [MD5.4D157B9D45038FE44FFB4A8CC310D297] - [04/10/2016 03:12:37] - |A| - [2026496] - C:\WINDOWS\syswow64\inetcpl.cpl [MD5.C21A940A0C822F1F89E1647D0FD45E41] - [04/10/2016 03:11:55] - |A| - [2138112] - C:\WINDOWS\syswow64\InputService.dll [MD5.DA2D2825083BE694BCCB3A14C838B1F1] - [04/10/2016 03:14:56] - |A| - [179712] - C:\WINDOWS\syswow64\InstallAgent.exe [MD5.BBBBB8FB7C0711146ADAED640B99C68A] - [04/10/2016 03:14:55] - |A| - [222720] - C:\WINDOWS\syswow64\InstallAgentUserBroker.exe [MD5.711F4DEBD633108BCB491912B8B5A496] - [03/10/2016 20:42:23] - |A| - [233648] - C:\WINDOWS\syswow64\iseguard32.dll [MD5.D7703B80051C3E5E5DC438B0546EAC01] - [03/10/2016 21:12:04] - |A| - [838144] - C:\WINDOWS\syswow64\JpMapControl.dll [MD5.887A0C46FCC65DAEC16F3A0D64DB8735] - [03/10/2016 21:12:09] - |A| - [3667456] - C:\WINDOWS\syswow64\jscript9.dll [MD5.CE9D967E2347A05C30E97EA6C0D48143] - [03/10/2016 21:12:09] - |A| - [635904] - C:\WINDOWS\syswow64\jscript9diag.dll [MD5.F34F554AE030BBFDD852A2CA626C1465] - [03/10/2016 21:12:26] - |A| - [45568] - C:\WINDOWS\syswow64\jsproxy.dll [MD5.DCDB83C9FE90EB6390EF0ACDFC83BDA8] - [03/10/2016 21:12:09] - |A| - [755200] - C:\WINDOWS\syswow64\kerberos.dll [MD5.561991B8F47B9835EE172CDD95EEF043] - [04/10/2016 03:13:33] - |A| - [1705976] - C:\WINDOWS\syswow64\KernelBase.dll [MD5.7CB21D73BB04088F9EC6171B4092F477] - [03/10/2016 21:12:12] - |A| - [34304] - C:\WINDOWS\syswow64\LaunchWinApp.exe [MD5.2F3B332345EEA1D125357575062548A9] - [04/10/2016 03:15:23] - |A| - [860512] - C:\WINDOWS\syswow64\LicenseManager.dll [MD5.39F1D5CD489E7CA13B7756B77B2C7F90] - [04/10/2016 03:15:23] - |A| - [57856] - C:\WINDOWS\syswow64\LicenseManagerApi.dll [MD5.A8A1972707EDB245529005D4507CD220] - [03/10/2016 21:12:03] - |A| - [321792] - C:\WINDOWS\syswow64\LockAppHost.exe [MD5.B4AEB4FE33600ED1D75B7211A92F6181] - [04/10/2016 03:15:08] - |A| - [499200] - C:\WINDOWS\syswow64\LogonController.dll [MD5.28DD6E3A216F4425B7E0945904F23655] - [03/10/2016 21:12:04] - |A| - [331264] - C:\WINDOWS\syswow64\MapConfiguration.dll [MD5.CC1FC1B7F0D1913B1FB61952A212DDB5] - [03/10/2016 21:12:04] - |A| - [715264] - C:\WINDOWS\syswow64\MapControlCore.dll [MD5.079208EE62F7D67AA9CB92038C8CB4B1] - [03/10/2016 21:12:04] - |A| - [2560] - C:\WINDOWS\syswow64\MapControlStringsRes.dll [MD5.6E4B127566702816CA86AC572D5E5927] - [03/10/2016 21:12:04] - |A| - [2107392] - C:\WINDOWS\syswow64\MapGeocoder.dll [MD5.5935D04E14F04EE4C910DAF766ACE1C2] - [03/10/2016 21:12:04] - |A| - [2360832] - C:\WINDOWS\syswow64\MapRouter.dll [MD5.4F023C4C31048E9F7C81F7403101F056] - [03/10/2016 21:12:04] - |A| - [116224] - C:\WINDOWS\syswow64\MapsBtSvc.dll [MD5.1735D0E82855250EA8D5A49193AEB4BD] - [04/10/2016 03:14:25] - |A| - [654336] - C:\WINDOWS\syswow64\MbaeApiPublic.dll [MD5.264C793F96201B41E107F759562B81E9] - [04/10/2016 03:14:21] - |A| - [498688] - C:\WINDOWS\syswow64\mbsmsapi.dll [MD5.232C7832A353B7510786194E944E6436] - [04/10/2016 03:12:31] - |A| - [640000] - C:\WINDOWS\syswow64\MCRecvSrc.dll [MD5.9B1CE49762BAAB1DB9D02F98CD5CB984] - [03/10/2016 21:12:05] - |A| - [529928] - C:\WINDOWS\syswow64\mf.dll [MD5.CD21F0E5DC8E2919CC3C4AFC432C0959] - [04/10/2016 03:13:39] - |A| - [3893376] - C:\WINDOWS\syswow64\mfcore.dll [MD5.DA6ECFBB2756C0E2CAD0F007B21C67F0] - [04/10/2016 03:15:12] - |A| - [187392] - C:\WINDOWS\syswow64\mfksproxy.dll [MD5.5AB984D8D0AF94FABF0D9CD24FF26062] - [04/10/2016 03:13:23] - |A| - [3305984] - C:\WINDOWS\syswow64\MFMediaEngine.dll [MD5.ABC62EE7A92EABED1DB81F73FCAC08D4] - [03/10/2016 21:12:06] - |A| - [1853232] - C:\WINDOWS\syswow64\mfmp4srcsnk.dll [MD5.B0CD7232C5E2C16090CB00E575BAB01B] - [04/10/2016 03:13:40] - |A| - [1201872] - C:\WINDOWS\syswow64\mfmpeg2srcsnk.dll [MD5.D9BF9A897C2CADF0AE8049396396FE18] - [04/10/2016 03:13:35] - |A| - [980832] - C:\WINDOWS\syswow64\mfnetcore.dll [MD5.482987D63FFF38BF849991949853E285] - [03/10/2016 21:12:06] - |A| - [1360456] - C:\WINDOWS\syswow64\mfnetsrc.dll [MD5.CB09457715850CD4151F0E3DDEF808B8] - [04/10/2016 03:13:28] - |A| - [1123368] - C:\WINDOWS\syswow64\mfplat.dll [MD5.FF9E058DAC27FCC739884D3DBE43D81F] - [04/10/2016 03:13:21] - |A| - [856872] - C:\WINDOWS\syswow64\mfreadwrite.dll [MD5.56A8784C9FF1F4349EC43942A881C5A4] - [04/10/2016 03:12:04] - |A| - [182784] - C:\WINDOWS\syswow64\mfsensorgroup.dll [MD5.6A5D134DA2F89F5C292D11047DA05DD7] - [04/10/2016 03:13:33] - |A| - [955528] - C:\WINDOWS\syswow64\mfsvr.dll [MD5.6656BFCE4868408604C047E839977C93] - [03/10/2016 21:12:05] - |A| - [110080] - C:\WINDOWS\syswow64\Microsoft-Windows-MapControls.dll [MD5.503C1D01A5C52D01E543E32A8C5C4D77] - [03/10/2016 21:12:05] - |A| - [9216] - C:\WINDOWS\syswow64\Microsoft-Windows-MosHost.dll [MD5.D08A3CF28956D952D854E97981BACB92] - [03/10/2016 21:12:05] - |A| - [9728] - C:\WINDOWS\syswow64\Microsoft-Windows-MosTrace.dll [MD5.67EA83C5B3763C1A6A0A29D3F7605E6E] - [04/10/2016 03:12:36] - |A| - [795648] - C:\WINDOWS\syswow64\MiracastReceiver.dll [MD5.BC2E9CCDDBFF8E468671D9B0766AAB68] - [04/10/2016 03:12:20] - |A| - [2749440] - C:\WINDOWS\syswow64\mispace.dll [MD5.52165927A7B04DF0B7E28901AA70EB76] - [03/10/2016 21:12:05] - |A| - [6109184] - C:\WINDOWS\syswow64\mos.dll [MD5.574215F12BFB5EC2A7011C7383BE443A] - [03/10/2016 21:12:05] - |A| - [58880] - C:\WINDOWS\syswow64\MosHostClient.dll [MD5.72BE3687002C4E2BA3A05604EF5EBDB5] - [03/10/2016 21:12:05] - |A| - [409088] - C:\WINDOWS\syswow64\MosResource.dll [MD5.2576CB441AB886AF104B412D6898EB01] - [03/10/2016 21:12:05] - |A| - [70656] - C:\WINDOWS\syswow64\MosStorage.dll [MD5.A5BF54F4E98F299E661F37F7B4D38545] - [04/10/2016 03:12:03] - |A| - [445952] - C:\WINDOWS\syswow64\mprapi.dll [MD5.E023B64F2EAD9122FB63ED5FF3027820] - [04/10/2016 03:12:40] - |A| - [762368] - C:\WINDOWS\syswow64\mprddm.dll [MD5.35BA17FF927B79EDDEE436ADEB98EF21] - [04/10/2016 03:14:29] - |A| - [431104] - C:\WINDOWS\syswow64\mprdim.dll [MD5.DB3989935A2F31ED9D8A66CD445C4932] - [04/10/2016 03:13:39] - |A| - [209920] - C:\WINDOWS\syswow64\MSAC3ENC.DLL [MD5.A6F88E43D61C03C7B6CE73F4C498F951] - [03/10/2016 21:11:53] - |A| - [2423296] - C:\WINDOWS\syswow64\MSAJApi.dll [MD5.ED335460D76481F8CC8EA0993507AF0A] - [04/10/2016 03:14:47] - |A| - [1264912] - C:\WINDOWS\syswow64\msctf.dll [MD5.00EFFEF27D84B894D4AA7F6BC0E1C116] - [04/10/2016 03:14:35] - |A| - [2740224] - C:\WINDOWS\syswow64\msftedit.dll [MD5.47B575438DA05008B06A07BF76CF3BB3] - [04/10/2016 03:13:58] - |A| - [19416576] - C:\WINDOWS\syswow64\mshtml.dll [MD5.F44F1134552C9B021533F40F46BA1220] - [03/10/2016 21:12:01] - |A| - [2755584] - C:\WINDOWS\syswow64\mshtml.tlb [MD5.FAEA49C46D260C0E93364FDB48284723] - [03/10/2016 21:12:00] - |A| - [81408] - C:\WINDOWS\syswow64\mshtmled.dll [MD5.E649B9DE608BFA72970A8371F6AA732F] - [03/10/2016 21:12:07] - |A| - [2206496] - C:\WINDOWS\syswow64\msmpeg2vdec.dll [MD5.337A6B31AD603C3904276857BAAA1B29] - [04/10/2016 03:12:32] - |A| - [6474752] - C:\WINDOWS\syswow64\mspaint.exe [MD5.2E905623144C8435E6374C27E2CAFA5E] - [04/10/2016 03:12:53] - |A| - [1988096] - C:\WINDOWS\syswow64\mssrch.dll [MD5.6D6FE74D70B04C07802EB5590C62E3E4] - [04/10/2016 03:15:02] - |A| - [3105792] - C:\WINDOWS\syswow64\mstsc.exe [MD5.C8A25EADFB551147C45FC4AA51353C45] - [04/10/2016 03:15:15] - |A| - [7467520] - C:\WINDOWS\syswow64\mstscax.dll [MD5.9B1EC1E64BA2926583DAFEAE71E547ED] - [04/10/2016 03:12:44] - |A| - [340320] - C:\WINDOWS\syswow64\msv1_0.dll [MD5.C89757EBE61118599E3DFC649C2D94D3] - [04/10/2016 03:12:42] - |A| - [1300480] - C:\WINDOWS\syswow64\MSVPXENC.dll [MD5.32181EFBA2C52D18D1EBA2D26FFA7635] - [04/10/2016 03:15:09] - |A| - [1980776] - C:\WINDOWS\syswow64\msxml6.dll [MD5.5E668EB6662982A4722F9EBBA4FA1087] - [03/10/2016 21:12:07] - |A| - [2560] - C:\WINDOWS\syswow64\msxml6r.dll [MD5.040D0566FB8913D08ED0475E94D2C062] - [04/10/2016 03:13:09] - |A| - [816640] - C:\WINDOWS\syswow64\NaturalLanguage6.dll [MD5.A5B7F2417C51F5076784D73211472947] - [04/10/2016 03:11:56] - |A| - [2682880] - C:\WINDOWS\syswow64\netshell.dll [MD5.DF80984D9632D1621CDB6597AFC75445] - [04/10/2016 03:12:52] - |A| - [455168] - C:\WINDOWS\syswow64\NetworkCollectionAgent.dll [MD5.B08D29A36209204059C802806C684C98] - [04/10/2016 03:13:11] - |A| - [518656] - C:\WINDOWS\syswow64\ngccredprov.dll [MD5.EA981D4947642A0C113D68DB524D5805] - [03/10/2016 21:12:05] - |A| - [761344] - C:\WINDOWS\syswow64\NMAA.dll [MD5.C618D56F8AFBD86427EADB111F3267AF] - [03/10/2016 21:12:05] - |A| - [289280] - C:\WINDOWS\syswow64\NmaDirect.dll [MD5.B30936CBACA00F0807B59BB244E3038C] - [04/10/2016 03:12:52] - |A| - [575488] - C:\WINDOWS\syswow64\nshwfp.dll [MD5.8B982DEAA0D365C16BC33F33BB6C5CFA] - [04/10/2016 03:13:26] - |A| - [1570680] - C:\WINDOWS\syswow64\ntdll.dll [MD5.EA1FA95711FDA430BBFE2C30DD04DA93] - [04/10/2016 03:14:08] - |A| - [26112] - C:\WINDOWS\syswow64\odbcconf.dll [MD5.176D2561559683D01F20F8DAA286564F] - [04/10/2016 03:14:26] - |A| - [210432] - C:\WINDOWS\syswow64\offlinesam.dll [MD5.F2711C746D3AD450E6276139F177422D] - [03/10/2016 21:11:55] - |A| - [959104] - C:\WINDOWS\syswow64\ole32.dll [MD5.AF5121AFE8C7EAA52E869B422162A77C] - [04/10/2016 03:11:58] - |A| - [325120] - C:\WINDOWS\syswow64\oleacc.dll [MD5.A53210AC2711617F23300AA955185E12] - [03/10/2016 21:12:07] - |A| - [601200] - C:\WINDOWS\syswow64\oleaut32.dll [MD5.389C005FB7D6BE3D83525B6618C9065A] - [04/10/2016 03:12:34] - |A| - [90112] - C:\WINDOWS\syswow64\olepro32.dll [MD5.5ADA9E0F63AA30EE62FFD35D4F171636] - [03/10/2016 21:12:10] - |A| - [426496] - C:\WINDOWS\syswow64\OneDriveSettingSyncProvider.dll [MD5.748C272726FBC78AA29381D110FB5252] - [04/10/2016 03:14:30] - |A| - [262656] - C:\WINDOWS\syswow64\pdh.dll [MD5.397395AF1AF2430E3B98677B5672BAF4] - [03/10/2016 21:12:12] - |A| - [260096] - C:\WINDOWS\syswow64\Phoneutil.dll [MD5.4287D0E235DAAF930FB161825FB610A0] - [03/10/2016 21:12:12] - |A| - [2560] - C:\WINDOWS\syswow64\PhoneutilRes.dll [MD5.18505EDFB78805A0994CC8F6EA136CFD] - [04/10/2016 03:12:34] - |A| - [343040] - C:\WINDOWS\syswow64\PlayToDevice.dll [MD5.A307E2D4AAD637D2DC761D5797628CF8] - [04/10/2016 03:12:39] - |A| - [400384] - C:\WINDOWS\syswow64\PlayToManager.dll [MD5.6DE95CB8AC04E82716896BDA55B42A5F] - [04/10/2016 03:11:56] - |A| - [220672] - C:\WINDOWS\syswow64\PlayToReceiver.dll [MD5.BDEFEE2A9EA074C3F385E484129FFEED] - [03/10/2016 21:12:13] - |A| - [57344] - C:\WINDOWS\syswow64\POSyncServices.dll [MD5.49C338A0415A9DF3B5A8467AE02230E2] - [04/10/2016 03:13:11] - |A| - [525824] - C:\WINDOWS\syswow64\PrintDialogs.dll [MD5.B9E4139A109BDC9B21D8DB7C0D3091B7] - [04/10/2016 03:12:39] - |A| - [71168] - C:\WINDOWS\syswow64\pwrshplugin.dll [MD5.73FDD16B5C87C1C98E310C85D63940CC] - [03/10/2016 21:11:56] - |A| - [575488] - C:\WINDOWS\syswow64\qdvd.dll [MD5.318908719BC14CDDCBB0BAD30795C320] - [04/10/2016 03:15:11] - |A| - [965472] - C:\WINDOWS\syswow64\ReAgent.dll [MD5.740B1748A7B9F11B5F5852B79EF3302D] - [03/10/2016 21:12:25] - |A| - [298496] - C:\WINDOWS\syswow64\resutils.dll [MD5.B9C8EB9E640CDC19AF08F95F2132F853] - [04/10/2016 03:14:18] - |A| - [355328] - C:\WINDOWS\syswow64\RTMediaFrame.dll [MD5.7D4ED025064030B834B8AADF1BD6E4AC] - [04/10/2016 03:12:38] - |A| - [291840] - C:\WINDOWS\syswow64\Search.ProtocolHandler.MAPI2.dll [MD5.E27C1F78981297D6CA2CEC040158E469] - [04/10/2016 03:12:47] - |A| - [773120] - C:\WINDOWS\syswow64\SearchIndexer.exe [MD5.B8C48512F5A90C73664D9E0E007D77F6] - [04/10/2016 03:12:36] - |A| - [297472] - C:\WINDOWS\syswow64\SearchProtocolHost.exe [MD5.EB4F3BDE38ABF0AEECDFEA76E2CB1EFF] - [04/10/2016 03:12:05] - |A| - [331776] - C:\WINDOWS\syswow64\SessEnv.dll [MD5.9C2EEE789125E9D68131922ED7CC8B29] - [03/10/2016 21:12:27] - |A| - [444416] - C:\WINDOWS\syswow64\SettingSync.dll [MD5.27AC95586AFF51433B70210F80861C0F] - [03/10/2016 21:12:10] - |A| - [860672] - C:\WINDOWS\syswow64\SettingSyncCore.dll [MD5.7026F563648DDBC9A7D893F1EAF31583] - [03/10/2016 21:12:10] - |A| - [509792] - C:\WINDOWS\syswow64\SettingSyncHost.exe [MD5.C216C56E5356D088D32FB41239F549FD] - [04/10/2016 03:12:36] - |A| - [114176] - C:\WINDOWS\syswow64\setupugc.exe [MD5.03DD2B269AB0504305A5FB8AE4983A50] - [04/10/2016 03:12:03] - |A| - [566784] - C:\WINDOWS\syswow64\ShareHost.dll [MD5.2D946FCD57892C60DF07FBAC67AD00B4] - [04/10/2016 03:14:00] - |A| - [20965248] - C:\WINDOWS\syswow64\shell32.dll [MD5.71C635D7796D394138BFFBB8C2559CFB] - [04/10/2016 03:11:53] - |A| - [20992] - C:\WINDOWS\syswow64\smphost.dll [MD5.1B68889A8F9CB1D944B1BEBC7302CA37] - [04/10/2016 03:14:25] - |A| - [413184] - C:\WINDOWS\syswow64\SndVolSSO.dll [MD5.BE987870794E884E2DC2E9FB97F9134A] - [04/10/2016 03:14:19] - |A| - [466432] - C:\WINDOWS\syswow64\sppcext.dll [MD5.D45DF2552C3C38024D4CADE4EBED061A] - [03/10/2016 21:12:03] - |A| - [117240] - C:\WINDOWS\syswow64\sspicli.dll [MD5.D18A9480D3A50F926E08DB3D927ED8E6] - [04/10/2016 03:12:20] - |A| - [2153984] - C:\WINDOWS\syswow64\storagewmi.dll [MD5.3A1171283E2D32B9F18A12A994F36CB8] - [04/10/2016 03:15:01] - |A| - [554496] - C:\WINDOWS\syswow64\StoreAgent.dll [MD5.06130C0BB49B96AC28FE3370CFEC9309] - [04/10/2016 03:13:19] - |A| - [237056] - C:\WINDOWS\syswow64\SyncSettings.dll [MD5.67F78CED365A114640884FDED6A8E0C5] - [04/10/2016 03:12:52] - |A| - [554496] - C:\WINDOWS\syswow64\tdh.dll [MD5.89E10A5693B42BA18D35783525CB893F] - [04/10/2016 03:15:13] - |A| - [67584] - C:\WINDOWS\syswow64\TempSignedLicenseExchangeTask.dll [MD5.B98A6C01BC02414BC8A5F7F49B9A795C] - [04/10/2016 03:13:27] - |A| - [691200] - C:\WINDOWS\syswow64\TokenBroker.dll [MD5.D7CAA6336723CDAF3446929AA807C40D] - [04/10/2016 03:12:40] - |A| - [448512] - C:\WINDOWS\syswow64\TpmCoreProvisioning.dll [MD5.90DA8E97BA2DF9FD1D8262DD59AF0775] - [04/10/2016 03:12:55] - |A| - [2642944] - C:\WINDOWS\syswow64\tquery.dll [MD5.6D30009326E05BCBC04D1F3C6F011CC8] - [04/10/2016 03:13:24] - |A| - [361104] - C:\WINDOWS\syswow64\tsmf.dll [MD5.F23B8E2709850767A1E70933B8AE1900] - [04/10/2016 03:14:17] - |A| - [783360] - C:\WINDOWS\syswow64\TSWorkspace.dll [MD5.046C293B4A3A2FC51CC7152495827F29] - [04/10/2016 03:13:37] - |A| - [975744] - C:\WINDOWS\syswow64\twinapi.appcore.dll [MD5.C8BEDBE56B5FA5B128297DD2A1682B4B] - [04/10/2016 03:13:24] - |A| - [827904] - C:\WINDOWS\syswow64\twinui.appcore.dll [MD5.83FD6416AE08F88B05E58A7E2444CD6C] - [04/10/2016 03:13:07] - |A| - [7625728] - C:\WINDOWS\syswow64\twinui.dll [MD5.BD9E37B44AD50E435B0E2B1058F48C89] - [03/10/2016 21:11:58] - |A| - [2560] - C:\WINDOWS\syswow64\tzres.dll [MD5.F91A99305E0162517DDE1DDCEBC881CA] - [04/10/2016 03:13:10] - |A| - [1358336] - C:\WINDOWS\syswow64\UIAutomationCore.dll [MD5.B7C1BB2ED570BAC19DB1706844C99C3C] - [04/10/2016 03:11:53] - |A| - [584192] - C:\WINDOWS\syswow64\UIRibbonRes.dll [MD5.FB2251873449D7B9948555DD650CFEA5] - [04/10/2016 03:12:31] - |A| - [255488] - C:\WINDOWS\syswow64\unimdm.tsp [MD5.11D868C39B848F1F5EEE2345FE4D01E3] - [04/10/2016 03:15:14] - |A| - [545792] - C:\WINDOWS\syswow64\uReFS.dll [MD5.B96C14CCFCD93FF5CE8385597B23B797] - [04/10/2016 03:14:40] - |A| - [1595904] - C:\WINDOWS\syswow64\urlmon.dll [MD5.533E0CA205CE52DC0E1BB31F9895F455] - [03/10/2016 21:12:27] - |A| - [1228288] - C:\WINDOWS\syswow64\usercpl.dll [MD5.E8F8456B3E763449A80477E790E7D2EB] - [03/10/2016 21:12:13] - |A| - [8192] - C:\WINDOWS\syswow64\UserDataAccessRes.dll [MD5.4E52EEB4BCE247E2827BF3CF31D41010] - [04/10/2016 03:15:06] - |A| - [299520] - C:\WINDOWS\syswow64\UserDataAccountApis.dll [MD5.069737BD87ACD7E070DC1B9FF5E8A40E] - [03/10/2016 21:12:13] - |A| - [37888] - C:\WINDOWS\syswow64\UserDataLanguageUtil.dll [MD5.7125B3879C393E14070E6D262A7C39CA] - [03/10/2016 21:12:13] - |A| - [55808] - C:\WINDOWS\syswow64\UserDataPlatformHelperUtil.dll [MD5.BC00BBCC9D45B581175D0FC8466FCCC6] - [04/10/2016 03:15:06] - |A| - [94720] - C:\WINDOWS\syswow64\UserDataTimeUtil.dll [MD5.79F3B1B6C2AE6A655C57DB32A0DE7A34] - [03/10/2016 21:12:13] - |A| - [38400] - C:\WINDOWS\syswow64\UserDataTypeHelperUtil.dll [MD5.0CCFB89037932F8A9384D8A773CCB9F0] - [04/10/2016 03:13:14] - |A| - [156672] - C:\WINDOWS\syswow64\UserDeviceRegistration.dll [MD5.26FB98C0F2816FF4B0A813C5B8E26A8D] - [04/10/2016 03:13:09] - |A| - [88576] - C:\WINDOWS\syswow64\UserDeviceRegistration.Ngc.dll [MD5.867E1ADC5505979D05B94E2A4E7F0C2F] - [04/10/2016 03:11:55] - |A| - [184320] - C:\WINDOWS\syswow64\UserMgrProxy.dll [MD5.F096ACC9EE737E087D16B294AF968E54] - [03/10/2016 21:12:09] - |A| - [508416] - C:\WINDOWS\syswow64\vbscript.dll [MD5.16D4E494EFE58C5CC837E0C088FFB01E] - [03/10/2016 21:12:13] - |A| - [147456] - C:\WINDOWS\syswow64\VCardParser.dll [MD5.56EAAD601833231995F809A4B671151E] - [03/10/2016 21:12:27] - |A| - [846336] - C:\WINDOWS\syswow64\WebcamUi.dll [MD5.BEFED197AE9153766F7304650368F3D8] - [04/10/2016 03:14:26] - |A| - [461312] - C:\WINDOWS\syswow64\webio.dll [MD5.55336C6F59AD2162F9DBF877395B85B6] - [03/10/2016 21:12:16] - |A| - [150528] - C:\WINDOWS\syswow64\win32k.sys [MD5.8FADBD11517E5E870C95F5674A25F9A0] - [04/10/2016 03:13:05] - |A| - [2999296] - C:\WINDOWS\syswow64\win32kfull.sys [MD5.9D8F7BD41657B515DD46C7BF90A26CDB] - [03/10/2016 21:12:16] - |A| - [79536] - C:\WINDOWS\syswow64\win32u.dll [MD5.2FA12C1923E129B6CBAB600F125B4EEF] - [04/10/2016 03:13:15] - |A| - [653312] - C:\WINDOWS\syswow64\Windows.AccountsControl.dll [MD5.155E1183CFC4CD4CE62875F47A745407] - [04/10/2016 03:13:16] - |A| - [92672] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Background.SystemEventsBroker.dll [MD5.56E8B944288B77E3481C24C3A5316294] - [04/10/2016 03:12:32] - |A| - [115712] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Core.dll [MD5.9B198068462F143A7C1DEAA6B9B0993B] - [04/10/2016 03:13:12] - |A| - [284672] - C:\WINDOWS\syswow64\Windows.ApplicationModel.dll [MD5.AE6D55E743EB5140A79630987A71130E] - [04/10/2016 03:13:13] - |A| - [231936] - C:\WINDOWS\syswow64\Windows.ApplicationModel.LockScreen.dll [MD5.553CDC0B2232AF101281F3A75E7D8D62] - [04/10/2016 03:15:20] - |A| - [1430720] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Store.dll [MD5.666718B73FBA8425815B7AC51D7A22C8] - [03/10/2016 21:12:12] - |A| - [253952] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Store.TestingFramework.dll [MD5.72824D352825C76B0AE639DAAA61D877] - [04/10/2016 03:14:18] - |A| - [426496] - C:\WINDOWS\syswow64\Windows.ApplicationModel.Wallet.dll [MD5.80EEFD9F53F24D248A46634E607151A3] - [04/10/2016 03:12:17] - |A| - [5683712] - C:\WINDOWS\syswow64\Windows.Data.Pdf.dll [MD5.AA12867144B299BA344B6E7DEE2A3133] - [04/10/2016 03:11:57] - |A| - [483840] - C:\WINDOWS\syswow64\Windows.Devices.AllJoyn.dll [MD5.824E99FAD1B457D1753E3AE0FA41F845] - [04/10/2016 03:13:28] - |A| - [901120] - C:\WINDOWS\syswow64\Windows.Devices.Bluetooth.dll [MD5.6959172CC46EBE3A158CBB5FE40938DF] - [04/10/2016 03:14:18] - |A| - [202752] - C:\WINDOWS\syswow64\Windows.Devices.HumanInterfaceDevice.dll [MD5.E22A6E6424CE5BFFDF9357D4961B7C24] - [04/10/2016 03:15:00] - |A| - [374784] - C:\WINDOWS\syswow64\Windows.Devices.LowLevel.dll [MD5.38546B22920450AEBE747537F3287600] - [04/10/2016 03:14:19] - |A| - [348160] - C:\WINDOWS\syswow64\Windows.Devices.Midi.dll [MD5.776B4137E0A20601C617716B26C2A30D] - [04/10/2016 03:11:58] - |A| - [1656320] - C:\WINDOWS\syswow64\Windows.Devices.Perception.dll [MD5.54A2A854570BCD29D2F04CAD807D9AC1] - [04/10/2016 03:12:35] - |A| - [262144] - C:\WINDOWS\syswow64\Windows.Devices.Picker.dll [MD5.211AD9C29DE67B6FF98EAFCC1A2BCAB8] - [04/10/2016 03:13:14] - |A| - [670208] - C:\WINDOWS\syswow64\Windows.Devices.PointOfService.dll [MD5.67A8E7EBE72E45AEFB3DFF4DA1543487] - [04/10/2016 03:11:54] - |A| - [141824] - C:\WINDOWS\syswow64\Windows.Devices.Radios.dll [MD5.E2C0D5D876A6ACE353471963BBF46FB4] - [04/10/2016 03:14:18] - |A| - [175616] - C:\WINDOWS\syswow64\Windows.Devices.Scanners.dll [MD5.659F045DBD05A1B8962F5C6FBA863732] - [04/10/2016 03:13:22] - |A| - [589312] - C:\WINDOWS\syswow64\Windows.Devices.Sensors.dll [MD5.2E0A0404B89E83E15A32C18CA27B8877] - [04/10/2016 03:12:32] - |A| - [129024] - C:\WINDOWS\syswow64\Windows.Devices.SerialCommunication.dll [MD5.3ACFCE37075AEE76B293D9A7485729EB] - [04/10/2016 03:13:12] - |A| - [562176] - C:\WINDOWS\syswow64\Windows.Devices.SmartCards.dll [MD5.6AD23635040706D5E7E375D7B6186E32] - [04/10/2016 03:15:00] - |A| - [314368] - C:\WINDOWS\syswow64\Windows.Devices.Usb.dll [MD5.8BFC15195BF40FAD4A14EEAC6C82E2B5] - [04/10/2016 03:11:54] - |A| - [142336] - C:\WINDOWS\syswow64\Windows.Devices.WiFi.dll [MD5.DCB93A31F470B3DC4CAAC4DBA0A9EAE3] - [04/10/2016 03:12:38] - |A| - [386048] - C:\WINDOWS\syswow64\Windows.Devices.WiFiDirect.dll [MD5.2A4D9D8DCCE9E92D5DE223AB1D7CAB76] - [04/10/2016 03:13:08] - |A| - [134656] - C:\WINDOWS\syswow64\Windows.Energy.dll [MD5.E0EDD653D07F5F391673204533C8ECD2] - [04/10/2016 03:11:58] - |A| - [392192] - C:\WINDOWS\syswow64\Windows.Gaming.Input.dll [MD5.AF33AF6B6562F43D00AACC520BEDDB20] - [04/10/2016 03:11:56] - |A| - [315904] - C:\WINDOWS\syswow64\Windows.Gaming.XboxLive.Storage.dll [MD5.ECF8CF3FD78CE7A033ECAC0ABD07F6AA] - [04/10/2016 03:12:00] - |A| - [1247232] - C:\WINDOWS\syswow64\Windows.Globalization.dll [MD5.73CB6A4551A7566B5FD4C1480FF3F061] - [04/10/2016 03:14:59] - |A| - [1534464] - C:\WINDOWS\syswow64\Windows.Graphics.Printing.3D.dll [MD5.4D83D1C87F958AD448A4D1AE0875D3A2] - [04/10/2016 03:11:57] - |A| - [500224] - C:\WINDOWS\syswow64\Windows.Graphics.Printing.dll [MD5.15B51F7EEE8AA16B045905558114BAB5] - [04/10/2016 03:13:23] - |A| - [332288] - C:\WINDOWS\syswow64\Windows.Internal.Bluetooth.dll [MD5.079AE85822BE916A0688FADC3AE2AAAA] - [04/10/2016 03:12:34] - |A| - [298496] - C:\WINDOWS\syswow64\Windows.Internal.Management.dll [MD5.B5922C654E13FA2F21DC2879477F7A31] - [03/10/2016 21:11:58] - |A| - [104448] - C:\WINDOWS\syswow64\Windows.Internal.UI.Logon.ProxyStub.dll [MD5.6EAFC2EAB76BEA9A15B54C23E1F71D4A] - [04/10/2016 03:13:15] - |A| - [1220608] - C:\WINDOWS\syswow64\Windows.Media.Audio.dll [MD5.01890F1047C7C0F0943BA34E4460625A] - [04/10/2016 03:12:06] - |A| - [471552] - C:\WINDOWS\syswow64\Windows.Media.BackgroundMediaPlayback.dll [MD5.399CCB5D4B2B3200197B7CC93164AFBD] - [04/10/2016 03:13:30] - |A| - [4612608] - C:\WINDOWS\syswow64\Windows.Media.dll [MD5.6CD14904F0BC72877136ABD004FE594A] - [04/10/2016 03:13:24] - |A| - [1077760] - C:\WINDOWS\syswow64\Windows.Media.Editing.dll [MD5.092F0757DBE76132E9C16F1B8466B00E] - [04/10/2016 03:15:03] - |A| - [1243136] - C:\WINDOWS\syswow64\Windows.Media.FaceAnalysis.dll [MD5.3C56B9F75BD3FC947A0715D3C19DE1CD] - [04/10/2016 03:11:56] - |A| - [609280] - C:\WINDOWS\syswow64\Windows.Media.Import.dll [MD5.B4D1D6F1F80E72CA01EA93F00698334F] - [04/10/2016 03:13:10] - |A| - [747520] - C:\WINDOWS\syswow64\Windows.Media.Ocr.dll [MD5.77634567FDB033F23C049FDFF1885B74] - [04/10/2016 03:12:06] - |A| - [470016] - C:\WINDOWS\syswow64\Windows.Media.Playback.BackgroundMediaPlayer.dll [MD5.39D3D8B9FBEE5C7BE2046C07D0DB2F28] - [04/10/2016 03:12:13] - |A| - [459776] - C:\WINDOWS\syswow64\Windows.Media.Playback.MediaPlayer.dll [MD5.64C03F55172996A4E954CD8431C5C06E] - [04/10/2016 03:12:30] - |A| - [6654616] - C:\WINDOWS\syswow64\Windows.Media.Protection.PlayReady.dll [MD5.82FBEE82DC65B8142C0F75610C58FF53] - [04/10/2016 03:15:22] - |A| - [1170944] - C:\WINDOWS\syswow64\Windows.Media.Speech.dll [MD5.0EAD3D8A5C2FA2F9FECCAEE761DAB507] - [04/10/2016 03:15:21] - |A| - [568832] - C:\WINDOWS\syswow64\Windows.Media.Speech.UXRes.dll [MD5.F5E677316259341EEE87FD29B82CB73F] - [03/10/2016 21:12:05] - |A| - [895488] - C:\WINDOWS\syswow64\Windows.Media.Streaming.dll [MD5.8613F8CC77D77ECF62C1CD6104A8142C] - [04/10/2016 03:14:59] - |A| - [751104] - C:\WINDOWS\syswow64\Windows.Networking.BackgroundTransfer.dll [MD5.0F44EF515AE0F97CBBF073AC67A94FF2] - [04/10/2016 03:15:09] - |A| - [674304] - C:\WINDOWS\syswow64\Windows.Networking.dll [MD5.F538A3597C02713E21FFBDE5774A8C8F] - [04/10/2016 03:11:57] - |A| - [87040] - C:\WINDOWS\syswow64\Windows.Networking.ServiceDiscovery.Dnssd.dll [MD5.C418D3B0A309E883633B41C879958EB8] - [04/10/2016 03:14:17] - |A| - [265728] - C:\WINDOWS\syswow64\Windows.Perception.Stub.dll [MD5.3F65C6125E234FFB19702384B98B55FD] - [04/10/2016 03:12:00] - |A| - [185856] - C:\WINDOWS\syswow64\Windows.Security.Authentication.Identity.Provider.dll [MD5.B30EF73AC4993A1B2D540B0B9E5D3978] - [03/10/2016 21:12:14] - |A| - [47104] - C:\WINDOWS\syswow64\Windows.Shell.Search.UriHandler.dll [MD5.3D549518A15CEC18447A7D71BC4A206C] - [04/10/2016 03:12:09] - |A| - [3369984] - C:\WINDOWS\syswow64\Windows.StateRepository.dll [MD5.DB29498874A1ADD88D8CFA666B95D7DD] - [04/10/2016 03:11:53] - |A| - [94208] - C:\WINDOWS\syswow64\Windows.StateRepositoryClient.dll [MD5.596D007ABF069D5F46D1E1B2F9A89D1D] - [04/10/2016 03:13:22] - |A| - [262960] - C:\WINDOWS\syswow64\Windows.Storage.ApplicationData.dll [MD5.9256F3FB5DDCAD7DDCA86689866E907F] - [04/10/2016 03:13:00] - |A| - [5722320] - C:\WINDOWS\syswow64\windows.storage.dll [MD5.8377F990F7240DB76D572EB82E8D6C0A] - [04/10/2016 03:13:08] - |A| - [59904] - C:\WINDOWS\syswow64\Windows.System.UserDeviceAssociation.dll [MD5.596152E3166D97782FB9A724CAE4FC79] - [03/10/2016 21:12:13] - |A| - [253952] - C:\WINDOWS\syswow64\Windows.UI.BioFeedback.dll [MD5.4D9244DE98B45DA1E285189D422F32D0] - [03/10/2016 21:12:13] - |A| - [285184] - C:\WINDOWS\syswow64\Windows.UI.BlockedShutdown.dll [MD5.F4AEED76A0758813E9504F3D8731EFF8] - [03/10/2016 21:12:13] - |A| - [866816] - C:\WINDOWS\syswow64\Windows.UI.Cred.dll [MD5.C6B65E0222EDFC4BE949FFFBF299E2DC] - [04/10/2016 03:15:13] - |A| - [213504] - C:\WINDOWS\syswow64\Windows.UI.CredDialogController.dll [MD5.77167E2B35AE046D4F978EE7900675A7] - [04/10/2016 03:12:35] - |A| - [620544] - C:\WINDOWS\syswow64\Windows.UI.dll [MD5.82EAA0F38238DFB086DF42575C4A3987] - [03/10/2016 21:12:16] - |A| - [1556992] - C:\WINDOWS\syswow64\Windows.UI.Immersive.dll [MD5.D4EB622F728BBF7BDD4EC45C7FB16884] - [04/10/2016 03:12:42] - |A| - [1004544] - C:\WINDOWS\syswow64\Windows.UI.Input.Inking.dll [MD5.D46B2BD2F5C385C502E947976F32317F] - [04/10/2016 03:14:56] - |A| - [1880576] - C:\WINDOWS\syswow64\Windows.UI.Logon.dll [MD5.30B794FC6A1CD184D328803EE1BA1715] - [04/10/2016 03:13:28] - |A| - [711168] - C:\WINDOWS\syswow64\Windows.UI.Search.dll [MD5.2F742E62CE8B03FEE742FA0C9F270162] - [03/10/2016 21:11:56] - |A| - [13867520] - C:\WINDOWS\syswow64\Windows.UI.Xaml.dll [MD5.994630F1E7463A3C654B5CCD8E6EB5F8] - [04/10/2016 03:12:41] - |A| - [468992] - C:\WINDOWS\syswow64\Windows.UI.Xaml.InkControls.dll [MD5.05DC985D7E1B32A8B58D75191A5A89D7] - [04/10/2016 03:12:39] - |A| - [1232384] - C:\WINDOWS\syswow64\Windows.UI.Xaml.Maps.dll [MD5.CA6703B4EE50E48AE4B0F21B33C5194D] - [04/10/2016 03:12:39] - |A| - [1170944] - C:\WINDOWS\syswow64\Windows.UI.Xaml.Phone.dll [MD5.9A435497B368358CC7A73113E5C43A15] - [03/10/2016 21:11:57] - |A| - [1631232] - C:\WINDOWS\syswow64\Windows.UI.Xaml.Resources.dll [MD5.8A31D03B8F833E400FD9D8B7EF845952] - [04/10/2016 03:14:16] - |A| - [177664] - C:\WINDOWS\syswow64\Windows.Web.Diagnostics.dll [MD5.FE8F45BB97F00759BBB632BF5010354F] - [04/10/2016 03:15:11] - |A| - [598528] - C:\WINDOWS\syswow64\Windows.Web.dll [MD5.0CF2EA817EEA61047C22C7BFDE36782E] - [04/10/2016 03:15:06] - |A| - [1013248] - C:\WINDOWS\syswow64\Windows.Web.Http.dll [MD5.FAED5779B7E914AB5C571EBC866403D8] - [04/10/2016 03:13:22] - |A| - [1503032] - C:\WINDOWS\syswow64\WindowsCodecs.dll [MD5.1E59C5A5365831968BDFA029A470FA06] - [04/10/2016 03:14:38] - |A| - [2254848] - C:\WINDOWS\syswow64\wininet.dll [MD5.3E7DF95A65E1A6EC036763B0413C8B92] - [03/10/2016 21:12:16] - |A| - [1557296] - C:\WINDOWS\syswow64\winmde.dll [MD5.1CD06F3C0D13D21613E8D29B587E4003] - [04/10/2016 03:12:33] - |A| - [136192] - C:\WINDOWS\syswow64\WinRtTracing.dll [MD5.BA75718D04444071A74AFABADD0BB89B] - [04/10/2016 03:12:06] - |A| - [272720] - C:\WINDOWS\syswow64\wintrust.dll [MD5.4FD465F99F352615CD2E07E20064B7A5] - [04/10/2016 03:14:27] - |A| - [846560] - C:\WINDOWS\syswow64\WinTypes.dll [MD5.AE7114623D386C0FFA252CFA973C1CB6] - [04/10/2016 03:14:22] - |A| - [248832] - C:\WINDOWS\syswow64\wlancfg.dll [MD5.58D4AF4DE2C326F129DDE93909FB2066] - [04/10/2016 03:15:27] - |A| - [12345856] - C:\WINDOWS\syswow64\wmp.dll [MD5.A16F26BA3232C1FD4529FF990B7C197C] - [03/10/2016 21:12:16] - |A| - [1293312] - C:\WINDOWS\syswow64\WMPDMC.exe [MD5.389A5D051A6E5038BA10366968C1D649] - [03/10/2016 21:12:14] - |A| - [1362504] - C:\WINDOWS\syswow64\wmpmde.dll [MD5.5C68939CE3B09718DF34380A013C7C9B] - [04/10/2016 03:13:29] - |A| - [661504] - C:\WINDOWS\syswow64\WpcWebFilter.dll [MD5.96AF2C9585EA7A84FD2326002F96D5AD] - [04/10/2016 03:14:16] - |A| - [713216] - C:\WINDOWS\syswow64\wpnapps.dll [MD5.7A262815259F912431813FEF6C2F8E0B] - [04/10/2016 03:12:48] - |A| - [402352] - C:\WINDOWS\syswow64\ws2_32.dll [MD5.10AE25300FF177C8725AB13E4D10EE66] - [04/10/2016 03:15:12] - |A| - [33280] - C:\WINDOWS\syswow64\WSManHTTPConfig.exe [MD5.AA1CAD8C1E42BF4B22EDA46702CEBFE9] - [04/10/2016 03:15:00] - |A| - [2333184] - C:\WINDOWS\syswow64\WsmSvc.dll [MD5.801537DDEA8A0EF10EB8D55C6693A638] - [04/10/2016 03:12:52] - |A| - [1321472] - C:\WINDOWS\syswow64\wsp_fs.dll [MD5.33F263E25CF9384ACF07A0C1DDF4C0EA] - [04/10/2016 03:12:50] - |A| - [1112576] - C:\WINDOWS\syswow64\wsp_health.dll [MD5.954BE4CC16664CB8A4AF35F2B2CB39A0] - [04/10/2016 03:12:56] - |A| - [719872] - C:\WINDOWS\syswow64\wsp_sr.dll [MD5.564A0E1F9650DAFFDC7A12F1D3C8BC0A] - [04/10/2016 03:11:56] - |A| - [218624] - C:\WINDOWS\syswow64\WwaApi.dll [MD5.EABD32261BCF4591B2E4FD68346A6A10] - [03/10/2016 21:12:16] - |A| - [782176] - C:\WINDOWS\syswow64\WWAHost.exe [MD5.9B0616BDFBAA7342F415A0D66E32486F] - [04/10/2016 03:12:02] - |A| - [433832] - C:\WINDOWS\syswow64\WWanAPI.dll [MD5.EC564AE201F3DFE6EA84AF0FBB6C784A] - [04/10/2016 03:12:08] - |A| - [3520512] - C:\WINDOWS\syswow64\xpsrchvw.exe ---------- | Drives P: N: L: [21/02/2016 19:04:14] - |A| - (.Copyright © 1999-2012 - BASS.) - [105528] - (2.4.9.0) - L:\bass.