--------------- QuickDiag | g3n-h@ckm@n | V3_05.05.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 12/05/2017 12:55:01

Updated 05/05/2017 | 19.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] (S-1-5-21-1766228302-1366166313-1596766668-1001)

System: Microsoft Windows 10 Famille - - (10.0.15063) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : SafeMode with network
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Extended


---------- | SoundDevice

Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001

---------- | Video

AMD Radeon HD 7310 Graphics - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184
Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\prodad-codec.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 607256 -  Manufacturer: proDAD GmbH - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 -  Manufacturer: Logitech Inc. - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 181248 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

---------- | CPU

CPU #1 value:75 %
CPU #2 value:62 %
Total Overall CPU Usage value:68 %

---------- | Network


Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9
TeamViewer VPN Adapter - Ethernet 802.3 - TeamViewer GmbH - Status: - PnPID : ROOT\NET\0001

---------- | Memory

RAM = Total (MB) : 3748 | Free (MB) : 2830
Pagefile = Total (MB) : 7549 | Free (MB) : 6726
Virtual = Total (MB) : 4194 | Free (MB) : 3958

Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron       - PartNumber: 8JTF51264AZ-1G6E1 - S/N: DEA02E9

---------- | SID Users

Administrateur : [S-1-5-21-1766228302-1366166313-1596766668-500]
DefaultAccount : [S-1-5-21-1766228302-1366166313-1596766668-503]
HomeGroupUser$ : [S-1-5-21-1766228302-1366166313-1596766668-1005]
Invité : [S-1-5-21-1766228302-1366166313-1596766668-501]
Jean-Marie : [S-1-5-21-1766228302-1366166313-1596766668-1001]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
AMD FUEL : [S-1-5-21-1766228302-1366166313-1596766668-1006]
HomeUsers : [S-1-5-21-1766228302-1366166313-1596766668-1004]
SQLServer2005SQLBrowserUser$LFSULTRA-WIDEN : [S-1-5-21-1766228302-1366166313-1596766668-1007]
WinRMRemoteWMIUsers__ : [S-1-5-21-1766228302-1366166313-1596766668-1000]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

A:\ -> [Removable] | [FOLD-IT SAR] | Total : 14.91 Go | Free : 3.5 Go -> FAT32 [USB]
B:\ -> [Removable] | [WINTOBOOTIC] | Total : 57.91 Go | Free : 43.01 Go -> NTFS [USB]
C:\ -> [Fixed] | [OS] | Total : 930.6 Go | Free : 744.03 Go -> NTFS [SATA]
D:\ -> [Removable] | [MEMTEST86] | Total : 0.05 Go | Free : 0.04 Go -> FAT [USB]
F:\ -> [CDROM] | [EOTSQXMH] | Total : 0.42 Go | Free : 0 Go -> CDFS [SATA]
G:\ -> [Removable] | [FRAMA SALIX] | Total : 28.78 Go | Free : 1.55 Go -> FAT32 [USB]
H:\ -> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB]
I:\ -> [Removable] | [] | Total : 0.1 Go | Free : 0.09 Go -> FAT [USB]
J:\ -> [Fixed] | [zalman ZM- VE350] | Total : 931.06 Go | Free : 412.77 Go -> NTFS [USB]
K:\ -> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 722.09 Go -> NTFS [USB]
L:\ -> [Removable] | [LOUVRE] | Total : 59.5 Go | Free : 18.17 Go -> exFAT [USB]
M:\ -> [Removable] | [wintobootic] | Total : 119.5 Go | Free : 98.71 Go -> NTFS [USB]
N:\ -> [Removable] | [EMTECH YUMI] | Total : 57.68 Go | Free : 5.46 Go -> FAT32 [USB]
P:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0 Go -> FAT32 [USB]
Q:\ -> [Removable] | [CARBIDE] | Total : 30.84 Go | Free : 5.01 Go -> FAT32 [USB]
S:\ -> [Removable] | [YUMI SARDU] | Total : 14.31 Go | Free : 0 Go -> FAT32 [USB]
V:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 26.04 Go -> exFAT [USB]
W:\ -> [Removable] | [FRAMA ASSO] | Total : 2.92 Go | Free : 0.09 Go -> FAT32 [USB]

Disk Usage Information [18 total Physical Disks]

Physical Drive #0 [C:] : Read:1,411,416 bytes/sec, Written:0 bytes/sec Max Read:1,411,416 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [D:, I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #3 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #4 [B:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #5 [L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #6 [N:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #7 [P:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #8 [O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #9 [M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, S:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, U:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, W:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, A:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, V:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:1,411,416 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE16 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_WIRELESS_STICK&REV_1\D0E40BF4E788&0
DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_USB_DISK_3.0&REV_PMAP\070166959A11B155&0
DeviceID: \\.\PHYSICALDRIVE15 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1.00\05077900000000F6&0
DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00\4C530001300623119533&0
DeviceID: \\.\PHYSICALDRIVE12 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00\4C531001630616108350&0
DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0
DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE_FIT&REV_1100\0363316010027335&0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 2 Part. - PnPID : USBSTOR\DISK&VEN_ZALMAN&PROD_ZM-VE350&REV_1060\WXF1A952S610&0
DeviceID: \\.\PHYSICALDRIVE17 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_ISTORAGE&PROD_DATASHUR&REV_1.00\20095032145150130849&0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000
DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\9&368B17D4&0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 2 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001050902110312&0
DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0815\000000000004&0
DeviceID: \\.\PHYSICALDRIVE11 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9451\9&254CED59&0
DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DTVAULTPRIVACY30&REV_CLVX\000FFEC697CDB0A0B000DF8F&0
DeviceID: \\.\PHYSICALDRIVE13 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV_1.00\121220130416&0
DeviceID: \\.\PHYSICALDRIVE14 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\07014791E2C22032&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_PMAP\071055D329387500&0

---------- | Windows updates


---------- | Browsers

IE : 11.0.15063.0     (© Microsoft Corporation. Tous droits réservés.)
GC : 58.0.3029.96     (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Pale Moon\palemoon.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.171

---------- | Security

AV : Windows Defender Disabled
AS : Windows Defender Disabled
FW : adaware firewall Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

664 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
396 | [Owner : Système | Parent : 64() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
756 | [Owner : Système | Parent : 64() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.0) = C:\Windows\System32\wininit.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
772 | [Owner : Système | Parent : 748() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
876 | [Owner : Système | Parent : 748() | 10.36 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.250) = C:\Windows\System32\winlogon.exe     [26/04/2017 19:34:25]    CPU Usage:0 %
916 | [Owner : Système | Parent : 756(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.0) = C:\Windows\System32\services.exe     [18/03/2017 22:57:39]    CPU Usage:0 %
948 | [Owner : Système | Parent : 756(wininit.exe) | 12.85 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.0) = C:\Windows\System32\lsass.exe     [18/03/2017 22:57:36]    CPU Usage:0 %
60 | [Owner : UMFD-1 | Parent : 876(winlogon.exe) | 13.4 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe     [26/04/2017 19:34:26]    CPU Usage:0 %
996 | [Owner : UMFD-0 | Parent : 756(wininit.exe) | 3.61 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.138) = C:\Windows\System32\fontdrvhost.exe     [26/04/2017 19:34:26]    CPU Usage:0 %
832 | [Owner : Système | Parent : 916(services.exe) | 3.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1092 | [Owner : Système | Parent : 916(services.exe) | 20.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1136 | [Owner : SERVICE RÉSEAU | Parent : 916(services.exe) | 10.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1184 | [Owner : Système | Parent : 916(services.exe) | 8.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1284 | [Owner : DWM-1 | Parent : 876(winlogon.exe) | 58.07 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1348 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 6.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1388 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 14.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1396 | [Owner : Système | Parent : 916(services.exe) | 10.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1448 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 6.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1460 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 19.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1540 | [Owner : Système | Parent : 916(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1564 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 7.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1576 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 5.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1584 | [Owner : SERVICE RÉSEAU | Parent : 916(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1684 | [Owner : Système | Parent : 916(services.exe) | 13.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1788 | [Owner : SERVICE RÉSEAU | Parent : 916(services.exe) | 8.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1948 | [Owner : Système | Parent : 916(services.exe) | 8.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1968 | [Owner : Système | Parent : 916(services.exe) | 15.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1988 | [Owner : SERVICE RÉSEAU | Parent : 916(services.exe) | 8.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2016 | [Owner : Système | Parent : 916(services.exe) | 12.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2024 | [Owner : SERVICE RÉSEAU | Parent : 916(services.exe) | 10.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2032 | [Owner : Système | Parent : 916(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2160 | [Owner : Système | Parent : 916(services.exe) | 23.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2308 | [Owner : Jean-Marie | Parent : 1540(svchost.exe) | 21.4 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe     [18/03/2017 22:58:10]    CPU Usage:0 %
2400 | [Owner : Jean-Marie | Parent : 2376() | 128.1 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.168) = C:\Windows\explorer.exe     [26/04/2017 19:34:26]    CPU Usage:0 %
2528 | [Owner : Jean-Marie | Parent : 2400(explorer.exe) | 11.49 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\System32\ctfmon.exe     [18/03/2017 22:58:37]    CPU Usage:0 %
2936 | [Owner : Jean-Marie | Parent : 1092(svchost.exe) | 12.64 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2964 | [Owner : Jean-Marie | Parent : 2400(explorer.exe) | 7.21 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe     [23/04/2017 13:47:13]    CPU Usage:0 %
1036 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2292 | [Owner : Jean-Marie | Parent : 1092(svchost.exe) | 23.44 Mo] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.15063.0) = C:\Windows\HelpPane.exe     [18/03/2017 22:57:30]    CPU Usage:0 %
3292 | [Owner : Système | Parent : 1092(svchost.exe) | 9.07 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 22:58:01]    CPU Usage:0 %
3324 | [Owner : Système | Parent : 916(services.exe) | 8.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3776 | [Owner : Jean-Marie | Parent : 1092(svchost.exe) | 70.53 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.168) = C:\Windows\explorer.exe     [26/04/2017 19:34:26]    CPU Usage:0 %
3808 | [Owner : Jean-Marie | Parent : 3776(explorer.exe) | 37.02 Mo] - (.SosVirus - QuickDiag.) - (5.5.17.1) = C:\Users\Jean-Marie\Desktop\quickdiag_3_05.05.17.1.exe     [07/05/2017 20:32:39]    CPU Usage:0 %
2380 | [Owner : Jean-Marie | Parent : 3504() | 23.52 Mo] - (.-.) - (1.0.1.0) = C:\Program Files (x86)\SEAF\SEAF.exe     [17/10/2010 12:41:08]    CPU Usage:19 %
3260 | [Owner : Jean-Marie | Parent : 3776(explorer.exe) | 13.83 Mo] - (.Farbar - Aut2Exe.) - (3.3.12.0) = C:\Users\Jean-Marie\Desktop\ListParts64.exe     [07/05/2017 20:32:39]    CPU Usage:0 %
3716 | [Owner : Jean-Marie | Parent : 2400(explorer.exe) | 18.78 Mo] - (.Microsoft Corporation - Bloc-notes.) - (10.0.15063.0) = C:\Windows\System32\notepad.exe     [18/03/2017 22:58:29]    CPU Usage:0 %
3932 | [Owner : SERVICE RÉSEAU | Parent : 1092(svchost.exe) | 10.99 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 22:58:01]    CPU Usage:0 %
3280 | [Owner : SERVICE RÉSEAU | Parent : 1092(svchost.exe) | 9.54 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [18/03/2017 22:58:50]    CPU Usage:0 %

---------- | MD5

[MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - [26/04/2017 19:34:26] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4734.8 Ko] - (10.0.15063.168) : C:\WINDOWS\Explorer.exe
[MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 22:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe
[MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 22:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe
[MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.90224339656D3CFEC43150209B4CD38E] - [12/05/2017 04:32:09] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll
[MD5.EABFCDA6E996F8A32DC1B302F7683BB2] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\lsass.exe
[MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [12/05/2017 04:32:10] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 22:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.800D00D1A7ADA9E341CACDF287347584] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\services.exe
[MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe
[MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll
[MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe
[MD5.9A4BA96E87A1FD69381249557BDE2BF0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.D0F1FB0E90BFBD14865B770E2567BE1D] - [26/04/2017 19:34:25] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690.5 Ko] - (10.0.15063.250) : C:\WINDOWS\System32\Winlogon.exe
[MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 22:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 22:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.DD1A6F4998E7E21564FA9BAFE21C87ED] - [18/03/2017 22:56:19] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 22:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 22:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.E27876B335FEB441DA511030AA85624D] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1213.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.731FD52461C8107E5B19B9AEDBB82BFB] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2273.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 22:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 22:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.0907BD52E5264C0851A839D471F35DA0] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2619.9 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.2540384EF2EEE5BE930E3FB1061395DC] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. - TDI Translation Driver.) - [117.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.7.0) -- C:\skinpack\OldNewExplorer64.dll
(.www.startisback.com.-.StartIsBack++ brains and soul.) - (5.0.0.2201) -- C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll
(.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
(..-.Copy Handler Shell Extension.) - (1.44.917.0) -- C:\Program Files\Copy Handler\chext64.dll
(..-.Copy Handler Core.) - (1.44.917.0) -- C:\Program Files\Copy Handler\libchcore64u.dll
(..-.Async Logger Library.) - (1.44.917.0) -- C:\Program Files\Copy Handler\liblogger64u.dll
(.SQLite.-.SQLite.) - (3.15.1.0) -- C:\Program Files\Copy Handler\sqlite3_64.dll
(.Rebit, Inc..-.Rebit Pro Shell Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~2.DLL
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll
(.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll
(.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~1.DLL
(..-..) - (0.0.0.0) -- C:\Program Files\Unlocker\UnlockerCOM.dll
(.Remo Software.-.Remo File Eraser.) - (2.0.0.49) -- C:\Program Files (x86)\Remo File Eraser 2.0\64\rsh64.dll
(.Perigee Software.-.PerigeeCopy shell extension DLL.) - (1.6.0.0) -- C:\Program Files\PerigeeCopy\PerigeeCopy.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.LopeSoft.-.FileMenu Tools DLL.) - (7.2.1.0) -- C:\Program Files\LopeSoft\FileMenu Tools\FileMenuTools64.dll
(..-.DLLReg Module.) - (1.0.0.1) -- C:\Program Files (x86)\Batch Picture Resizer\DLLReg-x64.dll
(..-..) - (12.0.649.11190) -- C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll
(.WinZip Computing, S.L..-.WinZip Shell Extension DLL.) - (4.1.0.0) -- C:\Program Files\WinZip\wzshls64.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll
(.IObit.-.IObitUnlockerExtension.) - (1.2.0.2) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~1\TeraCopy\TERACO~2.DLL
(.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
(.Paramount Software UK Ltd.-.Reflect Shell Extension Context Menu.) - (6.1.865.0) -- C:\Program Files\Macrium\Reflect\RContextMenu.dll
(.IObit.-.Protected Folder Shell Extension.) - (4.2.0.0) -- C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll
(.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files (x86)\KillSoft\KillCopy\killcopy_amd64.dll
(..-..) - (1.0.0.2) -- C:\WINDOWS\SysWOW64\ISCM64.dll
(.Glarysoft Ltd.-.MHContextHandler.dll.) - (1.0.0.5) -- C:\Program Files (x86)\Glarysoft\Malware Hunter\x64\MHContextHandlerx64.dll
(.Glarysoft Ltd.-.Context Menu Handler.) - (5.0.0.15) -- C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (8.3.0.331) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (8.3.0.331) -- C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll
(.CHENGDU Yiwo Tech Development Co., Ltd..-.EverySync.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EUSyncExtMenux64.dll
(.Piriform Ltd.-.DefragglerShell.) - (2.21.0.993) -- C:\Program Files\Defraggler\DefragglerShell64.dll
(.SHADOWDEFENDER.COM.-.Shadow Defender Shell Extension.) - (1.4.0.665) -- C:\Program Files\Shadow Defender\ShellExt.dll
(.Disc Soft Ltd.-.DAEMON Tools Pro.) - (8.1.1.666) -- C:\Program Files\DAEMON Tools Pro\DTShl64.dll
(.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (11.0.914.0) -- C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt11.dll
(..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll
(.CyberLink Corp..-.CyberLink PowerDVDShell.) - (1.0.0.0) -- C:\ProgramData\CyberLink\PowerDVD17\OpenWith\PDVD_Shell64.dll
(..-..) - (0.0.0.0) -- : 3776
(.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.7.0) -- C:\skinpack\OldNewExplorer64.dll
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll
(.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
(.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~1.DLL
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtCore4.dll
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtNetwork4.dll
(..-..) - (4.7.3.0) -- C:\PROGRA~1\Rebit\REBITP~1\QtSql4.dll
(.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\cqt.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\LIBEAY32.dll
(..-..) - (0.0.0.0) -- C:\PROGRA~1\Rebit\REBITP~1\SSLEAY32.dll
(.www.startisback.com.-.StartIsBack++ brains and soul.) - (5.0.0.2201) -- C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
(.Remo Software.-.Remo File Eraser.) - (2.0.0.49) -- C:\Program Files (x86)\Remo File Eraser 2.0\64\rsh64.dll
(.Rebit, Inc..-.Rebit Pro Shell Extension.) - (5.1.3001.14505) -- C:\PROGRA~1\Rebit\REBITP~1\REBIT-~2.DLL
(..-..) - (1.0.0.2) -- C:\WINDOWS\SysWOW64\ISCM64.dll
(.Advanced Micro Devices, Inc..-.AMD Desktop Control Panel.) - (6.14.10.2001) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)


---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système
EPLTarget\P0000000000000001 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-710 Series" [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
DriverMax_RESTART - ( [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\...\Run]) - User: LFSULTRA-WIDEN\Jean-Marie
SkvrYkt-bd.exe - (C:\Program Files\DivX\NVODEUEV74SZJBUY8\SkvrYkt-bd.exe -r1_5 -r2_1 [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\...\Run]) - User: LFSULTRA-WIDEN\Jean-Marie
Interstatnogui - (C:\Users\Jean-Marie\AppData\Roaming\Interstatnogui\interstatnogui.exe [HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\...\Run]) - User: LFSULTRA-WIDEN\Jean-Marie
EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT
EPLTarget\P0000000000000001 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-710 Series" [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT
RocketDock - (C:\SkinPack\ROCKET~1\ROCKET~1.EXE  [Common Startup]) - User: Public
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"DriverMax_RESTART"=   
"SkvrYkt-bd.exe"=C:\Program Files\DivX\NVODEUEV74SZJBUY8\SkvrYkt-bd.exe -r1_5 -r2_1   
"Interstatnogui"=C:\Users\Jean-Marie\AppData\Roaming\Interstatnogui\interstatnogui.exe   [12/05/2017 12:33:10]

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"7vYzPEJttA.exe"=C:\Program Files\DivX\NVODEUEV74SZJBUY8\7vYzPEJttA.exe 2 0   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"CCleaner Monitoring"=0x03000000C0FC5C7C04C3D201   
"CyberGhost"=0x03000000F0715D7C04C3D201   
"DAEMON Tools Lite Automount"=0x0300000000995D7C04C3D201   
"DriverMax_RESTART"=0x0300000010C05D7C04C3D201   
"FileHippo.com"=0x03000000300E5E7C04C3D201   
"GUDelayStartup"=0x03000000300E5E7C04C3D201   
"ultracopier"=0x03000000505C5E7C04C3D201   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=C:\Users\Jean-Marie\Desktop\JRT.exe\1   
"MRUList"=hgbfedca   
"b"=wordpad\1   
"c"=C:\UsbFix\UsbFix.exe\1   
"d"=C:\Users\Jean-Marie\Desktop\AdsFix_Donate.lnk\1   
"e"=C:\Users\Jean-Marie\Desktop\pre-scan_7_26.04.17.1.exe\1   
"f"=notepad\1   
"g"=iexplore\1   
"h"=C:\Users\Jean-Marie\Desktop\adwcleaner_6.046.exe\1   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Foxit Reader PDF Printer,winspool,Ne06:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x040000000000000000000000   
"WindowsDefender"=0x040000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"StartCCC"=0x040000000000000000000000   
"BingDesktop"=0x03000000A0D91C8204C3D201   
"InstantBurn"=0x0300000010EB1D8204C3D201   
"LWS"=0x0300000060AE1E8204C3D201   
"MalTray"=0x03000000A04A1F8204C3D201   
"Malwarebytes TrayApp"=0x03000000D0BF1F8204C3D201   
"SecurityHealth"=0x030000000035208204C3D201   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL   [22/04/2017 17:57:34]
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=1   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D2A02A4539A47C   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"=C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey   
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide   
"InstantBurn"=C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe   [15/11/2016 11:34:22]
"Syncios device service"=C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe   [21/03/2017 08:19:20]
"WinZip Malware Protector_startup"="C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe" autolaunch   
"AppTrailers"=C:\Users\Jean-Marie\AppData\Roaming\AppTrailers\AppTrailers.exe su   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