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2005-2012 by radio42: Bernd Niedergesaess, Germany. http://www.bass.radio42.com/ - bn@radio42.com - BASS.NET API for .Net.) - [638976] - (2.4.9.1) - L:\Bass.Net.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2003-2009 - BASSCD.) - [17472] - (2.4.2.0) - L:\basscd.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2004-2009 - BASSFLAC.) - [24640] - (2.4.0.3) - L:\bassflac.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2005-2009 - BASSmix.) - [16448] - (2.4.2.0) - L:\bassmix.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2012 - BASSOPUS.) - [53816] - (2.4.0.0) - L:\bassopus.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2002-2010 - BASSWMA.) - [17472] - (2.4.4.0) - L:\basswma.dll [21/02/2016 19:04:14] - |A| - (.Copyright © 2007-2009 - BASSWV.) - [28224] - (2.4.1.3) - L:\basswv.dll [21/02/2016 19:04:14] - |A| - (.2003-2006, MaresWEB - Apple Lossless Audio Codec add-on for the BASS library.) - [9416] - (2.4.3.0) - L:\bass_alac.dll [21/02/2016 19:04:14] - |A| - (.2003-2006, MaresWEB - Monkey's Audio add-on for the BASS library.) - [33624] - (2.4.0.4) - L:\bass_ape.dll [21/02/2016 19:04:14] - |A| - (.2003-2006, MaresWEB - Musepack add-on for the BASS library.) - [21320] - (2.4.1.0) - L:\bass_mpc.dll [15/03/2016 19:18:10] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBXPExt.) - [69120] - (4.5.6.6059) - L:\CDBXP.dll [21/02/2016 19:04:14] - |A| - (.-.) - [337408] - (13.0.0.0) - L:\LogicNP.FolderView.dll [21/02/2016 19:04:14] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2015. - StarBurn CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3235200] - (15.5.1.4144) - L:\StarBurn.dll [30/09/2016 12:32:50] - |A| - (.-.) - [885317632] - (0.0.0.0) - L:\CyberLinkPowerDirectorUltimateSuite15.0_Trial_PUS160812-01_TR160908-003.exe [08/09/2016 16:11:34] - |A| - (. - .) - [18732264] - (1.6.0.0) - L:\OneKeyPro.exe [29/09/2016 00:15:18] - |A| - (.2004-2016 Rare Ideas, LLC - Start PortableApps.com.) - [1428736] - (14.2.0.0) - L:\Start.exe [09/09/2016 16:29:07] - |A| - (.Copyright © 2005-2016 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Free Setup .) - [119671960] - (9.2.0.0) - L:\tb_free.exe [10/07/2016 19:01:41] - |A| - (.-.) - [4248] - (0.0.0.0) - L:\0x0404.ini [10/07/2016 19:01:41] - |A| - (.-.) - [7094] - (0.0.0.0) - L:\0x0407.ini [10/07/2016 19:01:41] - |A| - (.-.) - [6129] - (0.0.0.0) - L:\0x0409.ini [10/07/2016 19:01:41] - |A| - (.-.) - [7022] - (0.0.0.0) - L:\0x040a.ini [10/07/2016 19:01:41] - |A| - (.-.) - [7242] - (0.0.0.0) - L:\0x040c.ini [10/07/2016 19:01:41] - |A| - (.-.) - [6897] - (0.0.0.0) - L:\0x0410.ini [10/07/2016 19:01:41] - |A| - (.-.) - [6623] - (0.0.0.0) - L:\0x0411.ini [10/07/2016 19:01:42] - |A| - (.-.) - [5724] - (0.0.0.0) - L:\0x0412.ini [10/07/2016 19:01:42] - |A| - (.-.) - [4315] - (0.0.0.0) - L:\0x0804.ini [11/07/2016 08:44:52] - |A| - (.-.) - [5504] - (0.0.0.0) - L:\a2settings.ini [11/07/2016 08:44:52] - |A| - (.-.) - [64] - (0.0.0.0) - L:\a2whitelist.ini [22/09/2016 17:47:37] - |A| - (.-.) - [1370] - (0.0.0.0) - L:\ampa.ini [11/04/2010 13:02:38] - |A| - (.-.) - [24] - (0.0.0.0) - L:\Config.ini [10/07/2016 19:10:42] - |A| - (.-.) - [142] - (0.0.0.0) - L:\Custom.ini [10/07/2016 19:31:48] - |A| - (.-.) - [40] - (0.0.0.0) - L:\Define.ini [18/07/2016 18:18:04] - |A| - (.-.) - [282] - (0.0.0.0) - L:\desktop(1).ini [10/07/2016 19:31:48] - |A| - (.-.) - [282] - (0.0.0.0) - L:\desktop_FromLFS_ULTRA.ini [18/04/2026 19:29:05] - |A| - (.-.) - [2141] - (0.0.0.0) - L:\Framakey.ini [10/07/2016 19:39:27] - |A| - (.-.) - [101] - (0.0.0.0) - L:\info.ini [09/08/2016 16:00:26] - |A| - (.-.) - [44] - (0.0.0.0) - L:\language.ini [11/07/2016 09:24:15] - |A| - (.-.) - [0] - (0.0.0.0) - L:\LogAnalyZer.ini [10/07/2016 19:44:47] - |A| - (.-.) - [1953] - (0.0.0.0) - L:\Setup.ini [05/09/2016 07:00:53] - |A| - (.-.) - [184] - (0.0.0.0) - L:\SFR_Setup.ini [10/07/2016 19:48:12] - |A| - (.-.) - [208] - (0.0.0.0) - L:\ureg.ini [12/05/2016 12:06:17] - |A| - (.-.) - [1598] - (0.0.0.0) - L:\UserSettings.ini [11/07/2016 09:32:19] - |A| - (.-.) - [27] - (0.0.0.0) - L:\VTU.ini F: [03/05/2016 20:42:18] - |R| - (.-.) - [1725064] - (11.1.5152.0) - F:\Adaware_Installer.exe [22/08/2016 20:15:17] - |R| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1064376] - (2.9.1.7325) - F:\CyberLink_Power2Go_Downloader.exe [15/08/2016 08:07:06] - |R| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1040152] - (2.9.1.6109) - F:\CyberLink_PresenterLinkPlus_Downloader.exe [22/08/2016 08:35:06] - |R| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1040152] - (2.9.1.6109) - F:\CyberLink_VideoMeetingPlus_Downloader.exe [08/09/2016 16:11:34] - |R| - (. - .) - [18732264] - (1.6.0.0) - F:\OneKeyPro.exe D: [12/10/2016 20:51:13] - |A| - (.-.) - [240] - (0.0.0.0) - D:\autorun.inf ---------- | C: [31/08/2016 13:42:08] - |D| - [249727] - C:\$GetCurrent [30/10/2015 09:24:24] - |SHD| - [258] - C:\$Recycle.Bin [MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 16:29:29] - |N| - (.-.) - [0] - (0.0.0.0) - C:\$WINRE_BACKUP_PARTITION.MARKER [13/10/2016 09:46:16] - |D| - [0] - C:\AdsFix [13/10/2016 08:03:03] - |D| - [1117605] - C:\AdwCleaner [28/08/2016 12:52:26] - |D| - [533959061] - C:\AMD [MD5.6EDDBF2C3B77EAEB6E2EB186EA0FE96F] - [08/09/2016 15:19:54] - |H| - (.-.) - [1024] - (0.0.0.0) - C:\AMTAG.BIN [08/09/2016 20:15:19] - |D| - [1119216000] - C:\Aomei [02/08/2012 04:02:18] - |SHD| - [18199836] - C:\Boot [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |N| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [31/08/2016 13:31:56] - |D| - [1415088] - C:\Config.Msi [26/07/2012 09:22:08] - |SHD| - [0] - C:\Documents and Settings [06/09/2016 20:41:46] - |D| - [0] - C:\EverySync [MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/09/2016 15:24:11] - |ASH| - (.-.) - [1535000576] - (0.0.0.0) - C:\hiberfil.sys [07/01/2013 13:49:41] - |D| - [4053232] - C:\hp [01/08/2012 19:09:20] - |D| - [61626] - C:\inetpub [MD5.D732BFF172B1A8378DD4E6892C4AED1E] - [13/10/2016 11:46:09] - |A| - (.-.) - [35055] - (0.0.0.0) - C:\Look_my_hardware.tmp [MD5.39B2C190F5BC73672F50BF2C5BEE8C95] - [09/09/2016 06:48:52] - |N| - (.-.) - [32] - (0.0.0.0) - C:\OkBootConfig.dat [09/09/2016 06:31:09] - |D| - [53665] - C:\oklog [MD5.BA16631E571B057A6074D5C543E811C1] - [05/10/2016 15:24:28] - |AH| - (.-.) - [1024] - (0.0.0.0) - C:\OKTAG.BIN [03/09/2016 07:58:45] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 09:30:46] - |N| - (.-.) - [0] - (0.0.0.0) - C:\OS [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/10/2016 17:40:12] - |ASH| - (.-.) - [4026531840] - (0.0.0.0) - C:\pagefile.sys [08/09/2016 07:58:23] - |D| - [39126097] - C:\PcPinPoint [16/07/2016 13:47:47] - |D| - [0] - C:\PerfLogs [13/10/2016 09:31:34] - |D| - [117964278] - C:\Pre_Scan [MD5.4F820EFAB2044E4376B13BC272BBA233] - [13/10/2016 09:45:38] - |A| - (.-.) - [18032] - (0.0.0.0) - C:\Pre_Scan.txt [16/07/2016 08:04:24] - |RD| - [3620810647] - C:\Program Files [16/07/2016 08:04:24] - |RD| - [12119774813] - C:\Program Files (x86) [16/07/2016 13:47:48] - |HD| - [6021676529] - C:\ProgramData [13/10/2016 09:49:33] - |D| - [262073] - C:\QuickDiag [MD5.BCFD6E7E9166AC2756C81460C6BE2A9D] - [13/10/2016 09:50:15] - |A| - (.-.) - [414623] - (0.0.0.0) - C:\QuickDiag.txt [31/08/2016 16:56:32] - |SHD| - [2215] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/08/2016 11:39:41] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [02/08/2012 05:15:28] - |AD| - [1021173952] - C:\SWSETUP [28/08/2016 11:39:40] - |SHD| - [0] - C:\System Volume Information [01/08/2012 11:57:15] - |D| - [38369491] - C:\SYSTEM.SAV [28/08/2016 16:25:52] - |AD| - [11255526] - C:\UsbFix [16/07/2016 08:04:24] - |RD| - [25198939846] - C:\Users [16/07/2016 08:04:24] - |D| - [24839887827] - C:\Windows [31/08/2016 13:39:12] - |D| - [16121943] - C:\Windows10Upgrade ---------- | C:\WINDOWS [16/07/2016 13:47:48] - |D| - [802] - C:\WINDOWS\addins [MD5.41CD34F96EE48B35868DC4B3A7315525] - [08/09/2016 20:26:08] - |A| - (.-.) - [750] - (0.0.0.0) - C:\WINDOWS\ampa.ini [16/07/2016 13:47:48] - |D| - [15991656] - C:\WINDOWS\appcompat [16/07/2016 13:47:48] - |D| - [12454272] - C:\WINDOWS\AppPatch [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness [16/07/2016 13:47:47] - |RD| - [715512856] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 15:59:37] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [16/07/2016 13:47:48] - |D| - [296620] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 13:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [16/07/2016 13:47:48] - |D| - [38103647] - C:\WINDOWS\Boot [16/07/2016 13:47:48] - |D| - [3715608] - C:\WINDOWS\Branding [16/07/2016 13:36:22] - |D| - [66554249] - C:\WINDOWS\CbsTemp [MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [17/07/2016 00:46:34] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\Core.xml [16/07/2016 13:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors [16/07/2016 13:47:48] - |D| - [3394805] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [31/08/2016 16:21:47] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [16/07/2016 13:47:48] - |D| - [4543876] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [31/08/2016 16:21:47] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [17/07/2016 00:40:08] - |D| - [0] - C:\WINDOWS\DigitalLocker [MD5.2A6A9FDD937D5968F609E9C9DA521FF3] - [08/09/2016 19:21:24] - |A| - (.-.) - [66560] - (0.0.0.0) - C:\WINDOWS\dm.batch.ops [MD5.CBEE079F873D0283247FBA743426D4FF] - [31/08/2016 13:12:29] - |A| - (.-.) - [192] - (0.0.0.0) - C:\WINDOWS\dm.dmap [16/07/2016 13:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [16/07/2016 13:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP [17/07/2016 00:40:08] - |D| - [0] - C:\WINDOWS\en-US [MD5.13BE475DA00AB05866CC3632F5AD54B0] - [04/10/2016 03:13:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4673296] - (10.0.14393.206) - C:\WINDOWS\explorer.exe [16/07/2016 13:47:48] - |RSD| - [358623062] - C:\WINDOWS\Fonts [17/07/2016 00:40:08] - |D| - [122368] - C:\WINDOWS\fr-FR [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [16/07/2016 13:47:48] - |D| - [20734252] - C:\WINDOWS\Globalization [16/07/2016 13:47:48] - |D| - [3255001] - C:\WINDOWS\Help [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 13:42:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 13:42:21] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [16/07/2016 13:47:48] - |D| - [173189928] - C:\WINDOWS\IME [16/07/2016 13:47:48] - |RD| - [6842480] - C:\WINDOWS\ImmersiveControlPanel [16/07/2016 13:45:54] - |D| - [78340001] - C:\WINDOWS\INF [16/07/2016 13:47:48] - |D| - [1082161303] - C:\WINDOWS\InfusedApps [16/07/2016 13:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod [16/07/2016 13:47:48] - |SHD| - [1669474544] - C:\WINDOWS\Installer [16/07/2016 13:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\LiveKernelReports [16/07/2016 08:04:29] - |D| - [47281899] - C:\WINDOWS\Logs [16/07/2016 13:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 13:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [16/07/2016 13:47:47] - |RD| - [609025683] - C:\WINDOWS\Microsoft.NET [16/07/2016 13:47:48] - |D| - [2563] - C:\WINDOWS\Migration [08/09/2016 14:35:09] - |D| - [235072] - C:\WINDOWS\Minidump [16/07/2016 13:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 13:43:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [17/07/2016 00:41:15] - |D| - [199472] - C:\WINDOWS\OCR [16/07/2016 13:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [31/08/2016 16:56:26] - |DC| - [106976735] - C:\WINDOWS\Panther [16/07/2016 13:47:48] - |D| - [29307624] - C:\WINDOWS\Performance [MD5.E7CA0154BBB6FD8E6777E95B82B73532] - [09/09/2016 11:48:47] - |A| - (.-.) - [25676] - (0.0.0.0) - C:\WINDOWS\PFRO.log [16/07/2016 13:47:48] - |D| - [1136442] - C:\WINDOWS\PLA [16/07/2016 13:47:48] - |D| - [2656332] - C:\WINDOWS\PolicyDefinitions [31/08/2016 15:57:46] - |D| - [17697490] - C:\WINDOWS\Prefetch [16/07/2016 13:47:48] - |RD| - [2036530] - C:\WINDOWS\PrintDialog [MD5.09394999ADB19901C665454EE964B13C] - [31/08/2016 14:15:33] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini [16/07/2016 13:47:48] - |D| - [1415126] - C:\WINDOWS\Provisioning [MD5.77303DB3860BF5CBE6E1E8AE2EE5276B] - [06/09/2016 19:57:18] - |A| - (.Copyright (C) Nero AG 2016 - RegDefragTask.) - [157704] - (1.0.0.462) - C:\WINDOWS\RegDefragTask.exe [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 13:42:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe [16/07/2016 13:47:48] - |D| - [1095144] - C:\WINDOWS\Registration [16/07/2016 13:47:48] - |D| - [7019813] - C:\WINDOWS\rescache [16/07/2016 13:47:48] - |D| - [3661206] - C:\WINDOWS\Resources [MD5.F17FC1B9623917BAA4C9C32259240D5E] - [06/09/2016 16:52:09] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RtCRU.) - [4330712] - (1.13.0.0) - C:\WINDOWS\RtCRU64.exe [MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [08/09/2016 14:48:50] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\SchCache [16/07/2016 13:47:48] - |D| - [121229] - C:\WINDOWS\schemas [16/07/2016 13:47:48] - |D| - [5267456] - C:\WINDOWS\security [31/08/2016 16:39:46] - |D| - [46462902] - C:\WINDOWS\ServiceProfiles [16/07/2016 08:04:24] - |D| - [136050461] - C:\WINDOWS\servicing [16/07/2016 13:49:46] - |D| - [349] - C:\WINDOWS\Setup [MD5.D699B3539EA7F09AC952E18B4D49643E] - [09/09/2016 16:35:20] - |A| - (.-.) - [5446] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.C6FAA16C3C81657ABFB731746813D806] - [08/09/2016 14:42:19] - |A| - (.Copyright © 2012 - SetupAfterRebootService.) - [10752] - (1.0.0.0) - C:\WINDOWS\SetupAfterRebootService.exe [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/09/2016 16:35:20] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [16/07/2016 13:47:48] - |D| - [31190528] - C:\WINDOWS\ShellExperiences [30/10/2015 21:03:03] - |D| - [4839] - C:\WINDOWS\ShellNew [17/07/2016 00:40:46] - |D| - [3070736] - C:\WINDOWS\SKB [28/08/2016 12:31:58] - |D| - [5595408661] - C:\WINDOWS\SoftwareDistribution [16/07/2016 13:47:48] - |D| - [86037697] - C:\WINDOWS\Speech [16/07/2016 13:47:48] - |D| - [53541356] - C:\WINDOWS\Speech_OneCore [MD5.FC689BE36FA4254D8576A23B697B6B17] - [04/10/2016 03:14:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.206) - C:\WINDOWS\splwow64.exe [MD5.98540955F498DF125A5199E1C1DFBCFD] - [07/07/2016 09:08:40] - |A| - (.-.) - [86448] - (0.0.0.0) - C:\WINDOWS\suite.vssMgr.exe [16/07/2016 13:47:48] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [16/07/2016 08:04:24] - |D| - [4615424923] - C:\WINDOWS\System32 [16/07/2016 13:47:48] - |D| - [143994755] - C:\WINDOWS\SystemApps [16/07/2016 13:47:48] - |D| - [17495381] - C:\WINDOWS\SystemResources [16/07/2016 08:04:27] - |D| - [1381980617] - C:\WINDOWS\SysWOW64 [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\TAPI [30/10/2015 09:24:25] - |D| - [2920] - C:\WINDOWS\Tasks [16/07/2016 13:47:48] - |D| - [1121835877] - C:\WINDOWS\Temp [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\tracing [16/07/2016 13:47:48] - |D| - [43083340] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 13:43:52] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.B38882E54F783A2C37946C27091DC8B4] - [02/09/2016 16:50:25] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\WINDOWS\UNINSTLMv4.EXE [16/07/2016 13:47:48] - |D| - [12420] - C:\WINDOWS\Vss [MD5.98540955F498DF125A5199E1C1DFBCFD] - [07/07/2016 09:08:40] - |A| - (.-.) - [86448] - (0.0.0.0) - C:\WINDOWS\vssMgr.exe [16/07/2016 13:47:48] - |D| - [15729830] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 09:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 13:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [09/09/2016 12:24:05] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 13:42:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [16/07/2016 08:04:24] - |D| - [6378037862] - C:\WINDOWS\WinSxS [MD5.360A166B4DD11DFD897F73F5410FDEE2] - [02/09/2016 16:49:07] - |A| - (.© 2008 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\WINDOWS\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 13:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 13:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe [MD5.51A740FC885618AB501C4F82221481ED] - [13/10/2016 09:17:12] - |A| - (.-.) - [352013] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace [MD5.A6097B870AC02518E369101DD91F920B] - [13/10/2016 09:17:12] - |A| - (.-.) - [326563] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [04/09/2016 09:11:28] - C:\WINDOWS\Installer\159ed6.msi : (Nero BurningROM 2016 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:41] - C:\WINDOWS\Installer\159ee0.msi : (NeroControlCenter - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:38] - C:\WINDOWS\Installer\159eea.msi : (Nero Core Components - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:43] - C:\WINDOWS\Installer\159ef4.msi : (Nero Burning ROM 15 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:24] - C:\WINDOWS\Installer\159efe.msi : (Nero Prerequisites - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:23] - C:\WINDOWS\Installer\159f08.msi : (Nero SharedVideoCodecs - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:28] - C:\WINDOWS\Installer\159f12.msi : (Nero CoverDesigner - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:21] - C:\WINDOWS\Installer\159f1b.msi : (Nero Update - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:25] - C:\WINDOWS\Installer\159f24.msi : (Nero Launcher - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:44] - C:\WINDOWS\Installer\159f2e.msi : (Nero BurningCore 15 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:27] - C:\WINDOWS\Installer\159f38.msi : (Nero Info - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/09/2016 09:12:21] - C:\WINDOWS\Installer\159f42.msi : (Nero Video 2016 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/10/2016 08:47:54] - C:\WINDOWS\Installer\1d1676a.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:15:17] - C:\WINDOWS\Installer\20b241.msi : (Blank Project Template - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:19:26] - C:\WINDOWS\Installer\20b246.msi : (AntimalwareEngine - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:20:04] - C:\WINDOWS\Installer\20b24b.msi : (FirewallEngine - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:20:18] - C:\WINDOWS\Installer\20b250.msi : (OnlineThreatsEngine - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:20:28] - C:\WINDOWS\Installer\20b255.msi : (AntispamEngine - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:20:39] - C:\WINDOWS\Installer\20b25a.msi : (AvcEngine - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 13:21:24] - C:\WINDOWS\Installer\20b25f.msi : (Blank Project Template - Lavasoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/07/2016 04:42:00] - C:\WINDOWS\Installer\24666fc.msi : (Epson Software Updater - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/01/2016 12:09:58] - C:\WINDOWS\Installer\26d3659.msi : (Epson Event Manager - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/03/2016 00:00:00] - C:\WINDOWS\Installer\26d365e.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/05/2015 08:45:36] - C:\WINDOWS\Installer\26d3668.msi : (Epson E-Web Print - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 12:53:16] - C:\WINDOWS\Installer\2d60a5.msi : (Program - Paragon Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:24] - C:\WINDOWS\Installer\35795.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\WINDOWS\Installer\3579b.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:16] - C:\WINDOWS\Installer\357a1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:22] - C:\WINDOWS\Installer\357a7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:30] - C:\WINDOWS\Installer\357ad.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:36] - C:\WINDOWS\Installer\357b3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:44] - C:\WINDOWS\Installer\357b9.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:52] - C:\WINDOWS\Installer\357bf.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:00] - C:\WINDOWS\Installer\357c5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:06] - C:\WINDOWS\Installer\357cb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:16] - C:\WINDOWS\Installer\357d1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:22] - C:\WINDOWS\Installer\357d7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:30] - C:\WINDOWS\Installer\357dd.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:38] - C:\WINDOWS\Installer\357e3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:46] - C:\WINDOWS\Installer\357e9.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:54] - C:\WINDOWS\Installer\357ef.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:02] - C:\WINDOWS\Installer\357f5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:10] - C:\WINDOWS\Installer\357fb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:18] - C:\WINDOWS\Installer\35801.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:26] - C:\WINDOWS\Installer\35807.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:34] - C:\WINDOWS\Installer\3580d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:42] - C:\WINDOWS\Installer\35813.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:50] - C:\WINDOWS\Installer\35819.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:58] - C:\WINDOWS\Installer\3581f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:06] - C:\WINDOWS\Installer\35825.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:40] - C:\WINDOWS\Installer\3582b.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:07:30] - C:\WINDOWS\Installer\35831.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:12] - C:\WINDOWS\Installer\35837.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 01:34:20] - C:\WINDOWS\Installer\3ada118.msi : (LWS Help_main - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:18] - C:\WINDOWS\Installer\3ada120.msi : (LWS Webcam Software - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:16] - C:\WINDOWS\Installer\3ada128.msi : (CameraHelperMsi - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [26/10/2012 19:55:20] - C:\WINDOWS\Installer\3ada130.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/07/2012 00:15:18] - C:\WINDOWS\Installer\3ada138.msi : (LWS Facebook - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 00:19:08] - C:\WINDOWS\Installer\3ada140.msi : (LWS Gallery - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/09/2012 01:36:58] - C:\WINDOWS\Installer\3ada148.msi : (LWS Launcher - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:12] - C:\WINDOWS\Installer\3ada150.msi : (LWS Motion Detection - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2012 09:41:22] - C:\WINDOWS\Installer\3ada158.msi : (LWS Pictures And Video - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/07/2011 04:51:16] - C:\WINDOWS\Installer\3ada160.msi : (LWS Twitter - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/06/2011 05:26:48] - C:\WINDOWS\Installer\3ada168.msi : (LWS WLM Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/11/2011 00:14:28] - C:\WINDOWS\Installer\3ada170.msi : (LWS YouTube Plugin - Logitech) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2016 08:55:20] - C:\WINDOWS\Installer\3ed3f8.msi : (ZoneAlarm Security - Check Point Software Technologies Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2016 08:55:15] - C:\WINDOWS\Installer\3ed3fd.msi : (ZoneAlarm Firewall - Check Point Software Technologies Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 14:39:36] - C:\WINDOWS\Installer\452b2b.msi : (Rebit 5 - Rebit, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 14:40:03] - C:\WINDOWS\Installer\452b3a.msi : (Rebit 5 - Rebit, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 14:40:22] - C:\WINDOWS\Installer\452b3f.msi : (Rebit 5 - Rebit, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2009 19:54:18] - C:\WINDOWS\Installer\45a597.msi : (AutoSave Essentials - Nom de votre société) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 16:10:40] - C:\WINDOWS\Installer\47a557.msi : (Should I Remove It - Reason Software Company Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 08:01:25] - C:\WINDOWS\Installer\594fd9.msi : (COMODO Cloud Antivirus - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 16:17:24] - C:\WINDOWS\Installer\6760e9.msi : (Rebit Pro - Rebit, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2016 19:42:04] - C:\WINDOWS\Installer\69232.msi : (Rebit Pro - Rebit, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/02/2016 01:24:22] - C:\WINDOWS\Installer\721452.msi : (AMD Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 16:48:36] - C:\WINDOWS\Installer\7cce4.msi : (MyWinLocker Suite - Egis Technology Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 16:10:47] - C:\WINDOWS\Installer\7cd25.msi : (ADOBER~1.0|Adobe Reader 9 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 16:10:45] - C:\WINDOWS\Installer\7cd2f.msi : (Acrobat.com - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/09/2016 15:44:05] - C:\WINDOWS\Installer\a341f37.msi : (V-locity - Condusiv Technologies) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/01/2016 15:37:17] - C:\WINDOWS\Installer\aefbe9.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/09/2016 16:30:24] - C:\WINDOWS\Installer\bf4c78a.msi : (BackItUp - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:24] - C:\WINDOWS\Installer\c6be7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\WINDOWS\Installer\c6bec.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:16] - C:\WINDOWS\Installer\c6bf1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:22] - C:\WINDOWS\Installer\c6bf6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:30] - C:\WINDOWS\Installer\c6bfb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:36] - C:\WINDOWS\Installer\c6c00.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:44] - C:\WINDOWS\Installer\c6c05.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:52] - C:\WINDOWS\Installer\c6c0a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:00] - C:\WINDOWS\Installer\c6c0f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:06] - C:\WINDOWS\Installer\c6c14.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:16] - C:\WINDOWS\Installer\c6c19.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:22] - C:\WINDOWS\Installer\c6c1e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:30] - C:\WINDOWS\Installer\c6c23.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:38] - C:\WINDOWS\Installer\c6c28.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:46] - C:\WINDOWS\Installer\c6c2d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:54] - C:\WINDOWS\Installer\c6c32.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:02] - C:\WINDOWS\Installer\c6c37.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:10] - C:\WINDOWS\Installer\c6c3c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:18] - C:\WINDOWS\Installer\c6c41.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:26] - C:\WINDOWS\Installer\c6c46.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:34] - C:\WINDOWS\Installer\c6c4b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:42] - C:\WINDOWS\Installer\c6c50.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:50] - C:\WINDOWS\Installer\c6c55.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:58] - C:\WINDOWS\Installer\c6c5a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:06] - C:\WINDOWS\Installer\c6c5f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:40] - C:\WINDOWS\Installer\c6c64.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:07:30] - C:\WINDOWS\Installer\c6c69.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:12] - C:\WINDOWS\Installer\c6c6e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/10/2008 13:52:14] - C:\WINDOWS\Installer\df2c35.msi : (AutoSave Essentials - Nom de votre société) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2016 07:01:27] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [09/09/2016 07:01:28] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\NewShortcut1_B4EBD3E89A394A41B825BC37C011DD6E.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [09/09/2016 07:01:29] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\NewShortcut6_465244A5DB8C4392A3D537510D1DB9FE.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [31/08/2016 16:01:10] - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:56] - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:50] - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe () - () [06/09/2016 18:31:29] - [59608] - C:\WINDOWS\Installer\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [09/09/2016 16:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\ARPPRODUCTICON.exe () - () [09/09/2016 16:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\AutoSave1_10085090E71D4A549E3244AB37A4CCC6.exe () - () [09/09/2016 16:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\AutoSave_10085090E71D4A549E3244AB37A4CCC6.exe () - () [31/08/2016 16:00:38] - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe () - () [06/09/2016 18:30:45] - [59608] - C:\WINDOWS\Installer\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [31/08/2016 16:00:41] - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:47] - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:51] - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe () - () [02/09/2016 16:49:07] - [132096] - C:\WINDOWS\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe (© 2009 Microsoft Corporation.) - (Windows Live Photo Gallery) [06/09/2016 18:29:45] - [59608] - C:\WINDOWS\Installer\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [31/08/2016 16:01:03] - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe () - () [06/09/2016 18:31:09] - [59608] - C:\WINDOWS\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [06/09/2016 18:31:49] - [59608] - C:\WINDOWS\Installer\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [31/08/2016 16:00:52] - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:48] - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe () - () [31/08/2016 16:01:08] - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe () - () [28/08/2016 13:16:20] - [415960] - C:\WINDOWS\Installer\{36036827-FA38-4A74-8333-26BC4EEC9308}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [06/09/2016 16:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [06/09/2016 16:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\BackItUp._6DE631547FD24BC5962A4E5F07A1BE20.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [06/09/2016 16:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\BackItUp._AB9F1F47710540918A47B78D2BED5DAD.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [02/09/2016 16:49:05] - [80395] - C:\WINDOWS\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe () - () [08/09/2016 16:23:03] - [58945] - C:\WINDOWS\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe () - () [04/09/2016 09:17:12] - [301392] - C:\WINDOWS\Installer\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [31/08/2016 16:00:36] - [88102] - C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe () - () [04/09/2016 09:18:09] - [69632] - C:\WINDOWS\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield) [29/08/2016 06:55:26] - [1278016] - C:\WINDOWS\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe (Copyright (C) SEIKO EPSON CORPORATION 2010-2013.) - (E-Web Print Preview) [31/08/2016 16:00:45] - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe () - () [02/09/2016 16:40:33] - [327680] - C:\WINDOWS\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [31/08/2016 16:01:09] - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:54] - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe () - () [04/09/2016 09:16:24] - [301040] - C:\WINDOWS\Installer\{83D2F005-37FD-4321-B5F7-24EFEACC9834}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [31/08/2016 16:01:06] - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe () - () [31/08/2016 16:01:04] - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe () - () [04/09/2016 09:17:58] - [587760] - C:\WINDOWS\Installer\{92EBE575-0C6E-4713-B095-34BB927E5AC6}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [29/08/2016 06:53:17] - [1241296] - C:\WINDOWS\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe (Copyright (C) 2011) - (EProjManager Application) [31/08/2016 16:00:59] - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe () - () [31/08/2016 16:01:05] - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe () - () [04/09/2016 09:16:37] - [587760] - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [04/09/2016 09:16:37] - [587752] - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [31/08/2016 16:01:24] - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe () - () [02/09/2016 16:49:07] - [61272] - C:\WINDOWS\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe (Copyright © 2008 Microsoft Corporation.) - (start phone dialer through Messenger) [07/09/2016 13:41:08] - [22435552] - C:\WINDOWS\Installer\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}\uninstall.exe (� 2008-2010 COMODO Security Solutions, Inc.) - (COMODO BackUp setup) [31/08/2016 16:01:01] - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:55] - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:42] - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe () - () [06/09/2016 23:40:40] - [97873] - C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:58] - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe () - () [07/09/2016 13:44:35] - [13840920] - C:\WINDOWS\Installer\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}\uninstall.exe (� 2008-2010 COMODO Security Solutions, Inc.) - (cCloud setup) [04/09/2016 09:17:02] - [587760] - C:\WINDOWS\Installer\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [09/09/2016 12:56:12] - [10134] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\ARPPRODUCTICON.exe () - () [09/09/2016 12:56:12] - [32038] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7_1.exe () - () [09/09/2016 12:56:12] - [32038] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\RunProductNameShor_985F828E0E98429F9C05EF3BDE7568F7.exe () - () [31/08/2016 16:01:13] - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe () - () [31/08/2016 16:01:00] - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe () - () [04/09/2016 09:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [04/09/2016 09:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [04/09/2016 09:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\NeroLauncher.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [04/09/2016 09:19:11] - [296944] - C:\WINDOWS\Installer\{F030BFE8-8476-4C08-A553-233DE80A2BE1}\ARPPRODUCTICON.exe (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/10/2016 14:25:47] - [8306] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\ARPPRODUCTICON.exe () - () [05/10/2016 14:25:47] - [8306] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/10/2016 14:25:47] - [8306] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/10/2016 14:25:47] - [8306] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/10/2016 14:25:47] - [8306] - C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe () - () [31/08/2016 16:00:46] - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe () - () [31/08/2016 16:00:44] - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe () - () ---------- | %System%\*.in* [16/07/2016 13:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [28/08/2016 12:36:18] - [2305012] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 13:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 13:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [16/07/2016 13:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [07/09/2016 01:54:47] - [1835960] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [16/07/2016 13:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | [jean-] [31/08/2016 16:04:34] - |HD| - [1611873283] - C:\Users\jean-\AppData [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Application Data [28/08/2016 12:43:49] - |RD| - [412] - C:\Users\jean-\Contacts [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Cookies [28/08/2016 12:41:29] - |RD| - [9592260823] - C:\Users\jean-\Desktop [28/08/2016 12:41:29] - |RD| - [1439120542] - C:\Users\jean-\Documents [28/08/2016 12:41:29] - |RD| - [1604495245] - C:\Users\jean-\Downloads [28/08/2016 12:41:29] - |RD| - [2469] - C:\Users\jean-\Favorites [28/08/2016 12:41:29] - |RD| - [3584] - C:\Users\jean-\Links [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Local Settings [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Menu Démarrer [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Mes documents [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Modèles [28/08/2016 12:41:29] - |RD| - [504] - C:\Users\jean-\Music [31/08/2016 16:04:34] - |A| - [2097152] - C:\Users\jean-\NTUSER.DAT [31/08/2016 16:04:34] - |A| - [1835008] - C:\Users\jean-\NTUSER.DAT.bak [31/08/2016 16:04:34] - |ASH| - [393216] - C:\Users\jean-\ntuser.dat.LOG1 [31/08/2016 16:04:34] - |ASH| - [458752] - C:\Users\jean-\ntuser.dat.LOG2 [06/09/2016 20:27:31] - |ASH| - [0] - C:\Users\jean-\NTUSER.DAT.new.LOG1 [06/09/2016 20:27:31] - |ASH| - [0] - C:\Users\jean-\NTUSER.DAT.new.LOG2 [31/08/2016 16:04:34] - |ASH| - [65536] - C:\Users\jean-\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TM.blf [31/08/2016 16:04:34] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TMContainer00000000000000000001.regtrans-ms [31/08/2016 16:04:34] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TMContainer00000000000000000002.regtrans-ms [06/09/2016 20:40:54] - |ASH| - [65536] - C:\Users\jean-\NTUSER.DAT{7af75016-745f-11e6-b8ee-806e6f6e6963}.TM.blf [06/09/2016 20:40:54] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{7af75016-745f-11e6-b8ee-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [06/09/2016 20:40:54] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{7af75016-745f-11e6-b8ee-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [03/10/2016 19:56:25] - |ASH| - [65536] - C:\Users\jean-\NTUSER.DAT{ebc15f06-898c-11e6-b8fa-4c72b9f956a2}.TM.blf [03/10/2016 19:56:26] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{ebc15f06-898c-11e6-b8fa-4c72b9f956a2}.TMContainer00000000000000000001.regtrans-ms [03/10/2016 19:56:26] - |ASH| - [524288] - C:\Users\jean-\NTUSER.DAT{ebc15f06-898c-11e6-b8fa-4c72b9f956a2}.TMContainer00000000000000000002.regtrans-ms [31/08/2016 16:38:43] - |SH| - [20] - C:\Users\jean-\ntuser.ini [28/08/2016 12:50:59] - |RD| - [4690046717] - C:\Users\jean-\OneDrive [28/08/2016 12:41:29] - |RD| - [5277259] - C:\Users\jean-\Pictures [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Recent [06/09/2016 20:26:59] - |D| - [2473984] - C:\Users\jean-\RegBack 2016-09-06 15-49-18 [28/08/2016 12:41:29] - |RD| - [282] - C:\Users\jean-\Saved Games [28/08/2016 12:43:49] - |RD| - [1872] - C:\Users\jean-\Searches [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\SendTo [28/08/2016 12:41:29] - |RD| - [504] - C:\Users\jean-\Videos [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Voisinage d'impression [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\Voisinage réseau [28/08/2016 12:43:45] - |D| - [34914] - C:\Users\jean-\AppData\Roaming\Adobe [03/09/2016 08:52:07] - |D| - [5519] - C:\Users\jean-\AppData\Roaming\ArcticLine [28/08/2016 14:26:56] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Ashampoo Slideshow Studio 2017 [28/08/2016 13:30:13] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ATI [09/09/2016 16:09:43] - |D| - [1294585] - C:\Users\jean-\AppData\Roaming\AutoSave [12/10/2016 13:00:02] - |D| - [1315817] - C:\Users\jean-\AppData\Roaming\Avanquest Software [03/09/2016 08:02:28] - |D| - [815] - C:\Users\jean-\AppData\Roaming\Condusiv_Technologies [06/09/2016 23:43:10] - |D| - [53779] - C:\Users\jean-\AppData\Roaming\CyberLink [28/08/2016 19:38:42] - |D| - [0] - C:\Users\jean-\AppData\Roaming\DAEMON Tools Pro [06/09/2016 20:41:37] - |D| - [384] - C:\Users\jean-\AppData\Roaming\EASEUS [29/08/2016 06:53:19] - |D| - [6777] - C:\Users\jean-\AppData\Roaming\Epson [04/09/2016 15:23:37] - |D| - [8413946] - C:\Users\jean-\AppData\Roaming\eufsc [03/09/2016 08:53:19] - |D| - [255491530] - C:\Users\jean-\AppData\Roaming\GlarySoft [08/09/2016 16:31:06] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Identities [08/09/2016 08:25:40] - |D| - [320359] - C:\Users\jean-\AppData\Roaming\IObit [07/09/2016 13:27:00] - |D| - [0] - C:\Users\jean-\AppData\Roaming\iSkysoft iMedia Converter Deluxe [28/08/2016 13:23:03] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Lavasoft [28/08/2016 13:22:31] - |D| - [737] - C:\Users\jean-\AppData\Roaming\LavasoftStatistics [07/09/2016 13:38:42] - |D| - [345] - C:\Users\jean-\AppData\Roaming\Leadertech [05/10/2016 14:27:44] - |D| - [0] - C:\Users\jean-\AppData\Roaming\library_dir [28/08/2016 16:25:07] - |D| - [291] - C:\Users\jean-\AppData\Roaming\Macromedia [04/10/2016 07:26:18] - |D| - [0] - C:\Users\jean-\AppData\Roaming\MAGIX [31/08/2016 16:04:34] - |SD| - [2444675] - C:\Users\jean-\AppData\Roaming\Microsoft [31/08/2016 12:54:10] - |D| - [27150236] - C:\Users\jean-\AppData\Roaming\Mozilla [03/09/2016 08:50:45] - |D| - [500774] - C:\Users\jean-\AppData\Roaming\NCH Software [04/09/2016 09:06:29] - |D| - [174681172] - C:\Users\jean-\AppData\Roaming\Nero [05/10/2016 14:30:12] - |D| - [6183314] - C:\Users\jean-\AppData\Roaming\PlaysTV [05/10/2016 14:26:15] - |D| - [604149] - C:\Users\jean-\AppData\Roaming\Raptr [29/08/2016 12:51:43] - |D| - [77] - C:\Users\jean-\AppData\Roaming\Skype [07/09/2016 06:05:05] - |D| - [455] - C:\Users\jean-\AppData\Roaming\TeamViewer [06/09/2016 20:58:35] - |D| - [114934] - C:\Users\jean-\AppData\Roaming\TeraCopy [07/09/2016 14:31:58] - |D| - [100374167] - C:\Users\jean-\AppData\Roaming\uTorrent [07/09/2016 14:01:43] - |D| - [0] - C:\Users\jean-\AppData\Roaming\videos [07/09/2016 14:01:43] - |D| - [343] - C:\Users\jean-\AppData\Roaming\Wise Video Downloader [07/09/2016 13:27:19] - |D| - [0] - C:\Users\jean-\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} [28/08/2016 12:46:15] - |D| - [0] - C:\Users\jean-\AppData\Local\ActiveSync [03/09/2016 09:13:51] - |D| - [2438] - C:\Users\jean-\AppData\Local\Adobe [28/08/2016 13:31:04] - |D| - [8] - C:\Users\jean-\AppData\Local\AMD [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Application Data [28/08/2016 14:26:13] - |D| - [366364] - C:\Users\jean-\AppData\Local\ashampoo [28/08/2016 13:30:13] - |D| - [66104] - C:\Users\jean-\AppData\Local\ATI [12/10/2016 12:59:08] - |D| - [1466272] - C:\Users\jean-\AppData\Local\Avanquest [28/08/2016 12:48:01] - |D| - [21192808] - C:\Users\jean-\AppData\Local\Comms [03/09/2016 08:02:29] - |D| - [2426] - C:\Users\jean-\AppData\Local\Condusiv_Technologies [31/08/2016 16:38:45] - |D| - [1261953] - C:\Users\jean-\AppData\Local\ConnectedDevicesPlatform [03/09/2016 09:08:41] - |D| - [40368153] - C:\Users\jean-\AppData\Local\CrashDumps [06/09/2016 23:42:49] - |D| - [432866] - C:\Users\jean-\AppData\Local\CyberLink [28/08/2016 15:02:04] - |D| - [0] - C:\Users\jean-\AppData\Local\Diagnostics [09/09/2016 12:53:17] - |D| - [42436608] - C:\Users\jean-\AppData\Local\Downloaded Installations [06/10/2016 12:58:30] - |D| - [129450450] - C:\Users\jean-\AppData\Local\ESET [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Historique [09/09/2016 16:16:40] - |AH| - [73994] - C:\Users\jean-\AppData\Local\IconCache.db [07/09/2016 13:26:46] - |D| - [82] - C:\Users\jean-\AppData\Local\iSkysoft [07/09/2016 13:54:01] - |D| - [2914129] - C:\Users\jean-\AppData\Local\Logitech® Webcam Software [31/08/2016 16:04:34] - |D| - [524299205] - C:\Users\jean-\AppData\Local\Microsoft [28/08/2016 13:22:34] - |D| - [85963] - C:\Users\jean-\AppData\Local\MicrosoftEdge [11/10/2016 08:54:13] - |D| - [65631001] - C:\Users\jean-\AppData\Local\Mozilla [28/08/2016 12:43:45] - |D| - [103360933] - C:\Users\jean-\AppData\Local\Packages [28/08/2016 12:45:25] - |D| - [0] - C:\Users\jean-\AppData\Local\PackageStaging [06/09/2016 23:43:22] - |D| - [40960] - C:\Users\jean-\AppData\Local\Power2Go10 [28/08/2016 14:23:44] - |D| - [0] - C:\Users\jean-\AppData\Local\Programs [28/08/2016 12:47:33] - |D| - [0] - C:\Users\jean-\AppData\Local\Publishers [03/09/2016 15:27:34] - |D| - [152] - C:\Users\jean-\AppData\Local\SFR [31/08/2016 16:04:34] - |D| - [13202] - C:\Users\jean-\AppData\Local\Temp [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Temporary Internet Files [28/08/2016 12:43:41] - |D| - [14835712] - C:\Users\jean-\AppData\Local\TileDataLayer [09/09/2016 16:13:12] - |D| - [371] - C:\Users\jean-\AppData\Local\Turbo View & Convert [28/08/2016 12:43:53] - |D| - [5554] - C:\Users\jean-\AppData\Local\VirtualStore [28/08/2016 19:42:53] - |D| - [82] - C:\Users\jean-\AppData\Local\Wondershare [07/09/2016 14:38:05] - |D| - [83170062] - C:\Users\jean-\AppData\Local\Zemana [28/08/2016 12:43:49] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [31/08/2016 16:04:34] - |SHD| - [0] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [31/08/2016 16:04:34] - |RD| - [106965] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [07/09/2016 14:32:44] - |A| - [2686] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [31/08/2016 16:04:34] - |RD| - [3888] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [31/08/2016 16:04:34] - |RD| - [2927] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [28/08/2016 12:43:50] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/09/2016 14:45:45] - |D| - [12363] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Digital Studio [31/08/2016 16:39:02] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [31/08/2016 13:10:04] - |D| - [3128] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IM-Magic Partition Resizer Free [28/08/2016 16:54:03] - |D| - [6002] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy [31/08/2016 16:04:34] - |D| - [170] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [28/08/2016 12:51:00] - |A| - [2409] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [09/09/2016 16:53:20] - |A| - [1758] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk [02/09/2016 16:24:05] - |D| - [17782] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio [07/09/2016 20:33:19] - |D| - [9874] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker [02/09/2016 16:10:40] - |D| - [3366] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It [28/08/2016 12:43:50] - |RD| - [1566] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/09/2016 16:23:27] - |D| - [20511] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software [07/09/2016 13:24:10] - |D| - [1544] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier [31/08/2016 16:04:34] - |RD| - [3690] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [07/09/2016 13:23:19] - |D| - [1544] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier [28/08/2016 16:53:40] - |D| - [3420] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [07/09/2016 14:47:43] - |D| - [3437] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro [31/08/2016 16:04:34] - |RD| - [7238] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [28/08/2016 12:43:50] - |ASH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [04/09/2016 15:24:15] - |A| - [1392] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS EverySync.lnk ---------- | [MSSQL$ADK] [07/09/2016 01:56:34] - |HD| - [2716810] - C:\Users\MSSQL$ADK\AppData [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Application Data [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Cookies [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Desktop [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Documents [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Downloads [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Favorites [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Links [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Local Settings [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Menu Démarrer [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Mes documents [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Modèles [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Music [07/09/2016 01:56:34] - |AH| - [262144] - C:\Users\MSSQL$ADK\NTUSER.DAT [07/09/2016 01:56:35] - |ASH| - [32768] - C:\Users\MSSQL$ADK\ntuser.dat.LOG1 [07/09/2016 01:56:35] - |ASH| - [16384] - C:\Users\MSSQL$ADK\ntuser.dat.LOG2 [07/09/2016 01:56:35] - |ASH| - [65536] - C:\Users\MSSQL$ADK\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TM.blf [07/09/2016 01:56:35] - |ASH| - [524288] - C:\Users\MSSQL$ADK\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TMContainer00000000000000000001.regtrans-ms [07/09/2016 01:56:35] - |ASH| - [524288] - C:\Users\MSSQL$ADK\NTUSER.DAT{21f5ed36-6f8b-11e6-8c19-fee8dc76e36c}.TMContainer00000000000000000002.regtrans-ms [03/10/2016 19:16:00] - |ASH| - [65536] - C:\Users\MSSQL$ADK\NTUSER.DAT{ebc15dbd-898c-11e6-b8fa-4c72b9f956a2}.TM.blf [03/10/2016 19:16:00] - |ASH| - [524288] - C:\Users\MSSQL$ADK\NTUSER.DAT{ebc15dbd-898c-11e6-b8fa-4c72b9f956a2}.TMContainer00000000000000000001.regtrans-ms [03/10/2016 19:16:00] - |ASH| - [524288] - C:\Users\MSSQL$ADK\NTUSER.DAT{ebc15dbd-898c-11e6-b8fa-4c72b9f956a2}.TMContainer00000000000000000002.regtrans-ms [07/09/2016 01:56:36] - |SH| - [20] - C:\Users\MSSQL$ADK\ntuser.ini [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Pictures [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Recent [07/09/2016 01:56:34] - |D| - [0] - C:\Users\MSSQL$ADK\Saved Games [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\SendTo [07/09/2016 01:56:34] - |RD| - [0] - C:\Users\MSSQL$ADK\Videos [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Voisinage d'impression [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\Voisinage réseau [07/09/2016 01:56:34] - |D| - [313840] - C:\Users\MSSQL$ADK\AppData\Roaming\Macromedia [07/09/2016 01:56:34] - |SD| - [30628] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Application Data [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Historique [07/09/2016 01:56:34] - |D| - [2372342] - C:\Users\MSSQL$ADK\AppData\Local\Microsoft [07/09/2016 01:56:34] - |D| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temp [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temporary Internet Files [07/09/2016 01:56:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [07/09/2016 01:56:34] - |D| - [18100] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [07/09/2016 01:56:34] - |RD| - [3888] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [07/09/2016 01:56:34] - |RD| - [1486] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [07/09/2016 01:56:34] - |D| - [170] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [07/09/2016 01:56:34] - |RD| - [5318] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [07/09/2016 01:56:34] - |RD| - [7238] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | [Public] [28/08/2016 12:43:49] - |RHD| - [196] - C:\Users\Public\AccountPictures [07/09/2016 14:12:12] - |D| - [4139] - C:\Users\Public\CyberLink [30/10/2015 09:24:24] - |RHD| - [63198] - C:\Users\Public\Desktop [16/07/2016 13:47:50] - |ASH| - [174] - C:\Users\Public\desktop.ini [30/10/2015 09:24:24] - |RD| - [215272671] - C:\Users\Public\Documents [30/10/2015 09:24:24] - |RD| - [174] - C:\Users\Public\Downloads [16/07/2016 13:47:48] - |RHD| - [1135] - C:\Users\Public\Libraries [30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Music [30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Pictures [30/10/2015 09:24:24] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [02/09/2016 16:12:25] - |D| - [479] - C:\ProgramData\Adobe [31/08/2016 16:01:16] - |D| - [304] - C:\ProgramData\AMD [08/09/2016 15:51:28] - |D| - [1831] - C:\ProgramData\AomeiBR [31/08/2016 16:23:20] - |SHD| - [59483576005] - C:\ProgramData\Application Data [28/08/2016 14:25:04] - |D| - [523938] - C:\ProgramData\Ashampoo [28/08/2016 13:30:13] - |D| - [186] - C:\ProgramData\ATI [03/09/2016 08:49:32] - |D| - [896988] - C:\ProgramData\Auslogics [03/10/2016 20:28:42] - |D| - [0] - C:\ProgramData\Avanquest [09/09/2016 16:09:43] - |D| - [50061708] - C:\ProgramData\Avanquest Software [28/08/2016 13:40:20] - |D| - [0] - C:\ProgramData\BitDefender [28/08/2016 12:31:27] - |SHD| - [63198] - C:\ProgramData\Bureau [03/10/2016 20:22:45] - |D| - [0] - C:\ProgramData\BVRP Software [13/10/2016 08:51:24] - |D| - [8843062] - C:\ProgramData\CheckPoint [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [03/10/2016 20:35:59] - |D| - [163293507] - C:\ProgramData\COMODO [02/09/2016 15:45:40] - |D| - [0] - C:\ProgramData\Condusiv Technologies [06/09/2016 22:58:59] - |D| - [58529925] - C:\ProgramData\CyberLink [28/08/2016 14:45:58] - |D| - [1916] - C:\ProgramData\DAEMON Tools Pro [31/08/2016 16:23:20] - |SHD| - [215272671] - C:\ProgramData\Documents [12/10/2016 21:00:04] - |D| - [4902] - C:\ProgramData\DriverGenius [28/08/2016 22:36:48] - |D| - [10668251] - C:\ProgramData\EPSON [03/09/2016 08:53:16] - |D| - [17408] - C:\ProgramData\Glarysoft [12/10/2016 11:11:21] - |D| - [501041] - C:\ProgramData\install_backup [06/09/2016 23:12:53] - |D| - [503761] - C:\ProgramData\install_clap [07/09/2016 13:09:13] - |D| - [153] - C:\ProgramData\IObit [07/09/2016 13:24:16] - |D| - [4251004] - C:\ProgramData\iSkysoft [07/09/2016 13:24:42] - |D| - [5423] - C:\ProgramData\iSkysoft iMedia Converter Deluxe [28/08/2016 13:14:05] - |D| - [68102147] - C:\ProgramData\Lavasoft [07/09/2016 13:40:22] - |D| - [259] - C:\ProgramData\LogiShrd [04/10/2016 07:26:18] - |D| - [0] - C:\ProgramData\MAGIX [28/08/2016 12:31:27] - |SHD| - [356334] - C:\ProgramData\Menu Démarrer [16/07/2016 13:47:48] - |SD| - [788877634] - C:\ProgramData\Microsoft [31/08/2016 16:42:05] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [28/08/2016 12:31:27] - |SHD| - [0] - C:\ProgramData\Modèles [03/09/2016 08:50:41] - |D| - [78708] - C:\ProgramData\NCH Software [04/09/2016 09:10:06] - |AD| - [65530699] - C:\ProgramData\Nero [13/10/2016 09:15:29] - |RASH| - [8] - C:\ProgramData\ntuser.pol [31/08/2016 16:00:20] - |D| - [3552540389] - C:\ProgramData\Package Cache [08/09/2016 08:25:37] - |D| - [394] - C:\ProgramData\ProductData [03/09/2016 07:51:04] - |D| - [2940] - C:\ProgramData\Reason [28/08/2016 19:41:04] - |D| - [160507988] - C:\ProgramData\Rebit [28/08/2016 14:39:31] - |AD| - [49072588] - C:\ProgramData\Rebit 5 [16/07/2016 13:47:48] - |D| - [1003] - C:\ProgramData\regid.1991-06.com.microsoft [07/09/2016 20:38:12] - |D| - [1800] - C:\ProgramData\RogueKiller [04/09/2016 09:10:28] - |D| - [2634340] - C:\ProgramData\simplitec [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution [29/08/2016 06:56:38] - |D| - [645] - C:\ProgramData\Sony Corporation [06/09/2016 23:12:53] - |D| - [12905622] - C:\ProgramData\SUPPORTDIR [06/09/2016 23:40:47] - |D| - [318896] - C:\ProgramData\Temp [29/08/2016 06:56:46] - |D| - [4680] - C:\ProgramData\UDL [16/07/2016 13:47:48] - |D| - [11179] - C:\ProgramData\USOPrivate [31/08/2016 16:23:55] - |D| - [1810432] - C:\ProgramData\USOShared [28/08/2016 19:43:16] - |D| - [6120284] - C:\ProgramData\Wondershare [28/08/2016 19:38:40] - |D| - [1015371134] - C:\ProgramData\Wondershare Video Editor ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 13:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [28/08/2016 12:31:27] - |SHD| - [356160] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [16/07/2016 13:47:48] - |RD| - [356160] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 13:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [16/07/2016 13:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [02/09/2016 16:16:51] - |D| - [8812] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [02/09/2016 16:23:26] - |D| - [2236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam [16/07/2016 13:47:48] - |RD| - [19330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/09/2016 16:16:22] - |A| - [2177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [31/08/2016 16:01:24] - |D| - [4373] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [05/10/2016 14:30:54] - |D| - [2189] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved [08/09/2016 16:15:16] - |D| - [2505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI OneKey Recovery 1.6 [28/08/2016 14:26:12] - |D| - [2875] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [31/08/2016 13:39:14] - |A| - [733] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à niveau de Windows 10.lnk [02/09/2016 16:10:36] - |D| - [2782] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [03/10/2016 20:53:00] - |D| - [3330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoSave Essentials [31/08/2016 12:58:21] - |D| - [1608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Bureau [13/10/2016 09:01:48] - |D| - [3284] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [07/09/2016 13:41:09] - |D| - [9065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [02/09/2016 15:46:10] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condusiv Technologies [06/09/2016 23:40:52] - |RD| - [1529] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5 [12/10/2016 11:21:45] - |A| - [2151] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 8 (64-bit).lnk [06/09/2016 23:33:06] - |RD| - [9681] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 10 [07/09/2016 20:52:41] - |A| - [2502] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PresenterLink+.lnk [06/09/2016 23:42:28] - |RD| - [2410] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2 [07/09/2016 14:10:00] - |A| - [2248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 7.lnk [28/08/2016 19:38:45] - |D| - [56] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [05/10/2016 17:34:31] - |ASH| - [1572] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [12/10/2016 12:42:38] - |D| - [5152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius [04/09/2016 15:24:15] - |D| - [2830] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS EverySync 3.0 [09/09/2016 17:03:33] - |D| - [2680] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2 [01/09/2016 14:39:43] - |D| - [2871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo PCTrans [29/08/2016 06:54:44] - |D| - [2051] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [29/08/2016 06:10:21] - |D| - [7064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [06/09/2016 16:04:43] - |A| - [1277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk [02/09/2016 16:24:13] - |A| - [1193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk [02/09/2016 16:22:57] - |A| - [1183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip - Compresseur de fichiers.lnk [02/09/2016 16:24:16] - |D| - [3546] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMarker.NET [02/09/2016 16:39:50] - |D| - [20679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Marker [02/09/2016 16:17:09] - |D| - [3732] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft [02/09/2016 16:26:28] - |D| - [2825] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect [02/09/2016 16:23:44] - |D| - [1963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert [16/07/2016 13:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [02/09/2016 16:22:47] - |D| - [1381] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [07/09/2016 13:09:12] - |D| - [2537] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker [07/09/2016 13:26:22] - |D| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft [05/10/2016 19:37:01] - |D| - [2224] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB [28/08/2016 13:21:39] - |D| - [3619] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [07/09/2016 13:36:53] - |D| - [1743] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [16/07/2016 13:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [02/09/2016 16:17:10] - |A| - [1299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk [02/09/2016 16:24:01] - |D| - [2356] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [07/09/2016 01:47:21] - |D| - [1495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [07/09/2016 01:42:51] - |D| - [4982] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012 [16/07/2016 13:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [11/10/2016 08:48:03] - |A| - [1236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [06/09/2016 16:04:45] - |A| - [2167] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk [04/09/2016 09:10:24] - |D| - [11397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [04/09/2016 09:17:02] - |D| - [5775] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016 [09/09/2016 12:56:12] - |D| - [3372] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Migrate OS to SSD™ 4.0 [16/07/2016 13:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [02/09/2016 16:23:38] - |A| - [1125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism - Convertisseur de fichiers vidéo.lnk [02/09/2016 16:22:50] - |D| - [5949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio [02/09/2016 16:50:41] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme [02/09/2016 16:23:38] - |D| - [7092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidéo [07/09/2016 13:13:30] - |D| - [2581] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder [05/10/2016 14:31:36] - |D| - [2112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr [02/09/2016 16:23:11] - |D| - [1191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security [28/08/2016 14:42:19] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit 5 [28/08/2016 19:42:22] - |D| - [1153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit Pro [07/09/2016 20:38:36] - |D| - [925] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [02/09/2016 16:23:54] - |D| - [4125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFR [04/10/2016 07:22:54] - |D| - [2860] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec [06/09/2016 18:18:08] - |A| - [1354] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Update Pro.lnk [16/07/2016 13:47:48] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [02/09/2016 16:22:51] - |D| - [21954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software [02/09/2016 16:22:55] - |A| - [1139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch - Convertisseur de fichiers audio.lnk [16/07/2016 13:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/10/2015 21:03:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [07/09/2016 06:05:04] - |A| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk [06/09/2016 20:51:04] - |D| - [4095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [09/09/2016 16:12:19] - |D| - [1312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo View & Convert [02/09/2016 16:23:00] - |D| - [12444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires [07/09/2016 00:37:37] - |D| - [24564] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits [02/09/2016 16:49:20] - |D| - [12183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [31/08/2016 16:10:35] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [07/09/2016 13:20:28] - |D| - [1311] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider [07/09/2016 15:13:05] - |D| - [1276] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch [07/09/2016 13:21:12] - |D| - [1362] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer [07/09/2016 13:59:47] - |D| - [1338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Video Downloader [28/08/2016 19:42:17] - |D| - [19859] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [07/10/2016 13:41:14] - |D| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 13:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [02/09/2016 16:16:39] - |D| - [93166206] - C:\Program Files (x86)\Acer [02/09/2016 16:10:45] - |D| - [396617771] - C:\Program Files (x86)\Adobe [07/09/2016 14:45:40] - |D| - [106534913] - C:\Program Files (x86)\AoaoPhoto Digital Studio [08/09/2016 16:14:30] - |AD| - [465390545] - C:\Program Files (x86)\AOMEI OneKey Recovery 1.6 [28/08/2016 14:24:58] - |D| - [182060787] - C:\Program Files (x86)\Ashampoo [31/08/2016 16:00:35] - |AD| - [106367910] - C:\Program Files (x86)\ATI Technologies [02/09/2016 16:10:33] - |D| - [30479380] - C:\Program Files (x86)\Auslogics [03/10/2016 20:52:45] - |D| - [26482892] - C:\Program Files (x86)\Avanquest [03/10/2016 20:28:46] - |AD| - [3127447] - C:\Program Files (x86)\Avanquest update [13/10/2016 08:54:44] - |D| - [44204127] - C:\Program Files (x86)\CheckPoint [16/07/2016 08:04:24] - |D| - [248342620] - C:\Program Files (x86)\Common Files [03/10/2016 20:42:17] - |D| - [19467000] - C:\Program Files (x86)\COMODO [06/09/2016 23:20:47] - |D| - [1777802319] - C:\Program Files (x86)\CyberLink [16/07/2016 13:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [02/09/2016 16:24:18] - |D| - [795472] - C:\Program Files (x86)\DIFX [02/09/2016 15:43:52] - |D| - [25259856] - C:\Program Files (x86)\Diskeeper Setup Files [12/10/2016 12:42:22] - |D| - [32175208] - C:\Program Files (x86)\Driver-Soft [01/09/2016 14:39:29] - |D| - [589274844] - C:\Program Files (x86)\EaseUS [02/09/2016 16:40:32] - |AD| - [2243204] - C:\Program Files (x86)\EgisTec MyWinLockerSuite [29/08/2016 06:52:57] - |D| - [2947568] - C:\Program Files (x86)\EPSON [29/08/2016 06:10:20] - |AD| - [231785848] - C:\Program Files (x86)\EPSON Software [09/09/2016 16:12:41] - |AD| - [1769770] - C:\Program Files (x86)\File Identifier [02/09/2016 16:24:14] - |AD| - [5182811] - C:\Program Files (x86)\FileMarker.NET [02/09/2016 16:39:47] - |AD| - [20578953] - C:\Program Files (x86)\Folder Marker [02/09/2016 16:16:53] - |D| - [255858898] - C:\Program Files (x86)\Glarysoft [02/09/2016 16:23:44] - |AD| - [4764304] - C:\Program Files (x86)\HitmanPro.Alert [09/09/2016 16:10:53] - |D| - [145860418] - C:\Program Files (x86)\IMSIDesign [29/08/2016 06:52:57] - |HD| - [175097295] - C:\Program Files (x86)\InstallShield Installation Information [02/09/2016 16:22:41] - |D| - [18852676] - C:\Program Files (x86)\Intel [16/07/2016 13:47:48] - |D| - [1989487] - C:\Program Files (x86)\Internet Explorer [07/09/2016 13:09:09] - |D| - [12348017] - C:\Program Files (x86)\IObit [07/09/2016 13:24:16] - |D| - [175618486] - C:\Program Files (x86)\iSkysoft [05/10/2016 19:36:58] - |AD| - [5538848] - C:\Program Files (x86)\ISO to USB [07/09/2016 14:41:09] - |D| - [199534] - C:\Program Files (x86)\KeyCryptSDK [28/08/2016 16:55:16] - |D| - [235138] - C:\Program Files (x86)\KillCopy [28/08/2016 16:53:58] - |D| - [1247147] - C:\Program Files (x86)\KillSoft [02/09/2016 16:50:22] - |AD| - [7409720] - C:\Program Files (x86)\Launch Manager [07/09/2016 13:36:50] - |D| - [38884251] - C:\Program Files (x86)\Logitech [31/08/2016 12:57:52] - |D| - [28382294] - C:\Program Files (x86)\Microsoft [02/09/2016 16:23:56] - |D| - [42886030] - C:\Program Files (x86)\Microsoft Silverlight [07/09/2016 01:39:58] - |AD| - [1195381273] - C:\Program Files (x86)\Microsoft SQL Server [02/09/2016 16:50:26] - |AD| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [07/09/2016 01:50:21] - |D| - [4850] - C:\Program Files (x86)\Microsoft Visual Studio 10.0 [16/07/2016 13:47:48] - |D| - [707647] - C:\Program Files (x86)\Microsoft.NET [11/10/2016 08:46:11] - |AD| - [93587717] - C:\Program Files (x86)\Mozilla Firefox [11/10/2016 08:47:23] - |D| - [262595] - C:\Program Files (x86)\Mozilla Maintenance Service [02/09/2016 16:22:48] - |D| - [11494647] - C:\Program Files (x86)\NCH Software [04/09/2016 09:10:03] - |AD| - [383068966] - C:\Program Files (x86)\Nero [06/09/2016 23:32:49] - |D| - [31983884] - C:\Program Files (x86)\NSIS Uninstall Information [05/10/2016 14:26:14] - |D| - [0] - C:\Program Files (x86)\Raptr [05/10/2016 14:27:22] - |D| - [383352580] - C:\Program Files (x86)\Raptr Inc [06/09/2016 16:52:08] - |D| - [129796896] - C:\Program Files (x86)\Realtek [02/09/2016 16:10:39] - |D| - [22541825] - C:\Program Files (x86)\Reason [07/09/2016 20:33:18] - |D| - [1402663] - C:\Program Files (x86)\RegSeeker [02/09/2016 16:23:45] - |D| - [41534993] - C:\Program Files (x86)\SFR [04/10/2016 07:21:10] - |D| - [64649869] - C:\Program Files (x86)\simplitec [07/09/2016 06:04:30] - |AD| - [46619279] - C:\Program Files (x86)\TeamViewer [06/09/2016 23:26:51] - |HD| - [0] - C:\Program Files (x86)\Temp [16/07/2016 13:47:48] - |D| - [1941504] - C:\Program Files (x86)\Windows Defender [07/09/2016 00:36:43] - |D| - [4060300062] - C:\Program Files (x86)\Windows Kits [02/09/2016 16:48:56] - |AD| - [147753420] - C:\Program Files (x86)\Windows Live [02/09/2016 16:10:38] - |AD| - [245112] - C:\Program Files (x86)\Windows Live SkyDrive [16/07/2016 13:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [16/07/2016 13:47:48] - |D| - [3275416] - C:\Program Files (x86)\Windows Media Player [16/07/2016 13:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [16/07/2016 13:47:48] - |D| - [7584962] - C:\Program Files (x86)\Windows NT [16/07/2016 13:47:48] - |D| - [5424832] - C:\Program Files (x86)\Windows Photo Viewer [16/07/2016 13:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [16/07/2016 13:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [16/07/2016 13:47:48] - |D| - [3233527] - C:\Program Files (x86)\WindowsPowerShell [07/09/2016 13:20:25] - |D| - [21970379] - C:\Program Files (x86)\Wise [28/08/2016 19:46:08] - |D| - [93972613] - C:\Program Files (x86)\Wondershare [07/09/2016 14:41:06] - |AD| - [16443259] - C:\Program Files (x86)\Zemana AntiLogger [07/09/2016 14:38:36] - |D| - [16153086] - C:\Program Files (x86)\Zemana AntiMalware ---------- | C:\Program Files [31/08/2016 15:59:22] - |D| - [136371979] - C:\Program Files\AMD [31/08/2016 16:01:13] - |AD| - [5595872] - C:\Program Files\ATI Technologies [16/07/2016 08:04:24] - |D| - [116003320] - C:\Program Files\Common Files [07/09/2016 13:41:10] - |D| - [67364744] - C:\Program Files\COMODO [02/09/2016 15:45:40] - |D| - [0] - C:\Program Files\Condusiv Technologies [12/10/2016 11:15:12] - |D| - [723381969] - C:\Program Files\CyberLink [02/09/2016 16:08:55] - |HD| - [0] - C:\Program Files\DAEMON Tools Pro [16/07/2016 13:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini [28/08/2016 12:31:27] - |SHD| - [116003320] - C:\Program Files\Fichiers communs [31/08/2016 13:09:59] - |D| - [10889080] - C:\Program Files\IM-Magic [16/07/2016 13:47:47] - |D| - [2581850] - C:\Program Files\Internet Explorer [28/08/2016 16:54:37] - |D| - [494533] - C:\Program Files\KillSoft [28/08/2016 13:19:35] - |D| - [627594003] - C:\Program Files\Lavasoft [03/09/2016 08:59:52] - |AD| - [55717262] - C:\Program Files\Microsoft Silverlight [07/09/2016 01:46:14] - |AD| - [3000273] - C:\Program Files\Microsoft SQL Server [09/09/2016 12:55:25] - |D| - [78886245] - C:\Program Files\Paragon Software [08/09/2016 15:05:54] - |D| - [41374280] - C:\Program Files\Realtek [28/08/2016 19:42:20] - |D| - [67605555] - C:\Program Files\Rebit [02/09/2016 16:06:06] - |HD| - [0] - C:\Program Files\Rebit 5 [07/09/2016 20:38:21] - |AD| - [78875216] - C:\Program Files\RogueKiller [07/09/2016 13:24:10] - |D| - [22421724] - C:\Program Files\Supercopier [06/09/2016 20:50:59] - |AD| - [6494541] - C:\Program Files\TeraCopy [07/09/2016 13:23:18] - |D| - [22473689] - C:\Program Files\Ultracopier [28/08/2016 12:33:35] - |HD| - [0] - C:\Program Files\Uninstall Information [28/08/2016 16:53:39] - |D| - [266699] - C:\Program Files\Unlocker [16/07/2016 13:47:47] - |RD| - [14913860] - C:\Program Files\Windows Defender [16/07/2016 13:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail [16/07/2016 13:47:47] - |D| - [4989116] - C:\Program Files\Windows Media Player [16/07/2016 13:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [16/07/2016 13:47:47] - |D| - [7849154] - C:\Program Files\Windows NT [16/07/2016 13:47:47] - |D| - [6223552] - C:\Program Files\Windows Photo Viewer [16/07/2016 13:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices [16/07/2016 13:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar [16/07/2016 13:47:47] - |HD| - [1197890125] - C:\Program Files\WindowsApps [16/07/2016 13:47:47] - |D| - [3654200] - C:\Program Files\WindowsPowerShell [28/08/2016 19:38:39] - |D| - [311640176] - C:\Program Files\Wondershare ---------- | C:\Program Files (x86)\Common Files [02/09/2016 16:11:46] - |AD| - [14779391] - C:\Program Files (x86)\Common Files\Adobe [02/09/2016 16:40:06] - |AD| - [28449038] - C:\Program Files (x86)\Common Files\Adobe AIR [06/09/2016 23:32:21] - |D| - [124856] - C:\Program Files (x86)\Common Files\CyberLink [07/09/2016 13:26:42] - |D| - [6105232] - C:\Program Files (x86)\Common Files\iSkysoft [07/09/2016 13:36:49] - |AD| - [90112276] - C:\Program Files (x86)\Common Files\LogiShrd [16/07/2016 13:47:48] - |D| - [17985345] - C:\Program Files (x86)\Common Files\Microsoft Shared [04/09/2016 09:16:48] - |D| - [72734096] - C:\Program Files (x86)\Common Files\Nero [12/10/2016 11:21:56] - |D| - [1488873] - C:\Program Files (x86)\Common Files\Nikon [16/07/2016 13:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [16/07/2016 13:47:48] - |D| - [9639307] - C:\Program Files (x86)\Common Files\System [28/08/2016 19:42:34] - |D| - [6921504] - C:\Program Files (x86)\Common Files\Wondershare ---------- | C:\Program Files\Common files [02/09/2016 15:45:45] - |D| - [165200] - C:\Program Files\Common files\Diskeeper Corporation [28/08/2016 22:38:00] - |D| - [152640] - C:\Program Files\Common files\EPSON [28/08/2016 13:16:02] - |D| - [44830754] - C:\Program Files\Common files\Lavasoft [07/09/2016 13:37:25] - |D| - [21836465] - C:\Program Files\Common files\logishrd [16/07/2016 13:47:47] - |D| - [38769532] - C:\Program Files\Common files\microsoft shared [16/07/2016 13:47:47] - |D| - [2702] - C:\Program Files\Common files\Services [16/07/2016 13:47:47] - |D| - [10246027] - C:\Program Files\Common files\System ---------- | Tasks [MD5.78EA121EF67478252F463D7DA3FB94EE] - [28/08/2016 22:38:04] - |A| - [765] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7}.job [MD5.8E932DC7C56370B4A9EB53329F5109E0] - [28/08/2016 22:38:03] - |A| - [951] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7}.job [MD5.166F7F6BECD38064050568EB934619BB] - [04/09/2016 09:10:29] - |A| - [362] - C:\WINDOWS\Tasks\Nero TuneItUp PRO.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [31/08/2016 16:16:30] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.19696FBF50BA955C63C151957C375D87] - [04/10/2016 07:25:21] - |A| - [462] - C:\WINDOWS\Tasks\simplitec Power Suite (Tray).job [MD5.F0C82EF50C08C54D6765039A9528F106] - [04/10/2016 07:23:18] - |A| - [374] - C:\WINDOWS\Tasks\simplitec Power Suite.job [MD5.581C1A87C6544BACF57804ABD39725AD] - [05/10/2016 14:41:48] - |A| - [4296] - C:\WINDOWS\System32\Tasks\AMD Updater : "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" [MD5.00000000000000000000000000000000] - [03/09/2016 08:50:01] - |D| - [12200] - C:\WINDOWS\System32\Tasks\Auslogics [MD5.81655BEAC623D22384C46717007AB0FB] - [06/09/2016 16:32:51] - |A| - [3656] - C:\WINDOWS\System32\Tasks\BackItUp_Launch : C:\Program Files (x86)\Nero\Nero BackItUp\BackItUp.exe [MD5.45A67AB6D4B01118F120A88AC92E8309] - [07/09/2016 14:57:26] - |A| - [3656] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\explorer.exe [MD5.0A35E85C29D0DFB4FF3086796AAEEC5D] - [12/10/2016 13:01:24] - |A| - [3356] - C:\WINDOWS\System32\Tasks\Driver Genius Scheduler : C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [MD5.6AF84A105B94F4166EF4102286687063] - [12/10/2016 13:01:23] - |A| - [3016] - C:\WINDOWS\System32\Tasks\Driver Genius Skip UAC : C:\Program Files (x86)\Driver-Soft\DriverGenius\DriverGenius.exe [MD5.417CCE938F79F867B5E3B630FC5EFA28] - [31/08/2016 16:16:26] - |A| - [3384] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [MD5.2924711E0085BD843C9491786E4C2DBF] - [31/08/2016 16:16:26] - |A| - [3562] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [MD5.848E55CD2D9D70C8CB4369D235F4BBCB] - [06/09/2016 19:19:52] - |A| - [3062] - C:\WINDOWS\System32\Tasks\GMHSkipUAC : C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [MD5.00000000000000000000000000000000] - [16/07/2016 13:47:48] - |D| - [493166] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [06/09/2016 16:06:55] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software [MD5.00000000000000000000000000000000] - [04/09/2016 09:19:12] - |D| - [2386] - C:\WINDOWS\System32\Tasks\Nero [MD5.774CDD1AEBDF3B2A58999D3DDD4ED2E7] - [04/09/2016 09:10:29] - |A| - [2596] - C:\WINDOWS\System32\Tasks\Nero TuneItUp PRO : C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe [MD5.AF5E056DD2927703071C0E382F656FD1] - [31/08/2016 16:16:30] - |A| - [2820] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task : C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [MD5.58A5CD5CA2077E1E28566336293061AA] - [03/09/2016 07:50:59] - |A| - [3650] - C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan : C:\Program Files (x86)\Reason\Security\rsUI.exe [MD5.DE021F5058A8D660FFAED8ECE7573511] - [03/09/2016 08:52:37] - |A| - [3680] - C:\WINDOWS\System32\Tasks\ShouldIRemoveIt_Notifications : C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [MD5.62D62D15883327C137FC6BB639B94542] - [04/10/2016 07:23:18] - |A| - [2838] - C:\WINDOWS\System32\Tasks\simplitec Power Suite : C:\Program Files (x86)\simplitec\simplisafe\PowerSuite.exe [MD5.2A226CCB9019890FA2BF0C28E083A9FB] - [04/10/2016 07:25:21] - |A| - [2932] - C:\WINDOWS\System32\Tasks\simplitec Power Suite (Tray) : C:\Program Files (x86)\simplitec\simplisafe\ServiceProvider.exe [MD5.74A026B82641CDA10BB09EF923184E53] - [03/09/2016 15:37:47] - |A| - [3506] - C:\WINDOWS\System32\Tasks\SoftwareUpdate Pro : C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe [MD5.EDF3B7F7ACD2B6A3F93CE5B227580626] - [06/09/2016 16:18:43] - |A| - [4174] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3EF053DA-9088-495B-9E19-1A7664ABB844} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [07/09/2016 13:21:14] - |D| - [6710] - C:\WINDOWS\System32\Tasks\WiseCleaner [MD5.00000000000000000000000000000000] - [03/09/2016 13:41:33] - |D| - [4020] - C:\WINDOWS\System32\Tasks\Wondershare [MD5.00000000000000000000000000000000] - [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "{3410E492-FE70-46F8-B88B-564D689DF9A7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART| "{FFFD19F0-96D3-46E3-B698-A88976A081E2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART| "{D3B7B8A3-F867-4429-8B90-A6DA31912C30}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe|Name=True Vector| "{1042AA52-3C22-4BCF-97E7-8D248C38C173}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe|Name=True Vector| "{B71BEF05-1599-4A18-AECC-11F6E60DE130}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe|Name=True Vector| "{9E9656E4-5929-4FCF-B1DD-D2466BCFE343}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe|Name=True Vector| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem8.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/09/2016 15:46:27] - (1.0.40.0) - (Condusiv Technologies - Device Filter Manager Driver) - C:\WINDOWS\system32\drivers\DKDFM.sys [30/09/2016 07:00:48] - (1.6.7441.347) - (COMODO - COMODO Cloud Antivirus Driver) - C:\WINDOWS\system32\drivers\CmdCCAV.sys [07/10/2014 13:14:42] - (7.0.0.1618) - (COMODO Security Solutions Inc. - COMODO BackUp Minifilter Driver) - C:\WINDOWS\system32\DRIVERS\CBReparse.sys [02/09/2016 15:46:27] - (1.0.42.0) - (Condusiv Technologies - Telemetry File System Mini Filter Driver) - C:\WINDOWS\system32\drivers\DKTLFSMF.sys [07/10/2014 13:14:42] - (1.0.0.975) - (COMODO Security Solutions Inc. - COMODO BackUp Safe FileSystem Driver) - C:\WINDOWS\system32\DRIVERS\CBUFS.sys [07/10/2014 13:14:40] - (1.0.0.972) - (COMODO Security Solutions Inc. - COMODO Backup Disk Driver) - C:\WINDOWS\system32\DRIVERS\bdisk.sys [07/10/2014 13:14:44] - (7.0.0.1619) - (COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Driver) - C:\WINDOWS\system32\DRIVERS\cbvd.sys [09/09/2016 17:03:48] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys [09/09/2016 17:03:53] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys [16/02/2016 16:52:38] - (7.0.0.12) - (BitDefender LLC - BitDefender Firewall NDIS6 Filter Driver) - C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys [16/02/2016 16:52:38] - (7.0.0.8) - (BitDefender LLC - BitDefender Firewall WFP Filter Driver) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys [07/09/2016 14:38:47] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zamguard64.sys [07/09/2016 14:38:49] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zam64.sys [03/10/2016 20:42:23] - (1.1.7388.29) - (COMODO - Internet Security Essentials Driver) - C:\WINDOWS\system32\drivers\isedrv.sys [03/09/2016 22:11:02] - (1.1.0.263) - (Glarysoft Ltd - The driver for the Startup Manager tool) - C:\WINDOWS\System32\drivers\GUSBootStartup.sys [09/09/2016 17:03:55] - (1.0.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Image Preview Driver) - C:\WINDOWS\system32\drivers\EuFdDisk.sys [09/09/2016 17:03:54] - (1.2.0.1) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Access Driver) - C:\WINDOWS\system32\drivers\eudskacs.sys [16/07/2016 13:41:53] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys [05/01/2016 13:45:28] - (3.11.12293.6311) - (BitDefender - BitDefender AntiVirus Active Virus Control Hypervisor driver) - C:\WINDOWS\system32\DRIVERS\avchv.sys [06/09/2016 23:30:35] - (2.0.0.3505) - (CyberLink - CyberLink Virtual CDROM Bus Enumerator) - C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [07/10/2014 13:14:46] - (1.0.0.973) - (COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Bus Driver) - C:\WINDOWS\System32\drivers\vdbus.sys [28/08/2016 19:38:50] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Pro Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtproscsibus.sys [07/09/2016 14:10:10] - (1.2.0.7524) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\WINDOWS\system32\DRIVERS\clwvd7.sys [07/09/2016 20:52:51] - (2.0.0.8821) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\WINDOWS\system32\DRIVERS\clwvdVM.sys [07/09/2016 20:53:09] - (1.0.1.1522) - (CyberLink - Virtual Audio-In Device) - C:\WINDOWS\system32\drivers\clvad.sys [06/09/2016 16:52:10] - (10.0.10586.31225) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys [12/11/2015 22:50:10] - (1.1.0.0) - (Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver) - C:\WINDOWS\System32\drivers\wdcsam64.sys [07/10/2016 13:41:15] - (1.8.2.328) - (Zemana Ltd. - Zemana AntiLogger Free) - C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys [16/07/2016 13:42:23] - (5.1.2.248) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL [27/07/2016 23:03:56] - (14.3.102.0) - (Check Point Software Technologies Ltd. - ZoneAlarm) - C:\WINDOWS\system32\DRIVERS\vsdatant.sys [08/09/2016 16:15:03] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\amwrtdrv.sys [05/01/2016 13:45:28] - (3.11.12727.6315) - (BitDefender - Active Virus Control filter driver) - C:\WINDOWS\system32\DRIVERS\avc3.sys [28/04/2016 17:20:32] - (2.0.0.64) - (BitDefender LLC - BitDefender Gonzales FileSystem Driver) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys ---------- | LoadOrderGroup Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK Name: FCBUFS Activity Monitor - DriverEnabled: False - GroupOrder: 73 - Status: OK Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 74 - Status: OK Name: NetworkService - DriverEnabled: False - GroupOrder: 75 - Status: OK Name: Early-Launch - DriverEnabled: False - GroupOrder: 76 - Status: OK Name: LocalService - DriverEnabled: False - GroupOrder: 77 - Status: OK ---------- | LoadOrderGroupServiceDependencies LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs" ---------- | LoadOrderGroupServiceMembers LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc" LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder" LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv" LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure" LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch" LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall" LoadOrderGroup.Name="TDI" - Service.Name="Dhcp" LoadOrderGroup.Name="TDI" - Service.Name="Dnscache" LoadOrderGroup.Name="TDI" - Service.Name="dot3svc" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware" LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi" LoadOrderGroup.Name="File System" - SystemDriver.Name="AutoSave" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avc3" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="avchv" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avckf" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2" LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="BdfNdisf" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="bdfwfpf" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="bdisk" LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep" LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum" LoadOrderGroup.Name="FCBUFS Activity Monitor" - SystemDriver.Name="CBUFS" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="cbvd" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass" LoadOrderGroup.Name="Event