CreateExplorerShellUnelevatedTask
C__Users_Jean-Marie_AppData_Local_Temp_9f3d653746e141159e1077112bd3c1a5_NetAdapterUpdate_setup.exe
EPSON XP-710 Series Invitation {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}
EPSON XP-710 Series Invitation {69791235-D3B3-45B7-A134-218554EE5C76}
EPSON XP-710 Series Invitation {AE5780A0-0AF2-4E57-8021-42C010C39E40}
EPSON XP-710 Series Invitation {FC6094E7-B8B4-44EE-9D76-76624B51979F}
EPSON XP-710 Series Update {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}
EPSON XP-710 Series Update {69791235-D3B3-45B7-A134-218554EE5C76}
EPSON XP-710 Series Update {AE5780A0-0AF2-4E57-8021-42C010C39E40}
EPSON XP-710 Series Update {FC6094E7-B8B4-44EE-9D76-76624B51979F}
Health-Check-deep
Health-Check

---------- | Startings up registry ? Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=b8bc2640-9974-4a30-9a2f-d6d7255   
"GlassSessionId"=1   
"fDenyChildConnections"=0   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   
"AutoChkTimeout"=5   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=AcrSch2Svc
UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN  SAFEBOOT:NETWORK  NOGUIBOOT  BOOTLOGO   
"SystemBootDevice"=multi(0)disk(0)rdisk(5)partition(3)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(5)partition(1)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   
"DirtyShutdownCount"=13   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [10/11/2016 15:52:04]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaPid"=948   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   


---------- | .LNK with Arguments

c:\users\jean-marie\desktop\desktop cleaner for 1st bing images lfsu100%sf pt f sigma - others apps\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
c:\users\jean-marie\desktop\lfs ultra & 100% sécurisé part f sigma bis apps\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
c:\users\jean-marie\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
c:\users\jean-marie\desktop\souvenir seule dernier version findykill et backup dextop 1er septem 2016\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\WINDOWS\web\wallpaper\Mint.jpg   [26/05/2016 13:33:08]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=0   
"MaxVirtualDesktopDimension"=1280   
"MaxMonitorDimension"=1280   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100C37B080080070000B004000045C4FE7CF4CAD20143003A005C00550073006500720073005C004A00650061006E002D004D0061007200690065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00420069006E0067004400650073006B0074006F0070005C007400680065006D00650073005C0032003000310037002D00300035002D00310032002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2476127030   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"WaitToKillAppTimeout"=200   
"ScreenSaverIsSecure"=1   
"ForegroundLockTimeout"=0   
"MenuShowDelay"=0   
"AutoEndTasks"=1   
"HungAppTimeout"=4000   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSimpleNetIDList"=1   
"NoDriveTypeAutoRun"=221   
"NolowDiskSpaceChecks"=1   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DD42402004E3AAA90BA1C3342B8BB535773D48449E0C602005D54A9A2C2A0B4429708A0B2BADD77C907D101005D54A9A2C2A0B4429708A0B2BADD77C83A6B04000493D7E0BE84CE119641444553540000B5DB0100   
"GlobalAssocChangedCounter"=449   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=4   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"Browse For Folder Width"=347   
"Browse For Folder Height"=328   
"link"=0x00000000   
"DesktopProcess"=1   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"StoreAppsOnTaskbar"=1   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=1   
"SeparateProcess"=1   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewShadow"=1   
"StartMenuInit"=13   
"TaskbarStateLastRun"=0x7115155900000000   
"ReindexedProfile"=1   
"DisablePreviewDesktop"=0   
"TaskbarSmallIcons"=0   
"VirtualDesktopTaskbarFilter"=0   
"VirtualDesktopAltTabFilter"=0   
"Start_SearchPrograms"=1   
"Start_PowerButtonAction"=2   
"Start_ShowRecentDocs"=1   
"Start_ShowMyDocs"=1   
"ShellViewReentered"=1   
"nonetcrawling"=1   
"ListviewAlphaSelect"=0   
"TaskbarAnimations"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"EnableLinkedConnections"=1   
"UacDisableNotify"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=0   
"NoActiveDesktopChanges"=0   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=Off   
"GlobalAssocChangedCounter"=118   
"Max Cached Icons"=2000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"EnableLinkedConnections"=1   
"UacDisableNotify"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=0   
"NoActiveDesktopChanges"=0   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=218   
"Max Cached Icons"=2000   
"SmartScreenEnabled"=Off   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=15063   
"FirstLogon"=0   
"PUUActive"=0x3A3934BC01000C0016005200FCDF0100CFEB0100FB060400D100000002001A00CCE71445A31D0A00A31D0A00BEAE0000709A0000211900000000000029300400FB400000930100009C5D28EF0BCBD201FCDF0100000000000100000000000000   
"DP"=0xCE0058001D000C00160000003A3934BC1C199A00000000009C5D28EF0BCBD20184FEB26BF4CAD201D6745F000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ParseAutoexec"=1   
"AutoRestartShell"=0   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"LastLogOffEndTimePerfCounter"=653353465   
"ShutdownFlags"=2147484711   
"AutoAdminLogon"=0   
"DefaultUserName"=MicrosoftAccount\jean-marie.carribon@wanadoo.fr   
"ShutdownWithoutLogon"=0   
"AutoRestartShell"=0   
"DisableCad"=1   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"userinit"=C:\WINDOWS\SYSWOW64\userinit.exe,   
"AutoRestartShell"=1   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""="%SystemRoot%\system32\NOTEPAD.EXE" %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""="%SystemRoot%\system32\NOTEPAD.EXE" %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"   
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients\StartMenuInternet\Torch.GDN6ZTIOQTOJMYEEE4OGX2YXRU\Shell\open\Command]
""="C:\Users\Jean-Marie\AppData\Local\Torch\Application\torch.exe"   
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients\StartMenuInternet\Torch.GDN6ZTIOQTOJMYEEE4OGX2YXRU\InstallInfo]
"ReinstallCommand"="C:\Users\Jean-Marie\AppData\Local\Torch\Application\torch.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"   
[HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal


---------- | AppcompatFlags

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Jean-Marie\AppData\Local\Temp\nsu3F90.tmp\DivXSetup.exe"=1
"C:/Users/Jean-Marie/Documents/tuxboot-0.8.2.exe"=1
"C:\Users\JEAN-M~1\AppData\Local\Temp\is-8B7A7.tmp\CountInstallation.exe"=1
"C:\Users\Jean-Marie\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe"=1

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.MEDIA=3EFFE utils\win64\syslinux64.exe"=0x534143500100000000000000070000002800000000CC03005617040001000000000000000000030673000000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DB000000000000000100000001000000
"SIGN.MEDIA=2F4BF31 Download\winzip210fr.exe"=0x534143500100000000000000070000002800000060EA9D0996C69E090100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000A7EFFA0E000000000200000002000000
"SIGN.MEDIA=2F4BF31 Download\adksetup.exe"=0x5341435001000000000000000700000028000000E87A1A0095901A0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000061AC5800000000000100000001000000
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000E8C62601C886270101000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000572B880E000000000600000006000000
"SIGN.MEDIA=E6B61694 mort du porc - otlpe and pc mover pro 10 michel\pcmover_fr_10.exe"=0x5341435001000000000000000700000028000000F0819804DD2C99040100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000EEA70200000000000100000001000000
"SIGN.MEDIA=2F4BF31 Download\autoit-v3-setup.exe"=0x53414350010000000000000007000000280000003047BB0047F8BB000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000045C51A00000000000100000001000000
"C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE"=0x534143500100000000000000070000002800000018DE2900D53E2A000100000000000000000003060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000003E15508000000000300000003000000
"C:\Users\Jean-Marie\Downloads\marmiton-install.exe"=0x5341435001000000000000000700000028000000D0E90B00000000000100000000000000000000067102000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008F310000000000000100000001000000
"C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector\PrivacyProtector.exe"=0x5341435001000000000000000700000028000000701322005572220001000000000000000000000AF122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007CE50700000000000100000001000000
"C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe"=0x5341435001000000000000000700000028000000F018D400805ED4000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC2C0000000000000100000001000000
"C:\Program Files (x86)\EPSON Software\Print CD\PrintCD.exe"=0x5341435001000000000000000700000028000000D0EC4800A1A0490001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009CF31600000000000100000001000000
"C:\Program Files (x86)\CyberLink\AppManager\AppManager.exe"=0x534143500100000000000000070000002800000018E103002636040001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000054E82103000000000200000002000000
"C:\Program Files\WinZip\WINZIP64.EXE"=0x53414350010000000000000007000000280000006068BD04446BBD0401000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000160A8600000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe"=0x534143500100000000000000070000002800000010A61400A6A9140001000000000000000000010671220000E63F486B2AA0D20100000080000000000200000028000000000000000000000000000000000000000000000000000000763D0000000000000F0000000F000000
"C:\Users\Jean-Marie\AppData\Roaming\UsbFix\UsbFix.exe"=0x534143500100000000000000070000002800000000D41B004B0A1C0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000095BE8200000000000100000001000000
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe"=0x534143500100000000000000070000002800000050491300C18313000100000000000000000002067122000033504C2B57DFD1010000008000000000
"C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"=0x534143500100000000000000070000002800000018DF0800A839090001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000067940200000000000100000001000000
"C:\Users\Jean-Marie\Documents\tuxboot-0.8.2.exe"=0x534143500100000000000000070000002800000000004E000000000001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003EC51500000000000100000001000000
"C:\Program Files (x86)\ISO to USB\isotousb.exe"=0x5341435001000000000000000700000028000000003A1E00000000000100000000000000000003067122000033504C2B57DFD101000000000000000002000000280000000000000000000040000002000000000000000000000000004C2CC600000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D87E3801682C390101000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Jean-Marie\Downloads\VimeoDownload_2.1.31.315_o.exe"=0x5341435001000000000000000700000028000000A81E16001A1C170001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3383B00000000000100000001000000
"C:\Users\Jean-Marie\Downloads\SoundCloudDownload_2.1.31.315_o.exe"=0x5341435001000000000000000700000028000000F01E16000E70160001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A1F53A00000000000100000001000000
"C:\Users\Jean-Marie\Downloads\setup_YoutubeToMp3.exe"=0x534143500100000000000000070000002800000010E2AE002537AF000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E0A50100000000000100000001000000
"C:\Users\Jean-Marie\Downloads\setup_streamrecorder.exe"=0x5341435001000000000000000700000028000000953EA400000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C79D0000000000000100000001000000
"C:\Users\Jean-Marie\Downloads\Setup_FreeVimeoDownloader.exe"=0x5341435001000000000000000700000028000000C0D63100000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000033C20400000000000100000001000000
"C:\Users\Jean-Marie\Downloads\ccsetup529.exe"=0x5341435001000000000000000700000028000000504A8F006F958F0001000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Jean-Marie\Downloads\rcsetup153 (1).exe"=0x534143500100000000000000070000002800000060E254009B9B55000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E96F0800000000000100000001000000
"C:\Users\Jean-Marie\Downloads\dfsetup221.exe"=0x5341435001000000000000000700000028000000E87D460050E546000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000CD070400000000000100000001000000
"C:\Users\Jean-Marie\Downloads\gu5setup (1).exe"=0x5341435001000000000000000700000028000000483F000129ED00010100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E1030800000000000100000001000000
"C:\Users\Jean-Marie\Downloads\gunsetup.exe"=0x534143500100000000000000070000002800000068FF4E00D20D4F000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006BF70100000000000100000001000000
"C:\Users\Jean-Marie\Documents\fondamentaux 1er semestre 2014 + lfsu100%sf part F\Cameyo.exe"=0x5341435001000000000000000700000028000000A90DE7009A991B0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C4EB0400000000000200000002000000
"C:\Users\Jean-Marie\Documents\fondamentaux 1er semestre 2014 + lfsu100%sf part F\everysync_trial.exe"=0x5341435001000000000000000700000028000000A87F91014209920101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002FD90200000000000100000001000000
"C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe"=0x5341435001000000000000000700000028000000D07508007C88080001000000000000000000000A71220000E63F486B2AA0D20100000080000000000200000028000000000000000000000000000000000000000000000000000000D1963800000000000400000004000000
"C:\Users\Jean-Marie\Desktop\JRT.exe"=0x5341435001000000000000000700000028000000B8E6180017AD190001000000000000000000010671020000E63F486B2AA0D20100000000000000000200000050000000000000000000004000000000000000000000000000000000F4336200000000000200000001000000000000000000000000000000000000000000000000000000A1F64900000000000100000000000000
"C:\Program Files (x86)\Kastor Tube To Mp3\TubeToMp3.exe"=0x534143500100000000000000070000002800000020B71400BFA5150001000000000000000000000AF122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005ACA3700000000000100000001000000
"C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe"=0x5341435001000000000000000700000028000000C0342400BB67240001000000000000000000030671020000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D2441206000000000600000006000000
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x5341435001000000000000000700000028000000982C53027375530201000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009148B200000000000100000001000000
"C:\Users\Jean-Marie\Downloads\free_partition_manager.exe"=0x534143500100000000000000070000002800000093273800000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000041ED8D00000000000100000001000000
"C:\Program Files (x86)\Amazing-Share\Free Partition Manager\Free Partition Manager.exe"=0x534143500100000000000000070000002800000000AA4F00866B500001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D09A8002000000000900000009000000
"C:\Users\Jean-Marie\Downloads\ashampoo_snap_10_10.0.1_sm.exe"=0x534143500100000000000000070000002800000048475803D6AF580301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000965E7E00000000000100000001000000
"C:\Users\Jean-Marie\Downloads\WJSSetup.exe"=0x5341435001000000000000000700000028000000B83E1C0062931C0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000DD91000000000000100000001000000
"C:\Users\Jean-Marie\Downloads\qsearchsetup.exe"=0x534143500100000000000000070000002800000068F959001AF45A000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000EF2A0200000000000100000001000000
"C:\Users\Jean-Marie\Downloads\processclose_2_08.01.17.1.exe"=0x5341435001000000000000000700000028000000A8270F003B5B0F0001000000000000000000000A0021000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000050DD0000000000000300000003000000
"C:\Program Files\FreeFileSync\FreeFileSync.exe"=0x5341435001000000000000000700000028000000A81407002600080001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A0E58E02000000001800000018000000
"C:\Users\Jean-Marie\Downloads\setup.exe"=0x534143500100000000000000070000002800000090841B0250D61B0201000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000001E7CC604000000000100000001000000
"C:\Users\Jean-Marie\Downloads\mb3-setup-35891.35891-3.0.6.1469-10103.exe"=0x5341435001000000000000000700000028000000782C95035A17960301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F0692F00000000000100000001000000
"C:\Users\Jean-Marie\Downloads\winrar-x64-540fr.exe"=0x5341435001000000000000000700000028000000A0C322000A67230001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004B530100000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\StartCodySafe.exe"=0x5341435001000000000000000700000028000000E4C90200000000000100000000000000000001060021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000089DA0500000000000200000002000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\PortableApps\Wise Disk Cleaner Free\WiseDiskCleaner.exe"=0x53414350010000000000000007000000280000001028540008FE540001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000A54F1400000000000200000002000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\CodySafe_Sigma_Setup.exe"=0x5341435001000000000000000700000028000000BEEB2500000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000042EA2903000000000200000002000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\Yin & Yang Theme for CodySafe.exe"=0x534143500100000000000000070000002800000035420E00000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000025EC0000000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\codysafe sigma\Green Theme for CodySafe.exe"=0x5341435001000000000000000700000028000000042B1000000000000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000001000000000000000000000000000004EE00000000000000100000001000000
"C:\Program Files\Unlocker\Unlocker.exe"=0x534143500100000000000000070000002800000000E801000000000001000000000000000000020673220000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002A690000000000000500000005000000
"C:\Program Files\JAM Software\TreeSize\TreeSize.exe"=0x5341435001000000000000000700000028000000F0C35302DB6E540201000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000500000000000000000000040000000000000000000000000000000007AE50100000000000100000001000000000000000000000000000000000000000000000000000000591D0400000000000300000000000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SkinPacks_4019809995.exe"=0x534143500100000000000000070000002800000057AE1300000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F0720300000000000100000001000000
"C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD.exe"=0x534143500100000000000000070000002800000028040800FAD6080001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000044022700000000000100000001000000
"C:\Program Files (x86)\ArcSoft\VideoImpression 1.6\videoimp.exe"=0x534143500100000000000000070000002800000000A00B00000000000100000000000000000001057120000033504C2B57DFD101000000000000000002000000280000000000000000000000000400000000000000000000000000005CBB0100000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SkinPacks_1222307597.exe"=0x534143500100000000000000070000002800000057AE1300000000000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000016000200000000000100000001000000
"C:\Program Files\CCleaner\CCleaner.exe"=0x5341435001000000000000000700000028000000D8C871003A24720001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F2040000000000000100000001000000
"C:\Pre_Scan\Pre_Scan_Restore.exe"=0x534143500100000000000000070000002800000010D613009C80140001000000000000000000000A0021000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000050460000000000000100000001000000
"C:\Users\Jean-Marie\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000262A0022722A000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006EF05500000000000100000001000000
"C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C8DE1200E6C9130001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000043147D00000000000100000001000000
"C:\Program Files\CyberGhost 6\CyberGhost.exe"=0x5341435001000000000000000700000028000000302E1200179D120001000000000000000000000A80210000E78E163C2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000090450100000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x53414350010000000000000007000000280000000086440027CF440001000000010000000000000A63220000E78E163C2AA0D2010000000000000000
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe"=0x5341435001000000000000000700000028000000D8114400F1B9440001000000000000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000D807B6007252B60001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000019107502000000000600000006000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\VimeoDownload_2.1.31.315_o.exe"=0x5341435001000000000000000700000028000000A81E16001A1C170001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000820A0600000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\FreeStudio_6.6.35.323_o.exe"=0x5341435001000000000000000700000028000000081F1600B442160001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F69B2000000000000100000001000000