Log" - Service.Name="EventLog" LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc" LoadOrderGroup.Name="TDI" - Service.Name="icssvc" LoadOrderGroup.Name="TDI" - Service.Name="irmon" LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation" LoadOrderGroup.Name="TDI" - Service.Name="lmhosts" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM" LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker" LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc" LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI" LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS" LoadOrderGroup.Name="base" - SystemDriver.Name="clreg" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CLVirtualBus01" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="cmdccav" LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG" LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus" LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc" LoadOrderGroup.Name="Primary Disk" - SystemDriver.Name="DKDFM" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="DKRtWrt" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="DKTLFSMF" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="dtproscsibus" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat" LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol" LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt" LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus" LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="irda" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic" LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="keycrypt" LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD" LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus" LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay" LoadOrderGroup.Name="Plugplay" - Service.Name="Power" LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs" LoadOrderGroup.Name="PlugPlay" - Service.Name="RtkAudioService" LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr" LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr" LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge" LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig" LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr" LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy" LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT" LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS" LoadOrderGroup.Name="Base" - SystemDriver.Name="Null" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor" LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection" LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler" LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia" LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched" LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd" LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Reparse" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr" LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial" LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2" LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme" LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt" LoadOrderGroup.Name="TDI" - Service.Name="vsmon" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc" LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc" LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient" LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc" LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc" LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc" LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Trufos" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea" LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub" LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci" LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="vdbus" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp" LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Vsdatant" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs" LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="WdBoot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="WIMMount" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi" LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof" LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="WofAdk" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice" LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan" LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf" LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip" LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid" ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - 3ware () -> System32\drivers\3ware.sys R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS S0 - amdsata () -> System32\drivers\amdsata.sys S0 - amdsbs () -> System32\drivers\amdsbs.sys S0 - amdxata () -> System32\drivers\amdxata.sys S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys R0 - bdisk (Comodo Disk Raw Access Filter) -> system32\DRIVERS\bdisk.sys R0 - CBUFS (CBUFS) -> system32\DRIVERS\CBUFS.sys R0 - cbvd (Comodo Backup Virtual Disk) -> system32\DRIVERS\cbvd.sys R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys R0 - cmdccav (cmdccav) -> system32\drivers\CmdCCAV.sys R0 - CNG () -> System32\Drivers\cng.sys S0 - Compbatt () -> (?) R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys R0 - DKDFM (Device Filter Manager Driver) -> system32\drivers\DKDFM.sys R0 - DKTLFSMF (Telemetry File System Mini Filter Driver) -> system32\drivers\DKTLFSMF.sys S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys S0 - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys R0 - EUBAKUP (EUBAKUP) -> system32\drivers\eubakup.sys R0 - EUBKMON (EUBKMON) -> system32\drivers\EUBKMON.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys S0 - HpSAMD () -> System32\drivers\HpSAMD.sys S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys S0 - intelide () -> System32\drivers\intelide.sys R0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys R0 - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys S0 - isapnp () -> System32\drivers\isapnp.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys S0 - megasas () -> System32\drivers\megasas.sys S0 - megasr () -> System32\drivers\megasr.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msisadrv () -> System32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys S0 - mvumis () -> System32\drivers\mvumis.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys S0 - nvraid () -> System32\drivers\nvraid.sys S0 - nvstor () -> System32\drivers\nvstor.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys S0 - pciide () -> System32\drivers\pciide.sys S0 - pcmcia () -> System32\drivers\pcmcia.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys S0 - percsas2i () -> System32\drivers\percsas2i.sys S0 - percsas3i () -> System32\drivers\percsas3i.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys R0 - Reparse (Reparse) -> system32\DRIVERS\CBReparse.sys S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys S0 - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys S0 - stexstor () -> System32\drivers\stexstor.sys R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys S0 - storvsc () -> System32\drivers\storvsc.sys R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys R0 - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys S0 - vsmraid () -> System32\drivers\vsmraid.sys S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys S0 - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R0 - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys R0 - Wof (Windows Overlay File System Filter Driver) -> (?) R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys S1 - AutoSave () -> (?) R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys R1 - BdfNdisf (@oem3.inf,%BdfNdisf_Desc%;BitDefender Firewall NDIS 6 Filter Driver) -> \SystemRoot\system32\DRIVERS\bdfndisf6.sys R1 - bdfwfpf (bdfwfpf) -> \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys R1 - Beep (Beep) -> (?) R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys R1 - EUDSKACS (EUDSKACS) -> \??\C:\WINDOWS\system32\drivers\eudskacs.sys R1 - EUFDDISK (EUFDDISK) -> \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys R1 - GUSBootStartup (GUSBootStartup) -> \??\C:\WINDOWS\System32\drivers\GUSBootStartup.sys R1 - isedrv (Internet Security Essentials) -> \SystemRoot\system32\drivers\isedrv.sys R1 - Msfs () -> (?) R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys R1 - Vsdatant (@oem21.inf,%Vsdatant_Desc%;Zone Alarm Firewall Driver) -> System32\drivers\vsdatant.sys R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys R1 - ZAM (ZAM Helper Driver) -> \??\C:\WINDOWS\System32\drivers\zam64.sys R1 - ZAM_Guard (ZAM Guard Driver) -> \??\C:\WINDOWS\System32\drivers\zamguard64.sys S2 - agp440 () -> (?) S2 - AMD FUEL Service (AMD FUEL Service) -> "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService R2 - amwrtdrv (amwrtdrv) -> \??\C:\WINDOWS\System32\amwrtdrv.sys R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork S2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch S2 - ccavsrv (ccavsrv) -> "C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" -service S2 - CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S2 - CDPUserSvc (@%SystemRoot%\system32\cdpusersvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R2 - CDPUserSvc_47b39 (CDPUserSvc_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork S2 - COSService.exe (COMODO Online Storage Service) -> C:\Program Files\COMODO\COMMON\COSService.exe R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork S2 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - EaseUS Agent (Service Agent EaseUS) -> "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe" S2 - EpsonScanSvc (Epson Scanner Service) -> C:\Windows\system32\EscSvc64.exe S2 - ERSvc () -> (?) R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - IAStorDataMgrsvc () -> (?) R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs S2 - isesrv (isesrv) -> "C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe" -service R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService S2 - LavasoftAdAwareService11 (Ad-Aware Service 11) -> "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe" R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys S2 - MSSQL$ADK (SQL Server (ADK)) -> "C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe" -sADK S2 - NAUpdate (@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200) -> "C:\Program Files (x86)\Nero\Update\NASvc.exe" R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys S2 - NeroBackItUpBackgroundService (Nero BackItUp Background Service) -> "C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe" S2 - NIHardwareService () -> (?) R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService S2 - NVSvc () -> (?) S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R2 - OneSyncSvc_47b39 (Hôte de synchronisation_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - Parvdm () -> (?) R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys S2 - PlaysService (Plays.tv Update Service) -> "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-200) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - Rebit-5-Svc (Rebit 5 Svc) -> "C:\Program Files\Rebit 5\Rebit-5-Svc.exe" R2 - Rebit-Pro-Svc (Rebit Pro Backup Service) -> "C:\Program Files\Rebit\Rebit Pro\Rebit-Pro-Svc.exe" R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss S2 - rscp (rscp) -> "C:\Program Files (x86)\Reason\Security\Protection\rscp\bin\rscp_svc.exe" S2 - rsEngineSvc (Reason Core Security Engine Service) -> "C:\Program Files (x86)\Reason\Security\rsEngineSvc.exe" R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys S2 - RtkAudioService (Realtek Audio Service) -> "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs S2 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe S2 - SQLWriter (SQL Server VSS Writer) -> "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" S2 - srService () -> (?) R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys S2 - SynchronizationService.exe (COMODO BackUp Service) -> C:\Program Files\COMODO\COMMON\SynchronizationService.exe R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - TeamViewer (TeamViewer 11) -> "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - vsmon (TrueVector Internet Monitor) -> "C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service S2 - VSS (@%systemroot%\system32\vssvc.exe,-102) -> %systemroot%\system32\vssvc.exe R2 - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys R2 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup R2 - WinDefend (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310) -> "%ProgramFiles%\Windows Defender\MsMpEng.exe" R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - WpnService (@%SystemRoot%\system32\wpnservice.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S2 - ZAMSvc (ZAM Controller Service) -> "C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe" /service R2 - ZAPrivacyService (ZoneAlarm Privacy Service) -> "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe" S3 - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys S3 - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys S3 - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys S3 - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys S3 - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys S3 - AJRouter (@%SystemRoot%\system32\AJRouter.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) -> %SystemRoot%\System32\alg.exe S3 - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys R3 - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys R3 - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys R3 - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys S3 - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys S3 - AppReadiness (@%SystemRoot%\System32\AppReadiness.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k AppReadiness S3 - AppXSvc (@%SystemRoot%\system32\appxdeploymentserver.dll,-1) -> %systemroot%\system32\svchost.exe -k wsappx S3 - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys R3 - avc3 (avc3) -> system32\DRIVERS\avc3.sys R3 - avchv (@oem0.inf,%ServiceDesc%;avchv Function Driver) -> \SystemRoot\system32\DRIVERS\avchv.sys S3 - avckf (avckf) -> system32\DRIVERS\avckf.sys S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) -> %SystemRoot%\system32\svchost.exe -k AxInstSVGroup S3 - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys S3 - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs R3 - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys R3 - Browser (@%systemroot%\system32\browser.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys S3 - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys S3 - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys S3 - BthHFSrv (@%SystemRoot%\System32\BthHFSrv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation S3 - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys S3 - bthserv (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalService S3 - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys S3 - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys S3 - cht4iscsi () -> System32\drivers\cht4sx64.sys S3 - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys S3 - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys S3 - ClipSVC (@%SystemRoot%\system32\ClipSVC.dll,-103) -> %SystemRoot%\System32\svchost.exe -k wsappx R3 - clvad () -> \SystemRoot\system32\drivers\clvad.sys R3 - CLVirtualBus01 (@oem6.inf,%CLVirtualBus01.SVCDESC%;CyberLink Virtual CDROM Bus Enumerator) -> \SystemRoot\System32\drivers\CLVirtualBus01.sys R3 - clwvd7 (@oem18.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 7.0 Service) -> \SystemRoot\system32\DRIVERS\clwvd7.sys R3 - clwvdVM (@oem19.inf,%clwvd.DeviceDesc% Service;Camera for VideoMeeting+/PresenterLink+ Service) -> \SystemRoot\system32\DRIVERS\clwvdVM.sys S3 - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys R3 - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys S3 - COMSysApp (@comres.dll,-947) -> %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} R3 - condrv (Console Driver) -> System32\drivers\condrv.sys S3 - DcpSvc (@%SystemRoot%\system32\dcpsvc.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k defragsvc S3 - DeviceInstall (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch S3 - DevQueryBroker (@%SystemRoot%\system32\DevQueryBroker.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - diagnosticshub.standardcollector.service (@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000) -> %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe S3 - Disc Soft Pro Bus Service (Disc Soft Pro Bus Service) -> "C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe" S3 - DKRtWrt (DKRtWrt) -> \??\C:\WINDOWS\system32\drivers\DKRtWrt.sys S3 - DmEnrollmentSvc (@%systemroot%\system32\Windows.Internal.Management.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs S3 - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys S3 - dmwappushservice (@%SystemRoot%\system32\dmwappushsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Pilotes audio approuvés par Microsoft) -> \SystemRoot\system32\DRIVERS\drmkaud.sys S3 - DsmSvc (@%SystemRoot%\system32\DeviceSetupManager.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - DsSvc (@%SystemRoot%\system32\dssvc.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R3 - dtproscsibus (@oem2.inf,%DTPROSCSIBUS.DeviceDesc%;DAEMON Tools Pro Virtual SCSI Bus) -> \SystemRoot\System32\drivers\dtproscsibus.sys R3 - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys S3 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe S3 - embeddedmode (@%SystemRoot%\system32\embeddedmodesvc.dll,-201) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S3 - EntAppSvc (@EnterpriseAppMgmtSvc.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel S3 - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys S3 - ESLoadService (ESLoadService) -> "C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\ESLoadService.exe" R3 - exfat (exFAT File System Driver) -> (?) R3 - fastfat (FAT12/16/32 File System Driver) -> (?) S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) -> %systemroot%\system32\fxssvc.exe S3 - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation S3 - fhsvc (@%systemroot%\system32\fhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys S3 - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys S3 - FrameServer (@%systemroot%\system32\FrameServer.dll,-100) -> %SystemRoot%\System32\svchost.exe -k Camera S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys S3 - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys S3 - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys S3 - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys R3 - gzflt () -> \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.129.0\gzflt.sys S3 - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio) -> \SystemRoot\system32\DRIVERS\HdAudio.sys R3 - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys S3 - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys S3 - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Miniport HID Microsoft Bluetooth) -> \SystemRoot\System32\drivers\hidbth.sys S3 - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys S3 - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys S3 - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R3 - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys S3 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R3 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys S3 - HvHost (@%SystemRoot%\system32\hvhostsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys S3 - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Users\jean-\AppData\Local\Temp\HWiNFO64A.SYS S3 - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys S3 - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys S3 - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys S3 - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys S3 - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys S3 - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys S3 - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys S3 - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys S3 - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys S3 - icssvc (@%SystemRoot%\System32\tetheringservice.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted S3 - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys R3 - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys S3 - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys S3 - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys S3 - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys S3 - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys S3 - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys S3 - irmon (@%SystemRoot%\System32\irmon.dll,-2000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys R3 - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys R3 - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys R3 - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys R3 - keycrypt () -> system32\DRIVERS\KeyCrypt64.sys R3 - KeyIso (@keyiso.dll,-100) -> %SystemRoot%\system32\lsass.exe R3 - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys S3 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation R3 - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys R3 - lfsvc (@%SystemRoot%\System32\lfsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - LicenseManager (@%SystemRoot%\system32\licensemanagersvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalService S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalService S3 - MDA_NTDRV (MDA_NTDRV) -> \??\C:\Windows\system32\MDA_NTDRV.sys S3 - MessagingService (@%SystemRoot%\system32\MessagingService.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup S3 - MessagingService_47b39 (MessagingService_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S3 - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys S3 - Modem () -> system32\drivers\modem.sys R3 - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys R3 - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys R3 - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys S3 - MozillaMaintenance (Mozilla Maintenance Service) -> "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" R3 - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys S3 - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys S3 - MSDTC (@comres.dll,-2797) -> %SystemRoot%\System32\msdtc.exe S3 - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys S3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys S3 - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys S3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V S3 - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys S3 - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys S3 - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys S3 - MsRPC () -> (?) S3 - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys S3 - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys S3 - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys S3 - NcaSvc (@%SystemRoot%\system32\ncasvc.dll,-3009) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R3 - NcdAutoSetup (@%SystemRoot%\system32\NcdAutoSetup.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork S3 - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys S3 - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys S3 - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys S3 - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys S3 - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys R3 - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys S3 - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys S3 - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys S3 - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys S3 - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys S3 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe S3 - Netman (@%SystemRoot%\system32\netman.dll,-109) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R3 - netprofm (@%SystemRoot%\system32\netprofmsvc.dll,-202) -> %SystemRoot%\System32\svchost.exe -k LocalService S3 - NetSetupSvc (@%SystemRoot%\system32\NetSetupSvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - NgcCtnrSvc (@%SystemRoot%\System32\NgcCtnrSvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted S3 - NgcSvc (@%SystemRoot%\System32\ngcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R3 - NTFS () -> (?) S3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet S3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet S3 - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys S3 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) -> %SystemRoot%\SysWow64\perfhost.exe S3 - PhoneSvc (@%SystemRoot%\system32\PhoneserviceRes.dll,-10000) -> %SystemRoot%\system32\svchost.exe -k LocalService S3 - PimIndexMaintenanceSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-15001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R3 - PimIndexMaintenanceSvc_47b39 (Données de contacts_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S3 - pla (@%systemroot%\system32\pla.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet S3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet R3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted S3 - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys S3 - PrintNotify (@C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll,-1) -> %SystemRoot%\system32\svchost.exe -k print S3 - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) -> %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys S3 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys S3 - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys S3 - RasAuto (@%Systemroot%\system32\rasauto.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys S3 - RasMan (@%Systemroot%\system32\rasmans.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys S3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys R3 - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys S3 - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys S3 - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys S3 - ReFSv1 () -> (?) S3 - RetailDemo (@%SystemRoot%\System32\RDXService.dll,-256) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - RmSvc (@%SystemRoot%\system32\RMapi.dll,-1001) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) -> %SystemRoot%\system32\locator.exe R3 - RTSUER (@oem12.inf,%RtsUER%;Realtek USB Card Reader - UER) -> \SystemRoot\system32\Drivers\RtsUer.sys S3 - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys S3 - ScDeviceEnum (@%SystemRoot%\System32\ScDeviceEnum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys S3 - scmdisk0101 (@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver) -> \SystemRoot\System32\drivers\scmdisk0101.sys S3 - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys S3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) -> %SystemRoot%\system32\svchost.exe -k SDRSVC S3 - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys S3 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs S3 - SensorDataService (@%SystemRoot%\system32\SensorDataService.exe,-101) -> %SystemRoot%\System32\SensorDataService.exe S3 - SensorService (@%SystemRoot%\System32\sensorservice.