"C:\Program Files (x86)\Silent Install Builder 5\Sib.exe"=0x5341435001000000000000000700000028000000008A0B000000000001000000000000000000000A80210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000754A2B00000000000100000001000000
"J:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\ou a i a wonder'dar & le pavillon de l'hor'dar\filmora_setup_full1084.exe"=0x5341435001000000000000000700000028000000906812003E4D130001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E6B76600000000000100000001000000
"J:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\ou a i a wonder'dar & le pavillon de l'hor'dar\tidymymusic_full1686.exe"=0x534143500100000000000000070000002800000000E227015198280101000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000058160300000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\SIB\Packages\420e\out\anti-malware-setup_sib.exe"=0x5341435001000000000000000700000028000000A93A9B250000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000500000000000000000000000000000000000000000000000000000008E625D00000000000100000001000000000000000000004000000000000000000000000000000000E1625C00000000000100000000000000
"J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\MI245Setup\MI245Setup.exe"=0x534143500100000000000000070000002800000076A33E000000000001000000000000000000000A61200000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000001A500200000000000100000001000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000C07E3B00881C3C0001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000025B13A00000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\cb link media suite 15 utilities lite\StartCodySafe.exe"=0x5341435001000000000000000700000028000000E4C902000000000001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000079880000000000000100000001000000
"L:\fondamentaux 1er semestre 2014 + lfsu100%sf part F\lfs ultra & 100% sécurisé finalis part. F\lfs u & 100% sec finalis part F Sigma\cb link media suite 15 utilities lite\Start.exe"=0x534143500100000000000000070000002800000000CD15009B98160001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BD280500000000000100000001000000
"C:\Program Files (x86)\TechSmith\Jing\Jing.exe"=0x5341435001000000000000000700000028000000F86B2C00FA272D0001000000000000000000000AF1220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000001F02AD02000000000100000001000000
"C:\Program Files (x86)\Eyes Relaxing And Focusing 3.0\Eyes.exe"=0x5341435001000000000000000700000028000000008814000000000001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B2190000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe"=0x5341435001000000000000000700000028000000A87D6300E23A640001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000096C10100000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\Vision\vision-dynamic.exe"=0x5341435001000000000000000700000028000000C08404001846050001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000020A0000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\LFS Ultra - 100 % Sécurisé - Cewbé Suite v5.0\interface_utilisateur_ecb_v5\CaisseEpargne.exe"=0x534143500100000000000000070000002800000020D822003BF0220001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BF8C0000000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\DailymotionVideoAdBlocker\DailymotionVideoAdBlocker.exe"=0x5341435001000000000000000700000028000000001426000000000001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000383D0000000000000100000001000000
"J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\free_screen_recorder.exe"=0x53414350010000000000000007000000280000008CC1C7000000000001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002A420300000000000100000001000000
"J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\free_any_data_encryption.exe"=0x53414350010000000000000007000000280000008A9E12000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000700C0400000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX Blocker Suite\GoogleAdBlocker.exe"=0x5341435001000000000000000700000028000000009A35000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000000F700000000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX Network Suite\WiFiHotspotScanner.exe"=0x534143500100000000000000070000002800000000F026000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E76F0200000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX System Suite\EnableAdmin.exe"=0x534143500100000000000000070000002800000000DE02000000000001000000000000000000020671020000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DC340000000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX System Suite\Exe64bitDetector.exe"=0x5341435001000000000000000700000028000000003E06000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002B250000000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX System Suite\WindowsUACManager.exe"=0x534143500100000000000000070000002800000000DC02000000000001000000000000000000020671220000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E2520000000000000100000001000000
"C:\Program Files (x86)\SecurityXploded\SX WiFi Security Suite\WiFiPasswordDecryptor.exe"=0x5341435001000000000000000700000028000000009628000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E66E0000000000000100000001000000
"J:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\EJjplDh7z8h_CTR.exe"=0x5341435001000000000000000700000028000000008E1200D47E130001000000000000000000030600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FFDB0200000000000100000001000000
"C:\Users\Jean-Marie\Downloads\RegistryFirstAid_AQFR.exe"=0x5341435001000000000000000700000028000000E8388B0056F18B0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000027582000000000000100000001000000
"C:\Users\Jean-Marie\Downloads\pdf2wordd.exe"=0x53414350010000000000000007000000280000005DB60C000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000DC190100000000000100000001000000
"C:\Users\Jean-Marie\Downloads\SmartPrivacyCleaner_FR.exe"=0x534143500100000000000000070000002800000000EA14008BAE150001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D07E1800000000000100000001000000
"C:\Users\Jean-Marie\Downloads\OnlineVideoRecorder_3_4_4_AQFR.exe"=0x5341435001000000000000000700000028000000208F0101A5BA010101000000000000000000020600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000E361500000000000100000001000000
"C:\Users\Jean-Marie\Downloads\Setup_SupersonicPC_2015.exe"=0x534143500100000000000000070000002800000010599B0076929B0001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DF020D00000000000100000001000000
"C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe"=0x5341435001000000000000000700000028000000184C56007D55560001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000F000000000000000000000000000000000620A0300000000000100000001000000
"C:\Users\Jean-Marie\Desktop\lfs ultra & 100% sécurisé part F sigma bis apps\ProtectedFolder13-2na2kz\Setup.exe"=0x5341435001000000000000000700000028000000700831009398310001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000080A80100000000000100000001000000
"C:\Users\Jean-Marie\Desktop\lfs ultra & 100% sécurisé part F sigma bis apps\ZM-VE350_Firmware_Ver2.01\ZALMAN_VE350_3637E_FWUpdater_V2.01.exe"=0x53414350010000000000000007000000280000002B7F18000000000001000000000000000000010600010000E63F486B2AA0D201000000800000000002000000280000000000000000000000000000000000000000000000000000006C360100000000000100000001000000
"C:\Users\Jean-Marie\Desktop\lfs ultra & 100% sécurisé part F sigma bis apps\KotobeePublisher\KotobeePublisher.exe"=0x5341435001000000000000000700000028000000380BC90361F6C90301000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000F29E3400000000000100000001000000
"C:\Users\Jean-Marie\Documents\Mes téléchargements Filehippo\ReflectDL.exe"=0x5341435001000000000000000700000028000000D01936008FE3360001000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000025B10601000000000100000001000000
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000408D0C004F450D0001000000010000000000000A00210000E63F486B2AA0D2010000000000000000
"C:\Program Files (x86)\Online Video Recorder\OnlineVideoRecorder.exe"=0x5341435001000000000000000700000028000000006C2900390B270001000000000000000000020671220000E63F486B2AA0D2010000000000000000
"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2017\burningstudio2017.exe"=0x5341435001000000000000000700000028000000B8FD9401F73B950101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004D2A0300000000000200000002000000
"C:\Users\Jean-Marie\Documents\Mes téléchargements Filehippo\gu5setup.exe"=0x5341435001000000000000000700000028000000E034000156C7000101000000000000000000010600010000E63F486B2AA0D2010000000000000000
"C:\Users\Jean-Marie\Downloads\majorgeeks_software_updates_and_news_setup.exe"=0x5341435001000000000000000700000028000000D8034000AFB7400001000000000000000000030600010000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000EB3E8202000000000100000001000000
"C:\Program Files\Pale Moon\palemoon.exe"=0x5341435001000000000000000700000028000000682C06002434060001000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000680E7E02000000000A0000000A000000
"C:\Users\Jean-Marie\Downloads\siinst.exe"=0x534143500100000000000000070000002800000090FC3800D407390001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000010EE6902000000000100000001000000
"C:\Users\Jean-Marie\Downloads\setup (1).exe"=0x534143500100000000000000070000002800000030781B02160B1C0201000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000009BA06602000000000100000001000000
"C:\Users\Jean-Marie\Downloads\cyberlink-power2go_Essential-11.0.exe"=0x5341435001000000000000000700000028000000E0CE140046F5454801000000000000000000020600010000E63F486B2AA0D2010000000000000000
"C:\Users\Jean-Marie\Downloads\cyberlink-power2go_Essential-11.0 [1].exe"=0x534143500100000000000000070000002800000018CF1100C13E120001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FE9DE501000000000100000001000000
"C:\Users\Jean-Marie\Downloads\cyberlink-power2go_Essential-11.0 (1).exe"=0x5341435001000000000000000700000028000000E0CE140046F5454801000000000000000000020600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000001B33C00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\ReimageRepair.exe"=0x5341435001000000000000000700000028000000003B09002959090001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A0193500000000000100000001000000
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x5341435001000000000000000700000028000000A8D08B0011B48C0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000036260000000000000100000001000000
"C:\Program Files (x86)\Glary Utilities 5\Integrator.exe"=0x534143500100000000000000070000002800000000BC0D00CEEB0D0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000028870200000000000300000003000000
"C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe"=0x5341435001000000000000000700000028000000F87F2300A760240001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A4380000000000000200000002000000
"C:\Users\Jean-Marie\Desktop\rkill.exe"=0x5341435001000000000000000700000028000000C8FB1E00BB8D1F0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000DF230E00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\camstudio.exe"=0x534143500100000000000000070000002800000068171D00A4D1CB1401000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D8794E00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\Greenshot-INSTALLER-1.2.9.129-RELEASE.exe"=0x5341435001000000000000000700000028000000D02F1B003A161C0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B1E3C700000000000100000001000000
"C:\Program Files\Greenshot\Greenshot.exe"=0x5341435001000000000000000700000028000000B00D08001737080001000000000000000000000A80210000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D24D0000000000000100000001000000
"C:\Program Files (x86)\Amazing-Share\Free Screen Recorder\Free Screen Recorder.exe"=0x5341435001000000000000000700000028000000005615008C7B150001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003D282D00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\CyberLink_Power2Go_Downloader.exe"=0x534143500100000000000000070000002800000018CF1100F8C7120001000000000000000000000A71220000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006E510300000000000100000001000000
"SIGN.MEDIA=3F58288 Setup file of CyberLink Power2Go 11 Essentials\CyberLink_Power2Go_11 stub install.exe"=0x534143500100000000000000070000002800000018CF1100AFAB120001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000046AD1E00000000000100000001000000
"C:\Program Files (x86)\CyberLink\Power2Go11\Trial\TrialMgr.exe"=0x5341435001000000000000000700000028000000181F02009834020001000000000000000000000A71200000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000001C680100000000000A0000000A000000
"C:\Program Files (x86)\CyberLink\Power2Go11\Power2Go.exe"=0x534143500100000000000000070000002800000018216300C6F9630001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E1330000000000000100000001000000
"C:\Users\Jean-Marie\Downloads\Cameyo.exe"=0x5341435001000000000000000700000028000000A90DE7009A991B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000747C1A00000000000100000001000000
"C:\Users\Jean-Marie\Documents\Windows 10 Transformation Pack 7.0\Windows 10 Transformation Pack 7.0.exe"=0x53414350010000000000000007000000280000001FDE78080802060001000000000000000000010671020000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006E010200000000000100000001000000
"C:\Users\Jean-Marie\Documents\Windows 10 UX Pack 7.0\Windows 10 UX Pack 7.0.exe"=0x5341435001000000000000000700000028000000E42823060802060001000000000000000000010671020000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000000E310100000000000100000001000000
"C:\Program Files (x86)\XYplorerFree\XYplorerFree.exe"=0x5341435001000000000000000700000028000000A0316A009D076B0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002E42F900000000000600000006000000
"C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe"=0x5341435001000000000000000700000028000000008C540031C3540001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000010000000000000000000000000000005000C00000000000100000001000000
"C:\Program Files\Software Informer\softinfo.exe"=0x5341435001000000000000000700000028000000004C19000000000001000000000000000000000A73220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000000BA54500000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\jing.exe"=0x534143500100000000000000070000002800000018386600B730670001000000000000000000000671020000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008FEA0000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\wink20-1060(2)\wink20.exe"=0x5341435001000000000000000700000028000000C35133000000000001000000000000000000010571000000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000D25A0000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\4 - tool for copy phd9 & yc8 setup & pr. files\WinMend-File-Copy.exe"=0x5341435001000000000000000700000028000000F9BA2D000000000001000000000000000000000A41200000E63F486B2AA0D20100000000000000000200000028000000000000000008004000000000000000000000000000000000E58B0000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\4 - tool for copy phd9 & yc8 setup & pr. files\MiniCopier-0.5-Windows-Setup.exe"=0x5341435001000000000000000700000028000000FD3132010000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000593C0100000000000100000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\4 - tool for copy phd9 & yc8 setup & pr. files\modern.exe"=0x534143500100000000000000070000002800000087CC00000000000001000000000000000000010571000000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000070170000000000000100000001000000010000000400000001000000
"C:\Users\Jean-Marie\Desktop\Tuto 'n' copy apps for yc8 & phd9\4 - tool for copy phd9 & yc8 setup & pr. files\pscopy-1.7.exe"=0x5341435001000000000000000700000028000000B62F0C000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000845A0000000000000100000001000000
"C:\Users\Jean-Marie\Downloads\setup (2).exe"=0x5341435001000000000000000700000028000000987D3E01F58F3E0101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006E4C4100000000000100000001000000
"C:\UsbFix\UsbFix.exe"=0x5341435001000000000000000700000028000000E0AD1B0095BE1B0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DD2B0100000000000100000001000000
"C:\Program Files\UCheck\UCheck64.exe"=0x534143500100000000000000070000002800000048529D01B07A9D0101000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000074CE1C00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\pre-scan_7_26.04.17.1.exe"=0x5341435001000000000000000700000028000000A89D35007D17360001000000000000000000000A00210000E63F486B2AA0D2010000000000000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\VoleEdut\Setup.exe"=0x534143500100000000000000070000002800000060CC2600C3AE270001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000AF6F0400000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\hissenit masterdata.exe"=0x534143500100000000000000070000002800000060F52200EF40230001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A02E0700000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\FoxitReader83_L10N_Setup_Prom.exe"=0x534143500100000000000000070000002800000068FBE104F222E20401000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A3575600000000000100000001000000
"C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe"=0x5341435001000000000000000700000028000000C8524B031DDA4B0301000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000010000000000000000000000000000000007D8A0000000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0030600738C060001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000029640000000000000200000002000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 6 - skinpacks\SkinPacks_0935714767.exe"=0x5341435001000000000000000700000028000000C32713000000000001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000099D80100000000000100000001000000
"K:\barrow 2 & widen 100% sécurisé\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\Download\processclose_1.0.0.3 (1).exe"=0x534143500100000000000000070000002800000000140F0001DC0F0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B6500200000000000100000001000000
"C:\Program Files (x86)\Anvsoft\Syncios\adb.exe"=0x534143500100000000000000070000002800000000AA15002AE3150001000000000000000000010571000000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000096FAF800000000000700000007000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 17 ~ EASE FILE LOCKER\EFL2.2_Setup(x64).exe"=0x5341435001000000000000000700000028000000B05106004515070001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000576C0000000000000100000001000000
"C:\Program Files (x86)\CyberLink\Shared files\EffectExtractor.exe"=0x534143500100000000000000070000002800000018AD4800431D490001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000098610000000000000500000005000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - folderico apps part 2\FolderIcoSetup.exe"=0x53414350010000000000000007000000280000001E0EA9000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000051B0100000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 10 - folderico  apps part 1\FolderIcoSetup.exe"=0x53414350010000000000000007000000280000001E0EA9000000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000033B30000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-shredder.exe"=0x5341435001000000000000000700000028000000903AAE001368AE0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A4CA0300000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-defrag.exe"=0x5341435001000000000000000700000028000000B0118200B1F4820001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D6980300000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-wipe.exe"=0x534143500100000000000000070000002800000060FD7C00CA407D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000043310300000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-registry.exe"=0x5341435001000000000000000700000028000000484DDF003D64DF0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000021700300000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-privacy-cleaner-windows.exe"=0x5341435001000000000000000700000028000000E09DA000CC7DA10001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FFFC0300000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\tenorshare-igetting-audio-trial.exe"=0x53414350010000000000000007000000280000003C80E0000000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000B2C60200000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\dixmlsetup.exe"=0x534143500100000000000000070000002800000010E01E006ECF1F0001000000000000000000000A41200000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000002F770100000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\trolcommander-0_9_7-setup.exe"=0x53414350010000000000000007000000280000002025FC010000000001000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000544D0000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux récompense lfsu100%sf\mucommander-0.9.1.exe"=0x5341435001000000000000000700000028000000F8C796000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000502C0000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux récompense lfsu100%sf\PDQDeploy.12.1.0.0.exe"=0x5341435001000000000000000700000028000000B0B790027833910201000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000057660400000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux récompense lfsu100%sf\PDQInventory.12.3.0.0.exe"=0x534143500100000000000000070000002800000060B74B0233294C0201000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000037AA0400000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux récompense lfsu100%sf\SyncBackTouch_Setup.exe"=0x5341435001000000000000000700000028000000D8AD2100701F220001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000262D0100000000000100000001000000
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"=0x534143500100000000000000070000002800000020756B0093EC6B0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000068586B00000000000100000001000000
"C:\Users\Jean-Marie\Desktop\winrar-x64-540fr.exe"=0x5341435001000000000000000700000028000000A0C322000A67230001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000098690000000000000100000001000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090AB170059E6170001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000064A30000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\ATI2016WD_build33\AcronisTrueImageWDEdition_33.exe"=0x5341435001000000000000000700000028000000809D9B16D0F99B1601000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000053955700000000000100000001000000
"C:\Users\Jean-Marie\AppData\Local\Temp\E5CC7AF4-8DFF-4D9A-B509-FA3D611B98D6\securezone_upgrade_standard.exe"=0x5341435001000000000000000700000028000000D8857800CBCB780001000000000000000000010600010000E63F486B2AA0D20100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000261E0000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\VuzeLeapSetup.exe"=0x5341435001000000000000000700000028000000D08D1500AC80160001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000009541100000000000100000001000000
"C:\Users\Jean-Marie\Desktop\VuzeBittorrentClientInstaller.exe"=0x5341435001000000000000000700000028000000A0660100F4D6010001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C12B1100000000000100000001000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040930C00D5A10C0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Users\Jean-Marie\Desktop\uncomsetup3.57(build1215) (1).exe"=0x5341435001000000000000000700000028000000901EA301B066A30101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000934E0200000000000100000001000000
"C:\Users\Jean-Marie\Desktop\uncomsetup0.96(build789).exe"=0x5341435001000000000000000700000028000000F0B55D00F9DA5D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000002240000000000000100000001000000
"C:\Users\Jean-Marie\Desktop\processclose_2_08.01.17.1.exe"=0x5341435001000000000000000700000028000000A8270F003B5B0F0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000005240300000000000200000002000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeaux pack 19 - 6 au 12 mai\ashampoo_startup_tuner200_fm.exe"=0x534143500100000000000000070000002800000098C218000797190001000000000000000000000A41220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000007F530000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeaux pack 19 - 6 au 12 mai\setup_clover@3.3.4.exe"=0x534143500100000000000000070000002800000000605D0030B55D0001000000000000000000010600010000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005B2A0000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeaux pack 19 - 6 au 12 mai\FileVoyager_Setup_17.4.7.0_Full.exe"=0x53414350010000000000000007000000280000001F21F3010000000001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CC210100000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeaux pack 19 - 6 au 12 mai\isoworkshop_7.5.exe"=0x534143500100000000000000070000002800000020713800F7FA380001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D6AA0000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\Encrypt4all Pro.exe"=0x53414350010000000000000007000000280000001E6710000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000002FAE0700000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\FolderViewer51-fb20so\Setup.exe"=0x534143500100000000000000070000002800000000AE2301B040240101000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000009C5F0500000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\flip-html5\flip-html5.exe"=0x5341435001000000000000000700000028000000C81F6C0691B86C0601000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000025DF0A00000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\FastHTMLChecker30-db72so\Setup.exe"=0x5341435001000000000000000700000028000000387F94014B11950101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E1AC0200000000000100000001000000
"C:\Program Files\Vuze\Azureus.exe"=0x534143500100000000000000070000002800000088C80600C95E070001000000000000000000030600010000E78E163C2AA0D201000000000000000002000000280000000000000000000000001000000000000000000000000000000266CB00000000000200000002000000
"C:\Program Files\Fast HTML Checker\fasthtmlchecker.exe"=0x534143500100000000000000070000002800000038AF4900E6E4490001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000001CC30100000000000100000001000000
"C:\Program Files (x86)\Ashampoo\Ashampoo StartUp Tuner 2\ASST.exe"=0x534143500100000000000000070000002800000060CF1B00DC2C1C0001000000000000000000000661220000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000001A5C0000000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 16 - free explorers\uncomsetup3.57(build1215).exe"=0x5341435001000000000000000700000028000000901EA301B066A30101000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DDEA0000000000000100000001000000
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe"=0x5341435001000000000000000700000028000000B04B03000D24040001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000800000400000000000000000000000000000000082148700000000000100000001000000
"K:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs ultra & 100% sécurisé finalis part f widen\ambiance kubuntu\SkinPack KDE.exe"=0x534143500100000000000000070000002800000002C4CB010000000001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000056A02B00000000000200000002000000
"SIGN.MEDIA=6CA43 DTVP30_Launcher.exe"=0x534143500100000000000000070000002800000050E911007F5C120001000000000000000000030671000000E63F486B2AA0D201000000000000000002000000280000000000000080000000000000000000000000000000000000007C852100000000000100000001000000
"C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x534143500100000000000000070000002800000060CA13000000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000AAD81100000000000100000001000000
"C:\Users\Jean-Marie\AppData\Roaming\Vuze Leap\Uninstall.exe"=0x534143500100000000000000070000002800000056430200AC80160001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000048570000000000000100000001000000
"C:\Program Files\Vuze\uninstall.exe"=0x5341435001000000000000000700000028000000C85F04000000000001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000065960300000000000100000001000000
"C:\Users\Jean-Marie\Desktop\quickdiag_3_05.05.17.1.exe"=0x5341435001000000000000000700000028000000005A2A00EDAE2A0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000004A680100000000000300000003000000
"C:\Program Files\DivX\NVODEUEV74SZJBUY8\7vYzPEJttA.exe"=0x534143500100000000000000070000002800000000CA09000000000001000000000000000000000AF5220000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000051900500000000000100000001000000
"C:\Users\Jean-Marie\AppData\Roaming\Interstatnogui\interstatnogui.exe"=0x5341435001000000000000000700000028000000589B2D0042422E0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000027D90400000000000100000001000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{2aa7797d-36ca-11e7-bcbd-4c72b9f956a2}] : "H:\DTVP30_Launcher.exe"      (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=0