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation S3 - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys S3 - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys S3 - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys S3 - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys S3 - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys S3 - SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys S3 - SmsRouter (@%SystemRoot%\System32\SmsRouterSvc.dll,-10001) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) -> %SystemRoot%\System32\snmptrap.exe S3 - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys R3 - srvnet () -> System32\DRIVERS\srvnet.sys R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService R3 - StateRepository (@%SystemRoot%\system32\windows.staterepository.dll,-1) -> %SystemRoot%\system32\svchost.exe -k appmodel R3 - StorSvc (@%SystemRoot%\System32\StorSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S3 - svsvc (@%SystemRoot%\system32\svsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R3 - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys S3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k swprv S3 - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) -> %SystemRoot%\System32\svchost.exe -k NetworkService S3 - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys S3 - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys S3 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService S3 - TieringEngineService (@%SystemRoot%\system32\TieringEngineService.exe,-702) -> %SystemRoot%\system32\TieringEngineService.exe R3 - TimeBrokerSvc (@%windir%\system32\TimeBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted S3 - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys S3 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S3 - Trufos (Trufos) -> system32\DRIVERS\Trufos.sys S3 - TrustedInstaller (@%SystemRoot%\servicing\TrustedInstaller.exe,-100) -> %SystemRoot%\servicing\TrustedInstaller.exe S3 - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys S3 - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys S3 - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys S3 - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys S3 - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys S3 - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys S3 - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys S3 - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys S3 - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys S3 - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys S3 - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys S3 - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys S3 - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) -> %SystemRoot%\system32\UI0Detect.exe R3 - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys R3 - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys S3 - UmRdpService (@%SystemRoot%\system32\umrdp.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S3 - UnistoreSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-10003) -> %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup R3 - UnistoreSvc_47b39 (Stockage des données utilisateur_47b39) -> C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup S3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation S3 - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys S3 - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys S3 - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys R3 - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys S3 - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys R3 - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys R3 - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys S3 - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys R3 - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys S3 - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys S3 - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys R3 - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS S3 - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys S3 - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS S3 - UserDataSvc (@%SystemRoot%\system32\UserDataAccessRes.dll,-14001) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R3 - UserDataSvc_47b39 (Accès aux données utilisateur_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S3 - UsoSvc (@%systemroot%\system32\usocore.dll,-102) -> %systemroot%\system32\svchost.exe -k netsvcs R3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) -> %SystemRoot%\system32\lsass.exe R3 - vdbus (@oem17.inf,%vdbus.SVCDESC%;Virtual Disk Bus Enumerator) -> \SystemRoot\System32\drivers\vdbus.sys R3 - vds (@%SystemRoot%\system32\vds.exe,-100) -> %SystemRoot%\System32\vds.exe S3 - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys S3 - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys S3 - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys S3 - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys S3 - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys S3 - vmicvmsession (@%systemroot%\system32\icsvc.dll,-901) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys S3 - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys S3 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService S3 - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys S3 - WalletService (@%SystemRoot%\System32\WalletService.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k appmodel S3 - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys S3 - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) -> "%systemroot%\system32\wbengine.exe" S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation R3 - WDC_SAM (@oem8.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) -> %SystemRoot%\System32\svchost.exe -k LocalService R3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S3 - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys R3 - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys R3 - WdNisSvc (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320) -> "%ProgramFiles%\Windows Defender\NisSrv.exe" S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k NetworkService S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) -> %SystemRoot%\System32\svchost.exe -k netsvcs S3 - WiaRpc (@%SystemRoot%\system32\wiarpc.dll,-2) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted S3 - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> \??\C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys R3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S3 - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k NetworkService S3 - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS S3 - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys S3 - wisvc (@%SystemRoot%\system32\flightsettings.dll,-104) -> %systemroot%\system32\svchost.exe -k netsvcs S3 - wlidsvc (@%SystemRoot%\system32\wlidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys R3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) -> %systemroot%\system32\wbem\WmiApSrv.exe S3 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" S3 - WofAdk (WofAdk) -> \??\C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wofadk.sys S3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R3 - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys S3 - WpnUserService (@%SystemRoot%\system32\WpnUserService.dll,-1) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup S3 - WpnUserService_47b39 (Service utilisateur de notifications Push Windows_47b39) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S3 - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys S3 - WSDScan (@sti.inf,%WSDScan.SvcDesc%;Prise en charge de la numérisation WSD) -> \SystemRoot\system32\DRIVERS\WSDScan.sys R3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys R3 - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> system32\drivers\WudfRd.sys R3 - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys S3 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork S3 - XblAuthManager (@%systemroot%\system32\XblAuthManager.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - XblGameSave (@%systemroot%\system32\XblGameSave.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys S3 - XboxNetApiSvc (@%systemroot%\system32\XboxNetApiSvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S3 - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys S4 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe S4 - BingDesktopUpdate (Bing Desktop Update service) -> "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" R4 - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys S4 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) -> %SystemRoot%\system32\svchost.exe -k netsvcs S4 - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys S4 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc S4 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) -> %systemroot%\system32\svchost.exe -k netsvcs S4 - NcbService (@%SystemRoot%\system32\ncbservice.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S4 - NetTcpPortSharing (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs S4 - RemoteRegistry (@regsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k localService S4 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation S4 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) -> %SystemRoot%\system32\svchost.exe -k netsvcs S4 - shpamsvc (@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs S4 - smphost (@%SystemRoot%\System32\smphost.dll,-102) -> %SystemRoot%\System32\svchost.exe -k smphost S4 - SQLAgent$ADK (SQL Server Agent (ADK)) -> "C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\SQLAGENT.EXE" -i ADK S4 - SQLBrowser (SQL Server Browser) -> "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" S4 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted S4 - tzautoupdate (@%SystemRoot%\system32\tzautoupdate.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService S4 - udfs (udfs) -> system32\DRIVERS\udfs.sys S4 - vmicguestinterface (@%systemroot%\system32\icsvc.dll,-801) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S4 - vmicheartbeat (@%systemroot%\system32\icsvc.dll,-101) -> %systemroot%\system32\svchost.exe -k ICService S4 - vmickvpexchange (@%systemroot%\system32\icsvc.dll,-201) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S4 - vmicrdv (@%systemroot%\system32\icsvcext.dll,-601) -> %systemroot%\system32\svchost.exe -k ICService S4 - vmicshutdown (@%systemroot%\system32\icsvc.dll,-301) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S4 - vmictimesync (@%systemroot%\system32\icsvc.dll,-401) -> %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted S4 - vmicvss (@%systemroot%\system32\icsvcext.dll,-501) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted S4 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup S4 - WEPHOSTSVC (@%systemroot%\system32\wephostsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k WepHostSvcGroup S4 - workfolderssvc (@%systemroot%\system32\workfolderssvc.dll,-102) -> %SystemRoot%\System32\svchost.exe -k LocalService S4 - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys S4 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 13:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.8E6E3C6D32042055F918C457B3CB683C] - [07/09/2016 14:41:11] - (.Zemana Ltd. - Zemana AntiLogger Free.) - [155.63 Ko] - (1.8.2.328) - C:\WINDOWS\System32\Drivers\5823A559-8622-4D36-B1-97-5B-A9-11-32-81-2F.sys [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 13:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 13:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 13:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 13:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 13:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.D1F059A530620DCF71303B525D52CA97] - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [21141.48 Ko] - (8.1.1.1500) - C:\WINDOWS\System32\Drivers\atikmdag.sys [MD5.AD96CC96B6A0CEE8910A13679426C970] - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [658.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\Drivers\atikmpag.sys [MD5.CCF9DED019BAD2701F39A140FC4D6C44] - [05/01/2016 13:45:28] - (.Copyright © BitDefender - Active Virus Control filter driver.) - [1563 Ko] - (3.11.12727.6315) - C:\WINDOWS\System32\Drivers\avc3.sys [MD5.3FC014DABD685F8958C89EAA35D77368] - [05/01/2016 13:45:28] - (.Copyright © BitDefender - BitDefender AntiVirus Active Virus Control Hypervisor driver.) - [275.39 Ko] - (3.11.12293.6311) - C:\WINDOWS\System32\Drivers\avchv.sys [MD5.4D3ADB9A6B623D332F0D0ED39613BB04] - [05/01/2016 13:45:28] - (.Copyright © BitDefender - Active Virus Control Kernel Filtering driver.) - [757.25 Ko] - (3.11.12293.6311) - C:\WINDOWS\System32\Drivers\avckf.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 13:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 13:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.AF3E1ABAB951FC9064267ED76268F41B] - [16/02/2016 16:52:38] - (.Copyright (C) BitDefender LLC - BitDefender Firewall NDIS6 Filter Driver.) - [104.98 Ko] - (7.0.0.12) - C:\WINDOWS\System32\Drivers\bdfndisf6.sys [MD5.C7C6393C540A1EE534BCEE74626DE987] - [07/10/2014 13:14:40] - (.© 2014 COMODO Security Solutions Inc. - COMODO Backup Disk Driver.) - [83.48 Ko] - (1.0.0.972) - C:\WINDOWS\System32\Drivers\bdisk.sys [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 13:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.D7F279E28D757821232E7AF1DFDC57BA] - [07/10/2014 13:14:42] - (.© 2014 COMODO Security Solutions Inc. - COMODO BackUp Minifilter Driver.) - [658.36 Ko] - (7.0.0.1618) - C:\WINDOWS\System32\Drivers\CBreparse.sys [MD5.10CDB598B555D2A06DA52A6C2D5F7DFE] - [07/10/2014 13:14:42] - (.© 2014 COMODO Security Solutions Inc. - COMODO BackUp Safe FileSystem Driver.) - [225.3 Ko] - (1.0.0.975) - C:\WINDOWS\System32\Drivers\CBUFS.sys [MD5.8D73FFFD9762EECF7680C4368A38B653] - [07/10/2014 13:14:44] - (.© 2014 COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Driver.) - [661.86 Ko] - (7.0.0.1619) - C:\WINDOWS\System32\Drivers\cbvd.sys [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 13:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 13:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 13:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys [MD5.EFC50A6C4C6B6F9AA09AFAC5C15881B6] - [07/09/2016 20:53:09] - (.Copyright (C) CyberLink 2015- - Virtual Audio-In Device.) - [39.44 Ko] - (1.0.1.1522) - C:\WINDOWS\System32\Drivers\clvad.sys [MD5.0C7626AFB2419207B2ABCB6F8AEA334F] - [06/09/2016 23:30:35] - (.Copyright (C) 2014 CyberLink - CyberLink Virtual CDROM Bus Enumerator.) - [100.76 Ko] - (2.0.0.3505) - C:\WINDOWS\System32\Drivers\CLVirtualBus01.sys [MD5.30EAA7468E7721A99ED8221A7CEE7A80] - [07/09/2016 14:10:10] - (.Copyright (C) 2009 CyberLink Corporation. - CyberLink WebCam Virtual Driver.) - [48.77 Ko] - (1.2.0.7524) - C:\WINDOWS\System32\Drivers\clwvd7.sys [MD5.0FBA6EDE873360E0AD44BB74A8B1ED85] - [07/09/2016 20:52:51] - (.Copyright (C) 2009 CyberLink Corporation. - CyberLink WebCam Virtual Driver.) - [53.95 Ko] - (2.0.0.8821) - C:\WINDOWS\System32\Drivers\clwvdVM.sys [MD5.1D9797BDFD282DCF48B5E0217C5957FC] - [30/09/2016 07:00:48] - (.2005-2016 COMODO. - COMODO Cloud Antivirus Driver.) - [151.59 Ko] - (1.6.7441.347) - C:\WINDOWS\System32\Drivers\CmdCCAV.sys [MD5.209C1E29E9558D80A246E219C25754F1] - [02/09/2016 15:46:27] - (.Condusiv TechnologiesCopyright © 2013 - Device Filter Manager Driver.) - [40.77 Ko] - (1.0.40.0) - C:\WINDOWS\System32\Drivers\DKDFM.sys [MD5.2FAA591ACD663B45E5685340312B7D7A] - [02/09/2016 15:46:28] - (.Condusiv Technologies Copyright © 2013 - IntelliWrite Mini-Filter Driver.) - [52.27 Ko] - (4.0.8.0) - C:\WINDOWS\System32\Drivers\DKRtWrt.sys [MD5.25558ECF737490235264FC5FA013D9EB] - [02/09/2016 15:46:27] - (.Condusiv TechnologiesCopyright © 2014 - Telemetry File System Mini Filter Driver.) - [116.73 Ko] - (1.0.42.0) - C:\WINDOWS\System32\Drivers\DKTLFSMF.sys [MD5.726E40B11612664486BB6C6105283C95] - [28/08/2016 19:38:50] - (.Copyright (C) 2000-2015 - DAEMON Tools Pro Virtual SCSI Bus Driver.) - [29.55 Ko] - (5.28.0.0) - C:\WINDOWS\System32\Drivers\dtproscsibus.sys [MD5.83EF0C33B56360761AE2DDB86E47B2E8] - [09/09/2016 17:03:53] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - Disk Backup Driver.) - [59.54 Ko] - (1.0.1.0) - C:\WINDOWS\System32\Drivers\eubakup.sys [MD5.CCF2072C27B5F84447A0829014C43760] - [09/09/2016 17:03:48] - (.-.) - [47.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\EUBKMON.sys [MD5.44A0838432C8A31A5D6CBE0BF348CED6] - [09/09/2016 17:03:54] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - Disk Access Driver.) - [18.04 Ko] - (1.2.0.1) - C:\WINDOWS\System32\Drivers\eudskacs.sys [MD5.D05585505CB20235E7C665158464551D] - [09/09/2016 17:03:55] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - Disk Backup Image Preview Driver.) - [188.04 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Drivers\EuFdDisk.sys [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 13:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.E4626B663B94E5FEB90F497395B5C059] - [03/09/2016 22:11:02] - (.Copyright (c) 2003-2015 Glarysoft Ltd - The driver for the Startup Manager tool.) - [19.69 Ko] - (1.1.0.263) - C:\WINDOWS\System32\Drivers\GUSBootStartup.sys [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 13:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 13:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 13:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 13:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 13:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 13:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 13:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 13:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 13:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 13:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.AFFAC761AE0FA633BB09E86F15186778] - [03/10/2016 20:42:23] - (.2005-2016 COMODO. - Internet Security Essentials Driver.) - [49.21 Ko] - (1.1.7388.29) - C:\WINDOWS\System32\Drivers\isedrv.sys [MD5.8E6E3C6D32042055F918C457B3CB683C] - [07/10/2016 13:41:15] - (.Zemana Ltd. - Zemana AntiLogger Free.) - [155.63 Ko] - (1.8.2.328) - C:\WINDOWS\System32\Drivers\KeyCrypt64.sys [MD5.4E444F41E69BBE2E0BAE34D5DFCB5732] - [16/07/2016 13:41:53] - (.2001-2012 Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller.) - [118.5 Ko] - (2.1.0.16) - C:\WINDOWS\System32\Drivers\L1C63x64.sys [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 13:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 13:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 13:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 13:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 13:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 13:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 13:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 13:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 13:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 13:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 13:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 13:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 13:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 13:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.39200ECEFB50612B13B5D16545BEB201] - [08/09/2016 15:02:21] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [4595.25 Ko] - (6.0.1.7687) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.9B78249A7866242755C866CE3CA9CA72] - [06/09/2016 16:52:10] - (.Copyright © Realtek Semiconductor Corporation 2013 - RTS USB READER Driver.) - [406.71 Ko] - (10.0.10586.31225) - C:\WINDOWS\System32\Drivers\RtsUer.sys [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 13:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 13:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 13:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.40A8AB90F3CB342F037B493A8EADE4B9] - [28/04/2016 17:20:32] - (.(c) 2014 BitDefender S.R.L. - Trufos Kernel Module.) - [474.13 Ko] - (2.4.986.39) - C:\WINDOWS\System32\Drivers\Trufos.sys [MD5.7181DACBD6699770F027A049594A3DCF] - [07/10/2014 13:14:46] - (.© 2014 COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Bus Driver.) - [806.68 Ko] - (1.0.0.973) - C:\WINDOWS\System32\Drivers\vdbus.sys [MD5.CBB55990EA5EC1F3FB1950E680CD63AD] - [27/07/2016 23:03:56] - (.Copyright © 1998-2016, Check Point, LTD - ZoneAlarm.) - [451.46 Ko] - (14.3.102.0) - C:\WINDOWS\System32\Drivers\vsdatant.sys [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 13:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 13:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.A556768CC1FA4F36022BEE2F0EDE2566] - [12/11/2015 22:50:10] - (.© 2006-2015 Western Digital Technologies, Inc. - Western Digital SCSI Architecture Model (SAM) driver.) - [26.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\Drivers\wdcsam64.sys [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 13:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 13:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [07/09/2016 14:38:49] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zam64.sys [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [07/09/2016 14:38:47] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zamguard64.sys [MD5.C5243DF05D97A32FD65EA6CD8420C7DB] - [17/09/2008 10:44:40] - (.Copyright © 1999-2007 Avanquest Publishing USA, Inc. - AutoSave file system filter driver for Windows NT.) - [30.06 Ko] - (2.0.17.0) - C:\WINDOWS\Syswow64\Drivers\AutoSave.sys ---------- | Uninstall [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Should I Remove It 1.0.4] : (Should I Remove It.-.Reason Software Company Inc.) -> msiexec.exe /x {4E62123C-4C0D-4123-A8A2-C0103B92D7EA} [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VideoWatermarkPro] : (Video Watermark Pro.-.WonderFox Soft, Inc.) -> "C:\Users\jean-\Documents\AoaoPhoto Digital Studio\Video Watermark Pro\unin00000.exe" [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{20573C69-4A68-4BEF-A23D-365CB66924CE}] : (Avanquest Message.-.Avanquest Software) -> "C:\Users\jean-\AppData\Roaming\Avanquest Software\SetupAQ\{20573C69-4A68-4BEF-A23D-365CB66924CE}\Setup.exe" /UNINST [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.-.Adlice Software) -> "C:\Program Files\RogueKiller\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" /UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Pro] : (DAEMON Tools Pro.-.Disc Soft Ltd) -> C:\Program Files\DAEMON Tools Pro\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON XP-710 Series] : (EPSON XP-710 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\Windows\system32\spool\DRIVERS\x64\3\E_IINSLPE.EXE /R /APD /P:"EPSON XP-710 Series" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Rebit 5] : (Rebit 5 5.0.1038.13991.-.Rebit, Inc.) -> "C:\Program Files\Rebit 5\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeraCopy_is1] : (TeraCopy 2.3.-.Code Sector) -> "C:\Program Files\TeraCopy\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Unlocker] : (Unlocker 1.9.2.-.Cedrick Collomb) -> C:\Program Files\Unlocker\uninst.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Wondershare Filmora_is1] : (Wondershare Filmora(Build 7.5.0).-.Wondershare Software) -> "C:\Program Files\Wondershare\Filmora\unins000.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{05B0CF4A-564C-4549-913E-AE3EDA16971A}] : (AdAwareInstaller.-.Lavasoft) -> MsiExec.exe /I{05B0CF4A-564C-4549-913E-AE3EDA16971A} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}] : (AntispamEngine.-.Lavasoft) -> MsiExec.exe /I{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}] : (FirewallEngine.-.Lavasoft) -> MsiExec.exe /I{115C1C6A-15A2-48B1-A599-79F1AA1A03F6} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}] : (AntimalwareEngine.-.Lavasoft) -> MsiExec.exe /I{20334FA5-6CD5-48FC-B5F9-D34D75E07845} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26F31E12-3722-45FD-903B-49012286BB4C}] : (OnlineThreatsEngine.-.Lavasoft) -> MsiExec.exe /I{26F31E12-3722-45FD-903B-49012286BB4C} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}] : (AvcEngine.-.Lavasoft) -> MsiExec.exe /I{28349A67-1D99-45A6-A1C1-C5B6D1DF937A} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308}] : (AdAwareUpdater.-.Lavasoft) -> MsiExec.exe /I{36036827-FA38-4A74-8333-26BC4EEC9308} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater] : (Ad-Aware Antivirus.-.Lavasoft) -> "C:\Program Files\Common Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus Updater\11.12.945.9202\AdAwareUpdater.exe" --uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}] : (Rebit Pro (64-bit).-.Rebit, Inc.) -> MsiExec.exe /I{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{80B6E801-3CD2-4A1A-A30E-D38195E41B25}] : (Rebit 5: Viewer components (64 bit).-.Rebit, Inc.) -> MsiExec.exe /I{80B6E801-3CD2-4A1A-A30E-D38195E41B25} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9D025A34-3F45-4F2E-929A-A33CC939C77D}] : (Rebit 5: core components (64 bit).-.Rebit, Inc.) -> MsiExec.exe /I{9D025A34-3F45-4F2E-929A-A33CC939C77D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}] : (COMODO BackUp.-.COMODO) -> C:\WINDOWS\Installer\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}] : (cCloud.-.COMODO) -> C:\WINDOWS\Installer\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4378A80-C713-11DF-9399-005056C00008}] : (Paragon Migrate OS to SSD™ 4.0.-.Paragon Software) -> MsiExec.exe /I{D4378A80-C713-11DF-9399-005056C00008} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F389A14F-B924-E628-4E4F-8D93AFB0215F}] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{F389A14F-B924-E628-4E4F-8D93AFB0215F} REBOOT=ReallySuppress [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Acer Registration] : (Acer Registration.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Registration\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Acer Screensaver] : (Acer ScreenSaver.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Acer Welcome Center] : (Welcome Center.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Welcome Center\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AOMEI OneKey] : (.-.) -> C:\Program Files (x86)\AOMEI OneKey Recovery 1.6\unins000.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\cbColors Folder Icons Full_is1] : (cbColors Folder Icons Full.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\COMODO Cloud Antivirus_list_uninstall] : (COMODO Cloud Antivirus.-.COMODO) -> C:\ProgramData\COMODO\CCAV\installer\ccavstart.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ComodoIse] : (Internet Security Essentials.-.Comodo) -> C:\ProgramData\COMODO\ISE\Installer\isestart.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Driver Genius_is1] : (Driver Genius.-.Driver-Soft Inc.) -> "C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS EverySync_is1] : (EaseUS EverySync 3.0.-.EaseUS) -> "C:\Program Files (x86)\EaseUS\EaseUS EverySync\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Todo Backup_is1] : (EaseUS Todo Backup Free 9.2.-.CHENGDU YIWO Tech Development Co., Ltd) -> "C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Todo PCTrans_is1] : (EaseUS Todo PCTrans 9.0.-.EaseUS) -> "C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EPSON Scanner] : (EPSON Scan.-.Seiko Epson Corporation) -> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Everyday Folder Icons_is1] : (Everyday Folder Icons v 1.0.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins001.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ExpressBurn] : (Express Burn Disc Burning Software.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ExpressZip] : (Express Zip - Compresseur de fichiers.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Extra Folder Icons Full_is1] : (Extra Folder Icons Full.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins002.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Folder Marker Pro_is1] : (Folder Marker Pro.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\herdProtectScan] : (herdProtect Anti-Malware Scanner.-.Reason Company Software Inc.) -> "C:\Program Files (x86)\Reason\herdProtect\Scanner\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HitmanPro.Alert] : (HitmanPro.Alert 3.-.SurfRight B.V.) -> "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Identity Card] : (Identity Card.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Identity Card\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IM_Magic_PR] : (IM-Magic Partition Resizer Free 2016.-.IM-Magic Inc.) -> C:\Program Files\IM-Magic\Partition Resizer\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}] : (MyWinLocker Suite.-.Egis Technology Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint 2.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Unlocker_is1] : (IObit Unlocker.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Unlocker\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObitUninstall] : (IObit Uninstaller.-.IObit) -> "K:\\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\\PortableApps\\IObitUninstallerPortable\\App\\uninstaller\\UninstallDisplay.exe" uninstall_start [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iSkysoft iMedia Converter Deluxe_is1] : (iSkysoft iMedia Converter Deluxe(Build 8.8.0.1).-.iSkysoft Software) -> "C:\Program Files (x86)\iSkysoft\VCU\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LManager] : (Launch Manager.-.Acer Inc.) -> C:\Windows\UNINSTLMv4.EXE LMv4.UNI [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malware Hunter] : (Malware Hunter 1.19.0.33.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Malware Hunter\uninst.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft SQL Server 11] : (Microsoft SQL Server 2012.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 49.0.1 (x86 fr)] : (Mozilla Firefox 49.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Nero_tuneitup_is1] : (Nero TuneItUp PRO.