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131377042204672739

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=0
"ProductType"=2
"InstallTime"=0xB08DE3ECB83CD201
"InstallLocation"=C:\Program Files\Windows Defender\
"ProductStatus"=0
"ManagedDefenderProductType"=0
"OOBEInstallTime"=0x8815AF61BDBED201
"DisableAntiVirus"=0
"LastEnabledTime"=0x87FFD367FDCAD201
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

127.0.0.1       localhost
::1             localhost
# End of entries inserted by Spybot - Search & Destroy
0.0.0.0	choice.microsoft.com
0.0.0.0	choice.microsoft.com.nstac.net
0.0.0.0	df.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com
0.0.0.0	oca.telemetry.microsoft.com.nsatc.net
0.0.0.0	redir.metaservices.microsoft.com
0.0.0.0	reports.wes.df.telemetry.microsoft.com
0.0.0.0	services.wes.df.telemetry.microsoft.com
0.0.0.0	settings-sandbox.data.microsoft.com
0.0.0.0	settings-win.data.microsoft.com
0.0.0.0	sqm.df.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com
0.0.0.0	sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0	telecommand.telemetry.microsoft.com
0.0.0.0	telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0	telemetry.appex.bing.net
0.0.0.0	telemetry.microsoft.com
0.0.0.0	telemetry.urs.microsoft.com
0.0.0.0	vortex-sandbox.data.microsoft.com
0.0.0.0	vortex-win.data.microsoft.com
0.0.0.0	vortex.data.microsoft.com
0.0.0.0	watson.telemetry.microsoft.com
[52] More lines

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.22.142] avec 32 octets de donn?es?:
R?ponse de 172.217.22.142?: octets=32 temps=38 ms TTL=54
R?ponse de 172.217.22.142?: octets=32 temps=37 ms TTL=54
R?ponse de 172.217.22.142?: octets=32 temps=37 ms TTL=54
R?ponse de 172.217.22.142?: octets=32 temps=37 ms TTL=54

Statistiques Ping pour 172.217.22.142:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 37ms, Maximum = 38ms, Moyenne = 37ms

---------- | @

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=no
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=
"OperationalData"=13
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3E0000003E0000005E030000BE020000
"ImageStoreRandomFolder"=81c6u2j
"Start Page Redirect Cache_TIMESTAMP"=0xC2855094BE3CD201
"Start Page Redirect Cache AcceptLangs"=fr-FR
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x57E6DD1D9FBED201
"IE10TourShown"=1
"IE10TourShownTime"=0x57E6DD1D9FBED201
"Start Page_TIMESTAMP"=0x52F082B660C3D201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000004A000000A4B3760FBF6712044D4591D46EF65F49C154E1E5B8F84B564CA03F10B23A372A8552BD748FB8A9C7AFFCD46C15430018401E584155A7E8842E4C7BACD73786DB04AB863644A04FE27E1302000000100000007663585725326233636639496F253364
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"NotifyDownloadComplete"=yes
"TabShutdownDelay"=0
"IE11EdgeNotifyTime"=0xBEDFC6D274C2D201
"EdgeReminderRemainingCount"=5
"Use FormSuggest"=no
"Default Download Directory"=C:\Users\Jean-Marie\Desktop
"NoUpdateCheck"=1
"Check_Associations"=no
"Isolation"=PMIL
"TabProcGrowth"=0
"DisableFirstRunCustomize"=1
"RunOnceHasShown"=1
"RunOnceComplete"=1

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0x57E6DD1D9FBED201
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"GlobalUserOffline"=0
"MaxConnectionsPerServer"=10
"MaxConnectionsPer1_0Server"=10

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Start Page"=
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1
"ProxyEnable"=0
"GlobalUserOffline"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1
"ProxyEnable"=0
"GlobalUserOffline"=0


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts





[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc]
"ProgID"=SNAP.DOC
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob]
"Application"=wmplayer.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm]
"Application"=wmplayer.exe








---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [23/04/2017 13:47:33]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [23/04/2017 13:47:33]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [23/04/2017 13:47:33]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncError] - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncInProgress] - {00F848DC-B1D4-4892-9C25-CAADC86A215D} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncOk] - {71573297-552E-46fc-BE3D-3DFAF88D47B7} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [18/03/2017 22:57:23]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [23/04/2017 13:47:33]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [23/04/2017 13:47:33]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [23/04/2017 13:47:33]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [28/04/2017 14:15:38]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [28/04/2017 14:15:38]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [28/04/2017 14:15:38]

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"KnownProvidersUpgradeTime"=0x57E6DD1D9FBED201   
"Version"=5   
"UpgradeTime"=0x57E6DD1D9FBED201   
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{BFD9D8A8-57FF-488A-B919-065EC77CF82F}"=0x00   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []

---------- | SearchScopes

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : 

---------- | ElevationPolicy

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575}] - (C:\Program Files (x86)\Foxit Software\Foxit Reader\) - FoxitReader.exe : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\FoxitReaderBrowserAx.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\5.1.50906.0\) - Silverlight.Configuration.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\5.1.50906.0\) - agcp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29907af0-44fd-4598-9b66-c21a735d1a53}] - (C:\WINDOWS\system32\spool\DRIVERS\x64\3) - E_IPRELPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ab87659-1d5b-47cc-83a1-6e1e3df9007a}] - (C:\WINDOWS\system32\spool\DRIVERS\x64\3) - E_IARNLPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B477573-B0C2-4C66-AA40-2890F74B2408}] - (C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - NativeMessagingEXE.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}] - (C:\Program Files\Microsoft Office\root\Office16\) - onenote.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\root\Office16\) - NAMECONTROLSERVER.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99555a39-07ca-4d86-97a4-749be42f4d1b}] - (C:\WINDOWS\system32\spool\DRIVERS\x64\3) - E_IPRELPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8E307D0-1522-495E-A8A7-BA1441ECF670}] - (C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - FXC_ProxyProcess.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC155DD0-14EE-4F26-86AA-F974045CFE55}] - (C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator) - FXC_ProxyProcess.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce8abfb5-ed46-41ab-81e1-61b0b4903c0f}] - (C:\WINDOWS\system32\spool\DRIVERS\x64\3) - E_IARNLPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88}] - (C:\Program Files (x86)\DivX\DivX OVS Helper) - OVSHelperBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}] - (C:\Program Files\Microsoft Office\root\Office16\) - IEContentService.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E62A7A31-6025-408E-87F6-81AEB0DC9347}] - (C:\WINDOWS\system32\) - vsjitdebugger.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\) - Silverlight.Configuration.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\) - agcp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B477573-B0C2-4C66-AA40-2890F74B2408}] - (C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - NativeMessagingEXE.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}] - (C:\Program Files\Microsoft Office\root\Office16\) - onenote.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\root\Office16\) - NAMECONTROLSERVER.EXE : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8E307D0-1522-495E-A8A7-BA1441ECF670}] - (C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - FXC_ProxyProcess.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC155DD0-14EE-4F26-86AA-F974045CFE55}] - (C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Creator) - FXC_ProxyProcess.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] - (C:\Program Files (x86)\Google\Update\1.3.33.5) - GoogleUpdateBroker.exe : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] - (C:\Program Files (x86)\Google\Update\1.3.33.5) - GoogleUpdateWebPlugin.exe : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88}] - (C:\Program Files (x86)\DivX\DivX OVS Helper) - OVSHelperBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}] - (C:\Program Files\Microsoft Office\root\Office16\) - IEContentService.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E62A7A31-6025-408E-87F6-81AEB0DC9347}] - (C:\WINDOWS\system32\) - vsjitdebugger.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] :  : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] :  : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFD9D8A8-57FF-488A-B919-065EC77CF82F}] :  : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] :  : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx

---------- | Ext\Stats

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] :  : C:\Windows\SysWOW64\mshtml.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] :  : C:\skinpack\OldNewExplorer32.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}] :  : %SystemRoot%\system32\wmp.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] :  : C:\Windows\SysWOW64\ieframe.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] :  : 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEAF541-F3E1-4C24-ACAC-99C30715084A}] :  : c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] :  : %SystemRoot%\System32\msxml3.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] :  : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] :  : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] -> () : C:\skinpack\OldNewExplorer32.dll  [27/04/2017 14:29:20]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] -> () : C:\skinpack\OldNewExplorer32.dll  [27/04/2017 14:29:20]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll  [28/04/2017 14:15:42]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] -> (Foxit PhantomPDF Create PDF ToolBar Helper) : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll  [31/03/2017 16:40:26]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL  [28/04/2017 14:15:38]