-.Nero AG) -> "C:\Program Files (x86)\Nero\Nero TuneItUp\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Pixillion] : (Pixillion - Convertisseur de fichiers image.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PlaysTV] : (PlaysTV.-.Plays.tv, LLC) -> "C:\Program Files (x86)\Raptr Inc\PlaysTV\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Prism] : (Prism - Convertisseur de fichiers vidéo.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\Prism\prism.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Protected Folder_is1] : (Protected Folder.-.IObit) -> "C:\Program Files (x86)\IObit\Protected Folder\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Raptr] : (Raptr.-.Raptr, Inc) -> "C:\Program Files (x86)\Raptr Inc\Raptr\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Reason Core Security] : (Reason Core Security.-.Reason Software Company Inc.) -> "C:\Program Files (x86)\Reason\Security\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RegSeeker] : (RegSeeker.-.HoverDesk) -> C:\Program Files (x86)\RegSeeker\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1] : (simplisafe.-.simplitec GmbH) -> "C:\Program Files (x86)\simplitec\simplisafe\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Software Update Pro] : (Software Update Pro 5.39.0.33.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Software Update Pro\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Supercopier] : (Supercopier 1.2.3.4.-.Supercopier) -> C:\Program Files\Supercopier\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Switch] : (Switch - Convertisseur de fichiers audio.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\Switch\switch.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 11.-.TeamViewer) -> "C:\Program Files (x86)\TeamViewer\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ultracopier] : (Ultracopier 1.2.3.4.-.Ultracopier) -> C:\Program Files\Ultracopier\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix.-.El Desaparecido - www.usb-antivirus.com - www.sosvirus.net) -> C:\UsbFix\Un-UsbFix.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video to GIF] : (Video to GIF 5.3.-.AoaoPhoto Digital Studio.) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Video to GIF\unins000.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video to Picture] : (Video to Picture 5.3.-.AoaoPhoto Digital Studio.) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Video to Picture\unins000.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Watermark Software] : (Watermark Software 8.3.-.watermark-software.com) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Watermark Software\unins000.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Folder Hider_is1] : (Wise Folder Hider 3.37.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Folder Hider\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise JetSearch_is1] : (Wise JetSearch 2.27.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise JetSearch\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Memory Optimizer_is1] : (Wise Memory Optimizer 3.46.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Memory Optimizer\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Video Downloader_is1] : (Wise Video Downloader 2.41.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Video Downloader\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wondershare TidyMyMusic_is1] : (Wondershare TidyMyMusic(Build 1.5.0.1).-.Wondershare Software) -> "C:\Program Files (x86)\Wondershare\TidyMyMusic\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ZoneAlarm Free Firewall] : (ZoneAlarm Free Firewall.-.Check Point) -> "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /s uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}] : (CyberLink YouCam 7.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}] : (Acer VCM.-.Acer Incorporated) -> "C:\Program Files (x86)\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -runfromtemp -l0x40c -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}] : (Epson Easy Photo Print 2.-.SEIKO EPSON CORPORATION) -> "C:\Program Files (x86)\InstallShield Installation Information\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}\setup.exe" -runfromtemp -l0x040c UNINST -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10085090-E71D-4A54-9E32-44AB37A4CCC6}] : (AutoSave Essentials.-.Nom de votre société) -> MsiExec.exe /I{10085090-E71D-4A54-9E32-44AB37A4CCC6} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2432E589-6256-4513-B0BF-EFA8E325D5F0}] : (Nero SharedVideoCodecs.-.Nero AG) -> MsiExec.exe /X{2432E589-6256-4513-B0BF-EFA8E325D5F0} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}] : (Acrobat.com.-.Adobe Systems Incorporated) -> MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}] : (Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver.-.Atheros Communications Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor 2.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}] : (Acer ePower Management.-.Acer Incorporated) -> "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x40c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40F2F005-FA4C-4BEA-83A6-BFD969467594}] : (Nero BackItUp.-.Nero AG) -> MsiExec.exe /X{40F2F005-FA4C-4BEA-83A6-BFD969467594} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}] : (Should I Remove It.-.Reason Software Company Inc.) -> MsiExec.exe /X{4E62123C-4C0D-4123-A8A2-C0103B92D7EA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1] : (Wondershare Helper Compact 2.5.0.-.Wondershare) -> "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{55B464FA-16DE-4127-A7B8-D49CD2768E63}_is1] : (Turbo View & Convert.-.IMSI/Design, LLC) -> "C:\Program Files (x86)\IMSIDesign\Turbo View & Convert\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconduct Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}] : (Prerequisite installer.-.Nero AG) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}] : (Nero Update.-.Nero AG) -> MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6BF9F374-EC67-4808-A90C-F127DE6D989D}] : (Epson E-Web Print.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{6BF9F374-EC67-4808-A90C-F127DE6D989D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}] : (Epson Software Updater.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{6DBD132B-7F42-4594-BBE7-0BB677EB2926} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7216871F-869E-437C-B9BF-2A13F5DCE635}_is1] : (Wondershare 1-Click PC Care 8.-.Wondershare) -> "C:\Program Files (x86)\Wondershare\1-Click PC Care\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}] : (MyWinLocker Suite.-.Egis Technology Inc.) -> MsiExec.exe /X{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}] : (Avanquest update.-.Avanquest Software) -> "C:\Program Files (x86)\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7A3F3715-7953-4247-8B5C-5D03050B9EA9}] : (CyberLink PresenterLink+.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{7A3F3715-7953-4247-8B5C-5D03050B9EA9}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{7A3F3715-7953-4247-8B5C-5D03050B9EA9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}] : (CyberLink Power2Go 10.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7F811A54-5A09-4579-90E1-C93498E230D9}] : (Acer eRecovery Management.-.Acer Incorporated) -> "C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x40c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80986AB6-3CB0-49db-AB48-1600844D6374}] : (CyberLink PhotoDirector 8.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{80986AB6-3CB0-49db-AB48-1600844D6374}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{80986AB6-3CB0-49db-AB48-1600844D6374} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83D2F005-37FD-4321-B5F7-24EFEACC9834}] : (Nero BurningROM 2016.-.Nero AG) -> MsiExec.exe /I{83D2F005-37FD-4321-B5F7-24EFEACC9834} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.SEIKO EPSON CORPORATION) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8A7820F0-5261-42FC-9790-4D932E7BC5B1}] : (ZoneAlarm Security.-.Check Point Software Technologies Ltd.) -> MsiExec.exe /I{8A7820F0-5261-42FC-9790-4D932E7BC5B1} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiLogger.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiLogger\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}] : (Stashimi Stub Installer.-.Nero AG) -> MsiExec.exe /X{910B539D-F257-46C8-9CB8-6C95EFF9CF22} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-41EE-3DB7-1FDD-5308E332AC28}_is1] : (Ashampoo Slideshow Studio 2017.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Slideshow Studio 2017\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-87C8-5585-2940-1AE1120D4DCC}_is1] : (Ashampoo Privacy Protector v.1.1.3.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92EBE575-0C6E-4713-B095-34BB927E5AC6}] : (Nero CoverDesigner.-.Nero AG) -> MsiExec.exe /X{92EBE575-0C6E-4713-B095-34BB927E5AC6} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9E04F23D-3E2E-4A62-AEBF-8BC952400657}] : (COMODO Cloud Antivirus.-.COMODO) -> MsiExec.exe /X{9E04F23D-3E2E-4A62-AEBF-8BC952400657} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F205E94-9E42-4486-A92A-DF3F6CB85444}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{9F205E94-9E42-4486-A92A-DF3F6CB85444} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A163159C-B476-4501-B163-3F77809AC833}] : (Nero Burning Core.-.Nero AG) -> MsiExec.exe /X{A163159C-B476-4501-B163-3F77809AC833} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A0E0B5-578C-43CE-B201-1C01A0388DA9}_is1] : (FileMarker.NET Pro v 1.0.-.ArcticLine Software) -> "C:\Program Files (x86)\FileMarker.NET\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A83692F5-3E9B-4E95-9E7E-B5DF553690FD}_is1] : (AOMEI OneKey Recovery 1.6.-.AOMEI Technology Co., Ltd.) -> "C:\Program Files (x86)\AOMEI OneKey Recovery 1.6\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABC88553-8770-4B97-B43E-5A90647A5B63}] : (Nero ControlCenter.-.Nero AG) -> MsiExec.exe /X{ABC88553-8770-4B97-B43E-5A90647A5B63} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-A91000000001}] : (Adobe Reader 9.1 MUI.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1] : (Auslogics Disk Defrag Professional.-.Auslogics Labs Pty Ltd) -> "C:\Program Files (x86)\Auslogics\Disk Defrag Professional\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AE7F7F16-8015-44F2-A5E5-306F50ED8E41}] : (Rebit Pro (32-bit).-.Rebit, Inc.) -> MsiExec.exe /I{AE7F7F16-8015-44F2-A5E5-306F50ED8E41} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B025F14A-25E6-46CA-9308-1B1D3393CAC8}] : (ZoneAlarm Firewall.-.Check Point Software Technologies Ltd.) -> MsiExec.exe /I{B025F14A-25E6-46CA-9308-1B1D3393CAC8} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BBEC10F9-AC15-41EE-A271-0B1077F53740}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{BBEC10F9-AC15-41EE-A271-0B1077F53740} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}] : (Nero Core Components.-.Nero AG) -> MsiExec.exe /X{BEBEE34D-84A2-4EDD-8BEA-96CC54371263} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C257E434-E8F1-4E06-A616-598E4933553E}_is1] : (File Identifier.-.Sharpened Productions) -> "C:\Program Files (x86)\File Identifier\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint 2.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}] : (Nero Burning ROM.-.Nero AG) -> MsiExec.exe /X{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFD5FF4C-CF60-4D33-8E8C-B51CD9AD34B1}] : (Rebit 5: Avanquest Extensions.-.Rebit, Inc.) -> MsiExec.exe /X{CFD5FF4C-CF60-4D33-8E8C-B51CD9AD34B1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1] : (ISO to USB.-.isotousb.com) -> "C:\Program Files (x86)\ISO to USB\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}] : (Acer Crystal Eye webcam Ver:1.1.192.810.-.Chicony Electronics Co.,Ltd.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D16A31F9-276D-4968-A753-FFEAC56995D0}] : (Epson Print CD.-.Seiko Epson Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\setup.exe" -runfromtemp -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}] : (Logitech Webcam Software.-.Logitech Inc.) -> "C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=FRA /guid="{D40EB009-0499-459c-A8AF-C9C110766215}" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF0BA418-AF37-471E-9594-EAE5913F4681}] : (Nero Launcher.-.Nero AG) -> MsiExec.exe /X{EF0BA418-AF37-471E-9594-EAE5913F4681} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F030BFE8-8476-4C08-A553-233DE80A2BE1}] : (Nero Info.-.Nero AG) -> MsiExec.exe /X{F030BFE8-8476-4C08-A553-233DE80A2BE1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC48747D-095F-4CF6-B54E-37D4F4738A15}_is1] : (Gestionnaire de Connexion SFR 3.2.-.SFR) -> "C:\Program Files (x86)\SFR\Gestionnaire de Connexion\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB} ---------- | Ports ---------- | Microsoft Specifications CheckID: FileAssociations999{ABC88553-8770-4B97-B43E-5A90647A5B63} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: DesktopShortcut1{287ECFA4-719A-2143-A09B-D6A12DE54E40} - INSTALL_DESKTOP_SHORTCUT="yes" -> DesktopShortcut CheckID: ProgramShortcut1{287ECFA4-719A-2143-A09B-D6A12DE54E40} - INSTALL_PROGRAM_SHORTCUT="yes" -> ProgramShortcut CheckID: AutoPlay999{92EBE575-0C6E-4713-B095-34BB927E5AC6} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{92EBE575-0C6E-4713-B095-34BB927E5AC6} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: SearchAndIndex0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_SEARCH5="YES" -> SearchAndIndex CheckID: MultimediaPlugin0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_MULTIMEDIA="YES" -> MultimediaPlugin CheckID: ReaderBrowserIntegration0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_BROWSER_INTEGRATION="YES" -> ReaderBrowserIntegration CheckID: ReaderPDFIntegration0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - SETUP_PDF_INTEGRATION="NO" -> ReaderPDFIntegration CheckID: Accessibility_Plugins0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_ACCESSIBILITY="YES" -> Accessibility_Plugins CheckID: Atmosphere_3D0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_3D="YES" -> Atmosphere_3D CheckID: AdobeCommonLinguistics_Big0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_LINGUISTICS="YES" -> AdobeCommonLinguistics_Big CheckID: AUM__zh_TW0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"CHT" -> AUM__zh_TW CheckID: AUM__zh_CN0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"CHS" -> AUM__zh_CN CheckID: AUM__sv_SE0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"SVE" -> AUM__sv_SE CheckID: AUM__pt_BR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"PTB" -> AUM__pt_BR CheckID: AUM__nl_NL0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"NLD" -> AUM__nl_NL CheckID: AUM__nb_NO0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"NOR" -> AUM__nb_NO CheckID: AUM__ko_KR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"KOR" -> AUM__ko_KR CheckID: AUM__ja_JP0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"JPN" -> AUM__ja_JP CheckID: AUM__it_IT0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"ITA" -> AUM__it_IT CheckID: AUM__fr_FR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"FRA" -> AUM__fr_FR CheckID: AUM__fi_FI0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"SUO" -> AUM__fi_FI CheckID: AUM__es_ES0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"ESP" -> AUM__es_ES CheckID: AUM__de_DE0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"DEU" -> AUM__de_DE CheckID: AUM__da_DK0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"DAN" -> AUM__da_DK CheckID: AutoPlay999{EF0BA418-AF37-471E-9594-EAE5913F4681} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{EF0BA418-AF37-471E-9594-EAE5913F4681} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: AutoPlay999{F030BFE8-8476-4C08-A553-233DE80A2BE1} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{F030BFE8-8476-4C08-A553-233DE80A2BE1} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: fe1559e6e1022144a8b5b0ae14281475a31{97B6FAD9-6F14-CC46-3165-F1785ECCE255} - "AMD64" ~= %PROCESSOR_ARCHITECTURE -> fe1559e6e1022144a8b5b0ae14281475a3 CheckID: CrossFeature1{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D} - CopyOfPlatformFiles = "yes" -> CrossFeature CheckID: AutoPlay999{A163159C-B476-4501-B163-3F77809AC833} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{A163159C-B476-4501-B163-3F77809AC833} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: AutoPlay999{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations CheckID: AutoPlay999{910B539D-F257-46C8-9CB8-6C95EFF9CF22} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay CheckID: FileAssociations999{910B539D-F257-46C8-9CB8-6C95EFF9CF22} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations ---------- | CLSID ---------- | Listing No Microsoft signed files | system32 (Not necessary Malwares) [MD5.82C37C3E27020AF6C2E018E944284676] - |D| - [16/07/2016 13:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |D| - [16/07/2016 13:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@BackgroundAccessToastIcon.png [MD5.C65F3DD5C512B0E73984DB406B5512F7] - |D| - [16/07/2016 13:42:19] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@edptoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |D| - [16/07/2016 13:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |D| - [16/07/2016 13:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |D| - [16/07/2016 13:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |D| - [16/07/2016 13:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |D| - [16/07/2016 13:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@WiFiNotificationIcon.png [MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |D| - [16/07/2016 13:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\@WindowsHelloFaceToastIcon.png [MD5.E928E5009E2B1F4D956E57990D456054] - |D| - [08/09/2016 16:15:01] - (.-.) - [30.46 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ambakdrv.sys [MD5.4B10D8998C824DD84AD597F9E058F6F0] - |D| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amde31a.dat [MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |D| - [21/10/2015 02:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdgfxinfo64.dll [MD5.AF1928F5E15921A29877C2E18626F80E] - |D| - [21/10/2015 02:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdhdl64.dll [MD5.DDEB20626133878B0CE79CCE29B031B9] - |D| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdicdxx.dat [MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |D| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\WINDOWS\system32\amdlvr64.dll [MD5.C366C5A2EE8F1F586691E4511AB56040] - |D| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\system32\amdmantle64.dll [MD5.3960C946E67311C9831550AEDC649C3A] - |D| - [21/10/2015 02:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdmiracast.dll [MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |D| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\system32\amdmmcl6.dll [MD5.7BA9A6BBF176D945D7B201865897E158] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\WINDOWS\system32\amdocl12cl64.dll [MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\system32\amdocl64.dll [MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |D| - [21/10/2015 02:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdocl_as64.exe [MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |D| - [21/10/2015 02:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amdocl_ld64.exe [MD5.2B79CD2445F85D54959702583ECBCC04] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\system32\amdpcom64.dll [MD5.766A3BC550C16070DE4AC86C5599FC8D] - |D| - [08/09/2016 16:15:01] - (.-.) - [11.96 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amreg.sys [MD5.609C2E5B69EB5D4F7131F7DF1107396B] - |D| - [08/09/2016 16:15:03] - (.-.) - [17.96 Ko] - (0.0.0.0) - C:\WINDOWS\system32\amwrtdrv.sys [MD5.618EAA72DD130C38F8AE0D7994167AE6] - |D| - [04/10/2016 03:12:04] - (.-.) - [435.32 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ApnDatabase.xml [MD5.567BF499D25205A659A059184B458DB7] - |D| - [16/07/2016 13:42:34] - (.-.) - [2.65 Ko] - (0.0.0.0) - C:\WINDOWS\system32\AppxProvisioning.xml [MD5.28DF09388444100467873AC906FD6CB2] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\system32\atiadlxx.dll [MD5.53650482B8E621276DC55E50C9FB2FEE] - |D| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiapfxx.blb [MD5.CC2470CA903EA355A24F05520D79BDB8] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\system32\atiapfxx.exe [MD5.279066332FA267076E3BEE81C4297F87] - |D| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticalcl64.dll [MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticaldd64.dll [MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\system32\aticalrt64.dll [MD5.BE92AD0155D4A23D0073AF51BE808B29] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\system32\aticfx64.dll [MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |D| - [21/10/2015 02:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\WINDOWS\system32\atidemgy.dll [MD5.8700278344BED8D4A3A5AC2875359584] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\system32\atidxx64.dll [MD5.69F82C40A189962A65F6D5A02DF8599F] - |D| - [21/10/2015 02:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atieah64.exe [MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\system32\atieclxx.exe [MD5.521248FA26458669BAAE6AB7DB21F3AC] - |D| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\system32\atiesrxx.exe [MD5.E4F96DFF0501430BF7C6E90841A7282D] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atig6pxx.dll [MD5.86F2AE002AF9222F34937823B98753C2] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atig6txx.dll [MD5.0C3156664885AF41100B63853EBCE037] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |D| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiicdxx.dat [MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |D| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\system32\atimpc64.dll [MD5.C84C24F13663EF5A59C1E598A350C8C3] - |D| - [21/10/2015 02:14:46] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\system32\atimuixx.dll [MD5.7D9CCB5DD8837D6AC954956A5812112C] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\WINDOWS\system32\atio6axx.dll [MD5.0E89795F721B2BC02D0A12C470750DF6] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\system32\ATIODCLI.exe [MD5.C7A506822BE45CD42415710979CDAE7F] - |D| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\system32\ATIODE.exe [MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |D| - [21/10/2015 02:14:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\system32\atitmm64.dll [MD5.067CED045532C58B46E6527BCE3CB47F] - |D| - [21/10/2015 02:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiu9p64.dll [MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\system32\atiumd64.dll [MD5.486D6985E7B7826DBBEAE12755851027] - |D| - [22/08/2015 01:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\system32\atiumd6a.cap [MD5.0A9CA09952D768F768D2903F984102DC] - |D| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\system32\atiumd6a.dll [MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |D| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\system32\atiuxp64.dll [MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |D| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativce02.dat [MD5.B974290EEE645249EE212FF62DD0824A] - |D| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |D| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |D| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |D| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |D| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |D| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |D| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |D| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |D| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |D| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ativvsvl.dat [MD5.8AB8CC8200DF2148BEA11FD7F520EA3A] - |D| - [28/08/2016 13:22:15] - (.Copyright © 1997-2011 BitDefender - BitDefender Firewall.) - [205.06 Ko] - (1.0.14.0) - C:\WINDOWS\system32\BdFirewallSDK.dll [MD5.E32E201688F60CBEF10439F568F94DF5] - |D| - [28/08/2016 13:22:15] - (.Copyright (C) BitDefender LLC - BitDefender Firewall Core Library.) - [153.26 Ko] - (7.0.0.2) - C:\WINDOWS\system32\bdfwcore.dll [MD5.73D9B14B7C8621500675F8123043C864] - |D| - [28/08/2016 13:22:16] - (.© 2008 BitDefender S.R.L. - BitDefender POP3 Proxy.) - [152.26 Ko] - (2.63.11.0) - C:\WINDOWS\system32\bdpop3p.dll [MD5.5A60405B7D88A6B6DF933DCCE778DD99] - |D| - [28/08/2016 13:22:15] - (.Copyright (C) BitDefender LLC - BitDefender Proxy Redirector User-Mode Module.) - [93.91 Ko] - (7.0.0.5) - C:\WINDOWS\system32\bdpredir.dll [MD5.44CF1CE6512CA6B54083156DF7DE3359] - |D| - [28/08/2016 13:22:16] - (.© 2008 BitDefender S.R.L. - BitDefender SMTP Proxy.) - [1036.89 Ko] - (2.63.11.0) - C:\WINDOWS\system32\bdsmtpp.dll [MD5.22D9945B4AAE36DD59620A918F2E65F4] - |D| - [16/07/2016 13:42:16] - (.-.) - [3096 Ko] - (0.0.0.0) - C:\WINDOWS\system32\boot.sdi [MD5.405E1EF8E3C88E9BCD2853382BB12430] - |D| - [16/07/2016 13:43:51] - (.-.) - [22.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\bopomofo.uce [MD5.31ABC8C02F1CCE0DA39550D763384184] - |D| - [16/07/2016 13:42:12] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\system32\BthpanContextHandler.dll [MD5.D648218198F82322FC1FED1DA95AD749] - |D| - [16/07/2016 13:42:40] - (.Copyright (C) 2008 - Application ContextH.) - [62 Ko] - (1.0.0.1) - C:\WINDOWS\system32\BWContextHandler.dll [MD5.49678BB33DAF6EFB38214C2D99189668] - |D| - [30/09/2016 07:01:12] - (.2005-2016 COMODO. - COMODO Cloud Antivirus.) - [570.67 Ko] - (1.6.7441.347) - C:\WINDOWS\system32\CcavGuard64.dll [MD5.06306B081901E75597973043301128D7] - |D| - [16/07/2016 13:42:16] - (.-.) - [127 Ko] - (5.0.1.1) - C:\WINDOWS\system32\chartv.dll [MD5.CCEAEFAA4DF2F399E9A179D942FEB23C] - |D| - [16/07/2016 13:42:09] - (.-.) - [163.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\chs_singlechar_pinyin.dat [MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |D| - [21/10/2015 02:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\clinfo.exe [MD5.A0E91D21C945781D03EA0BA1C95F821E] - |D| - [21/10/2015 02:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\system32\coinst_15.20.dll [MD5.10A63A258C2B40D5CB7B5F52FB9EFBBE] - |D| - [08/09/2016 14:59:01] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll [MD5.9E05512FF72865FC863F477210462C12] - |D| - [04/10/2016 03:14:26] - (.-.) - [2618.36 Ko] - (0.0.0.0) - C:\WINDOWS\system32\CoreUIComponents.dll [MD5.074BF7CCDCE132C5648AD1D7623BF99E] - |D| - [08/09/2016 14:59:03] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\system32\CX64APO.dll [MD5.306B90493D00011EB635E161C6C024B8] - |D| - [16/07/2016 13:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |D| - [16/07/2016 13:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DefaultQuestions.json [MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |D| - [16/07/2016 13:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\system32\DiskSnapshot.conf [MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - |D| - [16/07/2016 13:47:52] - (.-.) - [210.88 Ko] - (0.0.0.0) - C:\WINDOWS\system32\dssec.dat [MD5.F4B28B1D1CF0E80E78CE0921D3E45F72] - |D| - [16/07/2016 13:42:19] - (.-.) - [157 Ko] - (0.0.0.0) - C:\WINDOWS\system32\EditionUpgradeHelper.dll [MD5.EE0AB41397CE31A426336479224D3FFF] - |D| - [16/07/2016 13:42:19] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\efsext.dll [MD5.17614B76448EBF3ADC21A40BA1DE2F35] - |D| - [31/08/2016 16:16:44] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\system32\emptyregdb.dat [MD5.93E76CF7B04EC33A1E9E0FD7546D3603] - |D| - [16/07/2016 13:42:13] - (.-.) - [17.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\EventViewer_EventDetails.xsl [MD5.3C7D1E4786522EA69600111D7A7135EB] - |D| - [09/09/2016 16:38:28] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [23.54 Ko] - (3.0.0.1) - C:\WINDOWS\system32\fbnative.exe [MD5.BDF77C8418950B03EF33CEF3589EDA68] - |D| - [31/08/2016 15:57:31] - (.-.) - [197.91 Ko] - (0.0.0.0) - C:\WINDOWS\system32\FNTCACHE.DAT [MD5.8E7AFBED04DAF976A9E46D3724A93284] - |D| - [16/07/2016 13:42:35] - (.-.) - [24.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\GamePanelExternalHook.dll [MD5.D07F2281427BD098356EE74B6CB26B86] - |D| - [16/07/2016 13:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\system32\gatherNetworkInfo.vbs [MD5.4FDED87068052EEB9B72A97FDBC141DB] - |D| - [16/07/2016 13:43:51] - (.-.) - [23.44 Ko] - (0.0.0.0) - C:\WINDOWS\system32\gb2312.uce [MD5.12F3190C25CFFB03A5CA58E949AE3E55] - |D| - [16/07/2016 13:42:22] - (.-.) - [353.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\HrtfApo.dll [MD5.77071BF934BEF16D5F02E31624258A91] - |D| - [21/10/2015 02:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\system32\hsa-thunk64.dll [MD5.FD4C613364F59BAAC59A2C4F5F0EE52B] - |D| - [28/08/2016 13:22:16] - (.Copyright (C) BitDefender - Http Filter Proxy.) - [190.45 Ko] - (7.0.0.8) - C:\WINDOWS\system32\httproxy.dll [MD5.2A571B7728F23E83A800527879105180] - |D| - [16/07/2016 13:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\system32\hypervisor.mof [MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - |D| - [16/07/2016 13:43:51] - (.-.) - [59.04 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ideograf.uce [MD5.6B31D08801D3A3F51B59FB1DB14E4A01] - |D| - [16/07/2016 13:43:08] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ieuinit.inf [MD5.8898B09A8D08E138F238224648DF0739] - |D| - [16/07/2016 13:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\IHDS.dll [MD5.D13EA5B1CC8BA39847B56DE96880B8DB] - |D| - [12/08/2016 08:00:18] - (.-.) - [681.92 Ko] - (0.0.0.0) - C:\WINDOWS\system32\im-fre.exe [MD5.216D1CAB55946DD1AB5A9460534FB8FC] - |D| - [03/10/2016 20:42:23] - (.2005-2016 COMODO. - Internet Security Essentials.) - [297.17 Ko] - (1.1.7388.29) - C:\WINDOWS\system32\iseguard64.dll [MD5.5EA855B4A875E08AD93FF901B5D9E275] - |D| - [16/07/2016 13:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ism32k.dll [MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - |D| - [16/07/2016 13:43:51] - (.-.) - [6.79 Ko] - (0.0.0.0) - C:\WINDOWS\system32\kanji_1.uce [MD5.529BBD63519BBD654EF328454019693F] - |D| - [16/07/2016 13:43:51] - (.-.) - [8.29 Ko] - (0.0.0.0) - C:\WINDOWS\system32\kanji_2.uce [MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - |D| - [16/07/2016 13:43:51] - (.-.) - [12.57 Ko] - (0.0.0.0) - C:\WINDOWS\system32\korean.uce [MD5.49F46049D3729F9CD510CCFF1E091F90] - |D| - [16/07/2016 13:42:02] - (.Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS - MPEG Layer-3 Audio Codec for MSACM.) - [85 Ko] - (1.9.0.401) - C:\WINDOWS\system32\l3codeca.acm [MD5.F720CF1C7BCBC3B9897F2F36EBE96136] - |D| - [16/07/2016 13:42:02] - (.Copyright © 2004 Fraunhofer IIS - MPEG Audio Layer-3 Codec for MSACM.) - [179 Ko] - (3.4.0.0) - C:\WINDOWS\system32\l3codecp.acm [MD5.050BC9351A3386458B696F8BCA78B27B] - |D| - [16/07/2016 13:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\LargeRoom.bin [MD5.531FE5A2634D87A078017259F21D9736] - |D| - [16/07/2016 13:42:43] - (.-.) - [206.97 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lcphrase.tbl [MD5.D3C85593F8C4576FCF9B42AC48CA4368] - |D| - [16/07/2016 13:42:43] - (.-.) - [23.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\lcptr.tbl [MD5.57CEC882E3B798405CB5D1E40742983D] - |D| - [31/08/2016 16:56:25] - (.-.) - [49.95 Ko] - (0.0.0.0) - C:\WINDOWS\system32\license.rtf [MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\system32\mantle64.dll [MD5.EA33454E28EE1F3CA432DA87203DA24F] - |D| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\system32\mantleaxl64.dll [MD5.39DFF42E57C53A58C162F4760A75EA84] - |D| - [20/05/2016 10:50:40] - (.-.) - [46 Ko] - (0.0.0.0) - C:\WINDOWS\system32\MDA_NTDRV.sys [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |D| - [16/07/2016 13:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\MediumRoom.bin [MD5.ED434A3EBE29070A7E0138C42482EB93] - |D| - [16/07/2016 13:42:27] - (.-.) - [657.31 Ko] - (0.0.0.0) - C:\WINDOWS\system32\mlang.dat [MD5.E7ED514B91CF343EEABF72233DDB2CB3] - |D| - [16/07/2016 13:42:14] - (.-.) - [361 Ko] - (5.0.1.3) - C:\WINDOWS\system32\msinfo32.exe [MD5.86166DAA04A6C154826508304CC6D4AC] - |D| - [16/07/2016 13:42:12] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NdfEventView.xml [MD5.798B0DAE64A53AE88AA1998D5EEBE52F] - |D| - [31/08/2016 15:57:43] - (.-.) - [17.43 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |D| - [16/07/2016 13:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NetTrace.PLA.Diagnostics.xml [MD5.DE78E0C57BC478D47CC2F470B68E1A45] - |D| - [16/07/2016 13:47:53] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\WINDOWS\system32\NOISE.DAT [MD5.5D27362AF3BCAA75A418F5416A35934E] - |D| - [16/07/2016 13:42:20] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\WINDOWS\system32\odbcconf.rsp [MD5.0A13D6818BCBF860EDCEC1ED1E7B9698] - |D| - [28/08/2016 13:22:15] - (.Copyright © 1997-2011 BitDefender - OEMBdpredir Dynamic Link Library.) - [120.05 Ko] - (1.0.5.0) - C:\WINDOWS\system32\OEMbdpredir.dll [MD5.FF69267A88A54A223B4357C41930449C] - |D| - [16/07/2016 13:47:53] - (.-.) - [15.1 Ko] - (0.0.0.0) - C:\WINDOWS\system32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |D| - [16/07/2016 13:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\system32\onlinesetup.cmd [MD5.F192E1998A5F6826BE6955F6EAE7CDA1] - |D| - [21/10/2015 02:14:42] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [71.98 Ko] - (2.0.4.0) - C:\WINDOWS\system32\OpenCL.dll [MD5.42D2360079B1DF3230024AE920737367] - |D| - [16/07/2016 13:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\system32\OutdoorAudioEnvironment.bin [MD5.66D58077CC739E4B8166E33AB0BA4639] - |D| - [16/07/2016 13:42:39] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\system32\pcl.sep [MD5.A578B2982E6B6C198250F228E5AD8B87] - |D| - [16/07/2016 13:49:31] - (.-.) - [256.36 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfc009.dat [MD5.CB9630D6B002A2B7EA775DC467B3A683] - |D| - [17/07/2016 00:40:24] - (.-.) - [210.69 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfc00C.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |D| - [16/07/2016 13:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |D| - [17/07/2016 00:40:24] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfd00C.dat [MD5.B84F5BE5E7E003654756A00F65055D2C] - |D| - [16/07/2016 13:49:31] - (.-.) - [867.81 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfh009.dat [MD5.17DB0BFB8567C7B28D257764AFBE2795] - |D| - [17/07/2016 00:40:24] - (.-.) - [906.45 Ko] - (0.0.0.0) - C:\WINDOWS\system32\perfh00C.dat [MD5.FC722A1DAA1416FCE54986ECCD9808F0] - |D| - [28/08/2016 12:36:18] - (.-.) - [2250.99 Ko] - (0.0.0.0) - C:\WINDOWS\system32\PerfStringBackup.INI [MD5.C09741B9886EF0D15EC3B1443352FB62] - |D| - [16/07/2016 13:42:39] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\system32\pscript.sep [MD5.007893E8374C766471239EB291BA8C17] - |D| - [16/07/2016 13:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\system32\psmodulediscoveryprovider.mof [MD5.3A77C18665A4C8428768CE186A5BC1EF] - |D| - [16/07/2016 13:42:12] - (.-.) - [1.78 Ko] - (0.0.0.0) - C:\WINDOWS\system32\rasctrnm.h [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |D| - [16/07/2016 13:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\system32\removehypervisor.mof [MD5.D67CDB8D2584AAC165A77488C5A7A987] - |D| - [16/07/2016 13:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ResPriHMImageList [MD5.4FE9CE56EFA89779D81B988698D2454C] - |D| - [16/07/2016 13:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ResPriImageList [MD5.43E7D0AB6A8564F5BF375FBF0934FAD1] - |D| - [16/07/2016 13:42:15] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\system32\RestartManager.mof [MD5.3F75A221A01F68D6CE67FE99A868BD8F] - |D| - [16/07/2016 13:42:15] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\system32\RestartManagerUninstall.mof [MD5.335DDF53E8248EECBF7FF0D0E09B0D18] - |D| - [08/09/2016 15:01:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\system32\RP3DAA64.dll [MD5.F0D430DC167D5F9941ABEEC4A134DFCF] - |D| - [08/09/2016 15:01:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\system32\RP3DHT64.dll [MD5.EABD549516BF670A684743EEE6A1ADA9] - |D| - [06/09/2016 16:52:09] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\system32\RtCRX64.dll [MD5.C80534E6C27DFD36994CD0E0B9D335EB] - |D| - [08/09/2016 15:01:36] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEED64A.dll [MD5.653C4F65DA2066AB75B979BC00102011] - |D| - [08/09/2016 15:01:36] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEG64A.dll [MD5.AD6279BFA473108B0F876CD4F511F128] - |D| - [08/09/2016 15:01:36] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEL64A.dll [MD5.19F9E0BBB26FD220FC8F0B6D2FFD6E54] - |D| - [08/09/2016 15:01:37] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\system32\RTEEP64A.dll [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |D| - [16/07/2016 13:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ScavengeSpace.xml [MD5.00E5FCFD833151F7CBDE607E2F7AFEB4] - |D| - [16/07/2016 13:43:51] - (.-.) - [5.66 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance.png [MD5.5719BFC9CFDA7A9C059A71A47A0E6383] - |D| - [16/07/2016 13:43:51] - (.-.) - [2.56 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance_Alert.png [MD5.099BA37F81C044F6B2609537FDB7D872] - |D| - [16/07/2016 13:43:51] - (.-.) - [6.72 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SecurityAndMaintenance_Error.png [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |D| - [16/07/2016 13:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\system32\settings.dat [MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - |D| - [16/07/2016 13:43:51] - (.-.) - [16.35 Ko] - (0.0.0.0) - C:\WINDOWS\system32\ShiftJIS.uce [MD5.AEA5AD87A6238418E0E84FDB327190C9] - |D| - [08/09/2016 15:02:30] - (.Copyright (C) 2015 DTS, Inc. - DTS Universal APO DLL.) - [984.73 Ko] - (3.5.0.0) - C:\WINDOWS\system32\sl3apo64.dll [MD5.D3EDC91EF9ABF3779F372AB44C13744A] - |D| - [08/09/2016 15:02:31] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Controller DLL.) - [1256.01 Ko] - (3.5.0.0) - C:\WINDOWS\system32\slcnt64.dll [MD5.3903BCAB32A4A853DFA54962112D4D02] - |D| - [16/07/2016 13:42:20] - (.-.) - [139.55 Ko] - (0.0.0.0) - C:\WINDOWS\system32\slmgr.vbs [MD5.42122083186CBFEF5FB153376D41F571] - |D| - [08/09/2016 15:02:33] - (.TODO: (c) . - TODO: .) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\system32\slprp64.dll [MD5.1B397955D564695499E5307C4D89C135] - |D| - [08/09/2016 15:02:33] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Technology DLL.) - [1883.43 Ko] - (3.5.0.0) - C:\WINDOWS\system32\sltech64.dll [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |D| - [16/07/2016 13:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SmallRoom.bin [MD5.257906731C510CF42DC7EB672A17FB56] - |D| - [08/09/2016 15:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\system32\SRAPO64.dll [MD5.3D3E815ADFA0146BC94E782758F0E599] - |D| - [08/09/2016 15:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\system32\SRCOM.dll [MD5.7760A6F9A001B2AA9A85709EABCA2BD8] - |D| - [08/09/2016 15:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\system32\SRCOM64.dll [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |D| - [16/07/2016 13:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\system32\srms.dat [MD5.0DEBF5C1D3D39D3E9EEBFE976863F63B] - |D| - [08/09/2016 15:02:36] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\system32\SRRPTR64.dll [MD5.550A079A6DA0ED6A2DF497E301C19A10] - |D| - [08/09/2016 15:02:36] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\system32\SRSHP64.dll [MD5.EC12843D98AB3B2E3A63B447C9F4A490] - |D| - [08/09/2016 15:02:36] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\system32\SRSTSH64.dll [MD5.07CC4F1901B4321ACC15A60E91EE6245] - |D| - [08/09/2016 15:02:36] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\system32\SRSTSX64.dll [MD5.8653FF12B852832E847B8156915F49E4] - |D| - [08/09/2016 15:02:36] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\system32\SRSWOW64.dll [MD5.30F5568679A54042F99CA9EC1102EBCD] - |D| - [16/07/2016 13:43:51] - (.-.) - [91.51 Ko] - (0.0.0.0) - C:\WINDOWS\system32\SubRange.uce [MD5.81B14F1AD906AC1CF9102796C97A54FE] - |D| - [16/07/2016 13:42:39] - (.-.) - [3.24 Ko] - (0.0.0.0) - C:\WINDOWS\system32\sysprint.sep [MD5.58A67EC6B00A54A69DC364194CA171E0] - |D| - [16/07/2016 13:42:39] - (.-.) - [3.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\sysprtj.sep [MD5.31B010EF50D54D548B4B8B211F421318] - |D| - [16/07/2016 13:42:39] - (.-.) - [1.63 Ko] - (0.0.0.0) - C:\WINDOWS\system32\tcpbidi.xml [MD5.D602CA245CC6774A0981B607F0675609] - |D| - [16/07/2016 13:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\tcpmon.ini [MD5.C8F2952DAE3971614DBD0C509F35BE93] - |D| - [16/07/2016 13:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\system32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |D| - [16/07/2016 13:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt [MD5.E7482D1D449217C8641762F5C38E157C] - |D| - [16/07/2016 13:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\VpnSohDesktop.dll [MD5.8F657F25211D7D95E258FBBCD13CCC31] - |D| - [04/10/2016 03:15:13] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wc_storage.dll [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |D| - [16/07/2016 13:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WdsUnattendTemplate.xml [MD5.B3D9F747B963DC557D1D0BB049506D84] - |D| - [16/07/2016 13:42:31] - (.-.) - [230.95 Ko] - (0.0.0.0) - C:\WINDOWS\system32\weretw.dll [MD5.BB2D1DF427C9284DE64DC66A6F1CC2AD] - |D| - [16/07/2016 13:42:11] - (.-.) - [2.25 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WimBootCompress.ini [MD5.BAB2F86DE0219361898F99B710E33FBF] - |D| - [04/10/2016 03:14:58] - (.-.) - [408.5 Ko] - (0.0.0.0) - C:\WINDOWS\system32\Windows.Perception.Stub.dll [MD5.E0974EE3F592223A950B3B0C04797212] - |D| - [16/07/2016 13:44:01] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WindowsCodecsRaw.txt [MD5.7EF8F3CADE2DE177F96B5A5B581D73FF] - |D| - [16/07/2016 13:42:31] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\system32\winrm.cmd [MD5.9D7684F978EBD77E6A3EA7EF1330B946] - |D| - [16/07/2016 13:42:31] - (.-.) - [199.32 Ko] - (0.0.0.0) - C:\WINDOWS\system32\winrm.vbs [MD5.96C4CBD3C8DF0FA34591FEE057AF3E1F] - |D| - [16/07/2016 13:42:05] - (.http://www.sqlite.org/copyright.html - SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - [754.46 Ko] - (3.12.2.0) - C:\WINDOWS\system32\winsqlite3.dll [MD5.C30C621748C66CE751B19B2788559A3E] - |D| - [16/07/2016 13:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |D| - [16/07/2016 13:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wpr.config.xml [MD5.930423065AB3F5DB52D5726C7FC66385] - |D| - [16/07/2016 13:42:31] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\WINDOWS\system32\wsmanconfig_schema.xml [MD5.D6CBFA113B69C491DE370E85EBAC80E9] - |D| - [16/07/2016 13:42:31] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WsmPty.xsl [MD5.B2EDF82825D979928AE07CBE9C7A2160] - |D| - [16/07/2016 13:42:31] - (.-.) - [2.37 Ko] - (0.0.0.0) - C:\WINDOWS\system32\WsmTxt.xsl [MD5.9D6B8FC71167D22849424084F0F3D9E9] - |D| - [16/07/2016 13:44:03] - (.-.) - [74.28 Ko] - (0.0.0.0) - C:\WINDOWS\system32\xpsrchvw.xml [MD5.684DDBD6ED4066B10660A3A06655B59A] - |D| - [16/07/2016 13:42:11] - (.-.) - [3.92 Ko] - (0.0.0.0) - C:\WINDOWS\system32\xwizard.dtd ---------- | Installer [HKCR\Installer\Products\026F45BF555911A362BC0B724CDD2F06] : Imaging Designer [HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\08A8734D317CFD1139990005650C0080] : Paragon Migrate OS to SSD™ 4.0 -> C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\ARPPRODUCTICON.exe [HKCR\Installer\Products\09058001D17E45A4E92344BA734ACC6C] : AutoSave Essentials -> C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0BE6E9B4DEE047E449979F283C52F417] : SQL Server Browser for SQL Server 2012 -> C:\WINDOWS\Installer\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}\ARPIco [HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0F0287A81625CF247909D439E2B75C1B] : ZoneAlarm Security [HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi [HKCR\Installer\Products\108E6B082DC3A1A43AE03D18594EB152] : Rebit 5: Viewer components (64 bit) -> C:\Windows\Installer\{80B6E801-3CD2-4A1A-A30E-D38195E41B25}\InstallerIcon [HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter [HKCR\Installer\Products\1A15D4212C3FEA548B213DAC17420739] : SQL Server 2012 Common Files [HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1E3325E85947BF44D8BEB49E605D6991] : Junk Mail filter update [HKCR\Installer\Products\1E6AF1658349876ED2A2AC998FDDBF0C] : Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU) [HKCR\Installer\Products\21E13F622273DF5409B394102268BBC4] : OnlineThreatsEngine -> C:\Windows\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\234989D47D950A67DD159B46226FFFF7] : Windows Phone Common Packaging and Test Tools (NT_x86_fre) [HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\25E8C8C9A2A4D674B9C07CFE43048F0F] : [HKCR\Installer\Products\2C31622C4A7C16749A6011E6DCE44777] : SQL Server 2012 Database Engine Services [HKCR\Installer\Products\2F12AC03A109BD444AF3CF13DCF04239] : Sql Server Customer Experience Improvement Program -> C:\WINDOWS\Installer\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}\ARPIco [HKCR\Installer\Products\33305D78435EA394E889A094CB826FB4] : SQL Server 2012 Database Engine Services [HKCR\Installer\Products\35588CBA077879B44BE3A50946A7B536] : Nero ControlCenter -> C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ARPPRODUCTICON.exe [HKCR\Installer\Products\36DE92D79F487CE44BF999A4A313592B] : SQL Server 2012 Common Files [HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\384482F5D8EEE744EBEBB21FB3804CFB] : Prerequisite installer -> C:\WINDOWS\Installer\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\39753950C43A27243316A79FEAEE6594] : Imaging And Configuration Designer [HKCR\Installer\Products\3978828F6B15FE74F2393D777666F35C] : Assessments on Client [HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3C5FB837B7FA0BB47BFE5E50FE7C65EB] : MyWinLocker Suite -> C:\Windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3D4250324BDACC96A287698D973E22B1] : Windows PE x86 x64 [HKCR\Installer\Products\3F78D2E7CB3F5af4F927FB20E16DC63B] : [HKCR\Installer\Products\401EEA7469FB704E3DEF08BB4D72234F] : Windows PE x86 x64 wims [HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\43A520D954F3E2F429A93AC39C937CD7] : Rebit 5: core components (64 bit) -> C:\Windows\Installer\{9D025A34-3F45-4F2E-929A-A33CC939C77D}\InstallerIcon [HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software [HKCR\Installer\Products\473F9FB676CE80849AC01F72EDD689D9] : Epson E-Web Print -> C:\Windows\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe [HKCR\Installer\Products\47B800D0226053F770197C3624F79396] : Volume Activation Management Tool [HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin [HKCR\Installer\Products\496A34161EF56FDB7FE8F4B73F9E14B9] : Toolkit Documentation [HKCR\Installer\Products\49E502F924E968449AA2FDF3C68B4544] : Epson Event Manager -> C:\Windows\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe [HKCR\Installer\Products\4AFCE782A91734120AB96D1AD25EE404] : Acrobat.com [HKCR\Installer\Products\500F2D38DF7312345B7F42FEAECC8943] : Nero BurningROM 2016 -> C:\WINDOWS\Installer\{83D2F005-37FD-4321-B5F7-24EFEACC9834}\ARPPRODUCTICON.exe [HKCR\Installer\Products\500F2F04C4AFAEB4386AFB9D96645749] : Nero BackItUp -> C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\ARPPRODUCTICON.exe [HKCR\Installer\Products\50848F456110F764783198D9CF742253] : SQL Server 2012 Database Engine Shared [HKCR\Installer\Products\5173F3A735977424B8C5D53050B0E99A] : [HKCR\Installer\Products\554590D7179DC4D4E9DFA96F6A85F4A3] : Bing Bureau -> C:\Windows\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}\icon.ico [HKCR\Installer\Products\575EBE29E6C031740B5943BB29E7A56C] : Nero CoverDesigner -> C:\WINDOWS\Installer\{92EBE575-0C6E-4713-B095-34BB927E5AC6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook [HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5AF433025DC6CF845B9F3DD4570E8754] : AntimalwareEngine -> C:\Windows\Installer\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe [HKCR\Installer\Products\66F055D925D5AC92825BEEC0C2C0FDEB] : Windows Deployment Customizations [HKCR\Installer\Products\68AB67CA7DA7FFFFB7449A0100000010] : Adobe Reader 9.1 MUI -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico [HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6BA689080BC3bd94BA84610048D43647] : [HKCR\Installer\Products\7040BB568CC47CD459E2E3FEFD5006A2] : Nero Update -> C:\WINDOWS\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7286306383AF47A4383362CBE4CE3980] : AdAwareUpdater -> C:\Windows\Installer\{36036827-FA38-4A74-8333-26BC4EEC9308}\ARPPRODUCTICON.exe [HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe [HKCR\Installer\Products\73C44F0DB22A3374BB7A689C4F897852] : SQL Server 2012 Database Engine Shared [HKCR\Installer\Products\76A9438299D16A541A1C5C6B1DFD39A7] : AvcEngine -> C:\Windows\Installer\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\814AB0FE73FAE1745949AE5E19F36418] : Nero Launcher -> C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\ARPPRODUCTICON.exe [HKCR\Installer\Products\815BF5C8C87E0F8FFBCEE8CA565F0130] : Windows Assessment Services - Client (Client SKU) [HKCR\Installer\Products\849FBE4FE00FFE9298C41DA017F889D1] : Windows Assessment Toolkit [HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video [HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8EFB030F674880C45A3532D38EA0B21E] : Nero Info -> C:\WINDOWS\Installer\{F030BFE8-8476-4C08-A553-233DE80A2BE1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\91AF5CD036E87774EA7BEFDF6A3C0C75] : AntispamEngine -> C:\Windows\Installer\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}\ARPPRODUCTICON.exe [HKCR\Installer\Products\985E2342652631540BFBFE8A3E525D0F] : Nero SharedVideoCodecs [HKCR\Installer\Products\9DAF6B7941F664CC13561F87E5CC2E55] : WPTx64 [HKCR\Installer\Products\9F01CEBB51CAEE142A17B001775F7304] : Adobe AIR [HKCR\Installer\Products\A2B16319147F195E03B3E49F753FAB1F] : Windows Assessment Toolkit (AMD64 Architecture Specific) [HKCR\Installer\Products\A41F520B6E52AC643980B1D13339AC8C] : ZoneAlarm Firewall [HKCR\Installer\Products\A4FC0B50C465945419E3EAE3AD6179A1] : AdAwareInstaller -> C:\Windows\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A6C1C5112A511B845A99971FAAA1306F] : FirewallEngine -> C:\Windows\Installer\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A927A03CAB9E8F73C38546DAF9D16449] : Imaging Tools Support [HKCR\Installer\Products\ADEDAA7FA3329701DC5130EA0B050F6C] : User State Migration Tool [HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\Windows\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO [HKCR\Installer\Products\B231DBD624F74954BB7EB06B77BE9262] : Epson Software Updater -> C:\Windows\Installer\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}\icon.ico [HKCR\Installer\Products\B54B166CA2D1C7FA720D4BFF6D074AEF] : Kits Configuration Installer [HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin [HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C2F1EB77C255E834E8B6C48061DBCED5] : Rebit Pro (64-bit) -> C:\Windows\Installer\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}\InstallerIcon [HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher [HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery [HKCR\Installer\Products\C4FF5DFC06FC33D4E8C85BC19DDA431B] : Rebit 5: Avanquest Extensions [HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C951361A674B10541B36F37708A98C33] : Nero Burning Core [HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5A17A3B] : [HKCR\Installer\Products\CE67D3639B5BB7D5F0951C39FFF630CF] : Windows System Image Manager on amd64 [HKCR\Installer\Products\D2DAD9455052C402CE859508F76E0E73] : WPT Redistributables [HKCR\Installer\Products\D32F40E9E2E326A4EAFBB89C25046075] : COMODO Cloud Antivirus -> C:\WINDOWS\Installer\{9E04F23D-3E2E-4A62-AEBF-8BC952400657}\icon.ico [HKCR\Installer\Products\D43EEBEB2A48DDE4B8AE69CC45732136] : Nero Core Components [HKCR\Installer\Products\D4DC8700641B77D4C80F62B8631C3ACE] : [HKCR\Installer\Products\D73F0BFC7E2273F4F8EA3B915AA85C9B] : Nero Burning ROM -> C:\WINDOWS\Installer\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D935B019752F8C64C98BC659FE9FFC22] : Stashimi Stub Installer [HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E065AE25F05EF8CD41D6B1365184AB92] : Windows Deployment Tools [HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E4AF4541CB851FE2A99141B7E094E930] : UEV Tools on amd64 [HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main [HKCR\Installer\Products\EA58071E856963AAEA36A29785D1B846] : MXAx64 [HKCR\Installer\Products\EC9283ECB955AFB3AB7EF047F5FADC82] : Application Compatibility Toolkit [HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection [HKCR\Installer\Products\F41A983F429B826EE4F4D839FA0B12F5] : AMD Install Manager -> C:\WINDOWS\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: Hewlett-Packard BIOS Manufacturer: AMI System Manufacturer: Hewlett-Packard System Product Name: CQ2904EF Logical Drives Mask: 0x0003b87c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog La procédure de ramassage pour le service « C:\Windows\System32\winspool.drv » dans la DLL « Spooler » a généré une exception ou retourné un état non valide. Les données de performance retournées par la DLL de compteur ne seront pas renvoyées dans le bloc de données Perf. Le premier mot (DWORD) de la section Données contient le code d’exception ou le code d’état. ------------ Windows ne parvient pas à charger la DLL de compteur extensible SQLAgent$ADK. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Windows ne parvient pas à charger la DLL de compteur extensible MSSQL$ADK. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante playstv.exe, version : 1.14.1.0, horodatage : 0x4bbd3163 Nom du module défaillant : windows.storage.dll, version : 10.0.14393.206, horodatage : 0x57dacfcf Code d’exception : 0xc0000005 Décalage d’erreur : 0x001b97c8 ID du processus défaillant : 0x27ec Heure de début de l’application défaillante : 0x01d22517622ab5dc Chemin d’accès de l’application défaillante : C:\PROGRA~2\Raptr Inc\PlaysTV\playstv.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\windows.storage.dll ID de rapport : 06b818f4-28f9-4093-ba08-cef38015f5de Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ La création du contexte d’activation a échoué pour « C:\Users\jean-\Desktop\esetsmartinstaller_enu.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest. ------------ L’application Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI n’a pas été lancée dans le délai qui lui était imparti. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ La création du contexte d’activation a échoué pour « C:\Users\jean-\Desktop\esetsmartinstaller_enu.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest. ------------ Nom de l’application défaillante playstv.exe, version : 1.14.1.0, horodatage : 0x4bbd3163 Nom du module défaillant : windows.storage.dll, version : 10.0.14393.206, horodatage : 0x57dacfcf Code d’exception : 0xc0000005 Décalage d’erreur : 0x001b97c8 ID du processus défaillant : 0x2634 Heure de début de l’application défaillante : 0x01d2245c75881a18 Chemin d’accès de l’application défaillante : C:\PROGRA~2\Raptr Inc\PlaysTV\playstv.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\windows.storage.dll ID de rapport : 927faaa7-4e9c-454c-a04a-f896068cd86f Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ La création du contexte d’activation a échoué pour « C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest. ------------ Le package Microsoft.Windows.ShellExperienceHost_10.0.14393.187_neutral_neutral_cw5n1h2txyewy+App a été interrompu, car sa suspension a été trop longue. ------------ La création du contexte d’activation a échoué pour « C:\Users\jean-\Desktop\esetsmartinstaller_enu.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8.manifest. Composant 2 : C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_74bc87d3d22d9abe.manifest. ------------ Windows ne parvient pas à charger la DLL de compteur extensible SQLAgent$ADK. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Windows ne parvient pas à charger la DLL de compteur extensible MSSQL$ADK. Le premier mot (DWORD) de la section Données contient le code d’erreur Windows. ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « WmiApRpl » dans la DLL « C:\WINDOWS\system32\wbem\wmiaprpl.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante ccavsrv.exe, version : 1.6.7441.347, horodatage : 0x57edfe74 Nom du module défaillant : ltc_game32-116716.dll, version : 1.0.0.1, horodatage : 0x57ec39ef Code d’exception : 0xc000041d Décalage d’erreur : 0x00030b76 ID du processus défaillant : 0x2038 Heure de début de l’application défaillante : 0x01d21fbf157781da Chemin d’accès de l’application défaillante : C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe Chemin d’accès du module défaillant: C:\PROGRA~2\Raptr Inc\PlaysTV\ltc_game32-116716.dll ID de rapport : 1e20608a-da1c-4663-bcd9-a051804e185b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 7584 | 13:15:28