---------- | Chrome

C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  :     Create share and access your Google Docs from anywhere. -     Docs - http://clients2.google.com/service/update2/crx
C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/ - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx
C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci]

---------- | Opera


---------- | Firefox


[HKLM\Software\mozilla\Firefox\Extensions]
"FFExtnHTML2PDF@foxitsoftware.com"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"FFExtnHTML2PDF@foxitsoftware.com"=C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
[HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] - (DivX VOD Helper Plug-in) : C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{99d2a21a-f04d-4ce6-af1a-ed86024bbe07}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f082584a-8909-4bb8-81f4-a55b0715a133}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{99d2a21a-f04d-4ce6-af1a-ed86024bbe07}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f082584a-8909-4bb8-81f4-a55b0715a133}]
"DhcpNameServer"=192.168.1.1 192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - () - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E087BCD1-F9A5-32C2-811C-5811D0694333}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CA8D3B25-8CCF-32BC-BDF5-3C8E3AB24681}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\devenv.exe] : "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\palemoon.exe] : "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1"
[HKLM\SOFTWARE\Classes\Applications\PhotoEditor.exe] : C:\Program Files (x86)\InPixio\InPixio Photo Editor\PhotoEditor.exe "%1"
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\uer.exe] : "C:\Users\Jean-Marie\AppData\Local\CompuClever\Ultra eBook Reader\uer.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ufo.exe] : "C:\Users\Jean-Marie\AppData\Local\CompuClever\Ultra File Opener\ufo.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\devenv.exe] : "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\palemoon.exe] : "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PhotoEditor.exe] : C:\Program Files (x86)\InPixio\InPixio Photo Editor\PhotoEditor.exe "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\uer.exe] : "C:\Users\Jean-Marie\AppData\Local\CompuClever\Ultra eBook Reader\uer.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ufo.exe] : "C:\Users\Jean-Marie\AppData\Local\CompuClever\Ultra File Opener\ufo.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: Local Service Credential UI Broker - AppID: {00944ad3-b2ad-4bcf-9202-59bf4662d521}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: Microsoft SQL Server Replication Remote Merge Agent 11.0 - AppID: {042A4340-A4D7-44DD-A22E-93278FB52475}
Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B}
Name: GSService - AppID: {0547389D-9569-41f6-B844-4829FC8001BB}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: SwapAPODll - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: RuntimeBroker - AppID: {15c20b67-12e7-4bb6-92bb-7aff07997402}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A}
Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: Disc soft DT Lite bus service - AppID: {1CA3841D-15B5-4C70-9751-7A87730A1BE9}
Name: Disc soft DT Pro bus service - AppID: {1E9D16CB-FF03-481F-ABE2-F406C2808FE2}
Name: MyEpson Portal Service - AppID: {1EA8AE6B-3E49-4C56-B4F6-91BC83604BEB}
Name: TIManagersProxy Class Application - AppID: {1EF75F33-893B-4E8F-9655-C3D602BA4897}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: UACObject - AppID: {1F9BF350-B68F-4DCA-8B87-707E26DC7390}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: Dispatch - AppID: {224FC5DE-26AD-4A47-A2C3-5A50885F314C}
Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97}
Name: Experimentation Broker - AppID: {2568BFC5-CDBE-4585-B8AE-C403A2A5B84A}
Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: InstallAgentUserBroker - AppID: {28d08f70-46eb-4f26-a6cb-54b75132e100}
Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: UACObject - AppID: {2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1}
Name: TeamViewer Service - AppID: {2B433F44-5456-42FF-8CBD-54E8176ECD01}
Name: player - AppID: {2B67B4B3-A0E4-4839-83FD-1C2B4ACF32A1}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: DTS Package Host (32-bit) - AppID: {2CB1C2AA-A8EA-41CD-B439-25F4F4C846A9}
Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37}
Name: ConvertToPDFShellExtension - AppID: {2EAE6086-084B-4C42-B2CA-B30549B3D047}
Name: Windows Security Health Service - AppID: {2EB6D15C-5239-41CF-82FB-353D20B816CF}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B}
Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F}
Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90}
Name: CoreDpusSvr - AppID: {36234D6F-D9B8-404B-91C9-736BD2EE3040}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: Microsoft SQL Server Replication Logreader Agent 11.0 - AppID: {368C2E48-7E89-4970-94C9-6757E96C49AF}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Security Health Agent Activate As Activator Host - AppID: {37096FBE-2F09-4FF6-8507-C6E4E1179893}
Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: Microsoft.VisualStudio.ProductKeyDialog - AppID: {3DC42F2C-AD30-461E-B877-11C917E8FE20}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: VideoShower - AppID: {3EEAD8BF-4B43-454B-A047-300EE661CAEB}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: NaturalAuthentication - AppID: {412E0F20-6C5B-43EC-879F-DA444A416EAC}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}
Name: VSPerfControl - AppID: {42F36251-2EB6-4026-88A0-3A4A0B508046}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: PIFUAC - AppID: {45CB30B1-B453-488a-9E8F-CE3C2ABFAAA7}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: IndexedDbCacheServer - AppID: {49f6e667-6658-4bd1-9de9-6af87f9faf85}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: CSISYNCCLIENT.EXE - AppID: {4B417484-ABFF-4C70-8C2F-5A729026263C}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: AszBrowseHelper - AppID: {4D0EF64C-71D3-4A05-93B1-8EC58AE8D6D9}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: DTS Task Host (32-bit) - AppID: {4D3E4495-4A1C-4AB6-BFCB-E4056EB546D0}
Name: Dispatch - AppID: {4D5F23BB-D55A-4961-9BC0-3FE728E15D9D}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Visual Studio Just-In-Time Debugger (Internal) - AppID: {534E4CF4-3249-4842-8D65-A9BEAE0BBEAC}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: Docking.VirtualInput Create Object Server - AppID: {5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}
Name: videoDownloader - AppID: {5AAF474D-1853-47BD-BFED-05252719B7BB}
Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6}
Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6}
Name: Microsoft Visual Studio 2015 - AppID: {67E88D46-FF81-4E57-8C5E-F270A4F9EA1A}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: PDFPreviewHandlerHost - AppID: {6B127CFD-C642-4338-BC8C-472DF61E5A14}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D}
Name: AutoItX3 - AppID: {6E8109C4-F369-415D-AF9A-2AEEFF313234}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: SEMgrSvc - AppID: {6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23}
Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: CLMLSvc_P2G11 - AppID: {79454E97-52CD-4517-B6A1-43A1D3C5FDAC}
Name: Dispatch - AppID: {7953C53B-4031-43ca-9AE7-033F565EFD5F}
Name: WebPlatStorageBrokerServer - AppID: {7966b4d8-4fdc-4126-a10b-39a3209ad251}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: Security Health Agent Interactive User Host - AppID: {7E55A26D-EF95-4A45-9F55-21E52ADF9887}
Name: Battery Notification Manager - AppID: {7EAD5C10-8B3F-11E6-AE22-56B6B6499611}
Name: Dispatch - AppID: {7EB545FB-872B-4286-B4E2-96B3A64EEC57}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: RecuvaShell - AppID: {80109467-DE5A-42A1-9445-7E3952C80B6E}
Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: TeamViewer Application - AppID: {850A928D-5456-4865-BBE5-42635F1EBCA1}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: Microsoft Visual Studio - AppID: {8CD2DD97-4EC1-4bc4-9359-89A3EEDD57A6}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2}
Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: Microsoft.Windows.Simulator.UtilitiesElevated AppID - AppID: {907FF85D-B346-40F6-94D8-10D908817647}
Name: UACObject - AppID: {90B553F3-415D-44D8-8665-C2F78763F8F1}
Name: SQLTaskConnections - AppID: {91A708A7-D12F-4B03-B8D0-DDE814119454}
Name: WindowsSimulatorServiceFactory - AppID: {91F0793A-CD98-4304-BCA2-654A2786F328}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
Name: UiaManager - AppID: {94a38670-983b-459c-87c8-bb6ad617fd74}
Name: WebPlatformStorageServer - AppID: {973d20d7-562d-44b9-b70b-5a0f49ccdf3f}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE}
Name: Microsoft SQL Server Replication Remote Dist Agent 11.0 - AppID: {99434DAB-0F08-4F30-8CCF-B3E80296C907}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: chext - AppID: {9D4C4C5F-EE90-4a6b-9245-244C369E4FAE}
Name: MalwareHunterContextHandler - AppID: {9D8C0710-8D32-4A42-84E5-210927BC6CB0}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: ContextHandler - AppID: {A805009D-B902-439A-8E64-26EE3507A12E}
Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A}
Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: PaymentsSvc - AppID: {AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}
Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E}
Name: RichVideo64 - AppID: {B58B304A-D419-4c50-BE1F-6F6CD234B7EF}
Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA}
Name: EASendMailObj - AppID: {B68B03DD-C8C4-49A6-9ACD-D427E9325754}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755}
Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287}
Name: VideoFileToIPOD - AppID: {BA3B76C9-61F7-4419-9F79-A9E3717EFE22}
Name: CloudSer - AppID: {BABD83F8-E723-4D8F-B5D1-B03E1F1108F5}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41}
Name: FoxitPrevHndlr - AppID: {BD5BDF7D-9849-4FEF-AC02-28EE2E7C7C46}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: OVSHelper - AppID: {BFEDD1F7-641C-4D64-9A6A-481A5E6BEC4F}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF}
Name: Spectrum - AppID: {C0E1CE99-C981-44A2-AC4C-41036FAC6593}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412}
Name: RetailCoreSystemAgent Service - AppID: {C2EA2356-994C-45AF-BDAE-10796F73BC47}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497}
Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}
Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5}
Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
Name: ConvertToPDFShellExtension_RD - AppID: {C88D8F9A-04DA-4008-B535-375F38366DDA}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad}
Name: EPTBL - AppID: {CACC252F-95A7-4741-BBE8-FB1F18C2826F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: UACObject - AppID: {CB43451C-E132-4866-B714-435253C98BBA}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Microsoft SQL Server Replication Distribution Agent 11.0 - AppID: {D41192E9-AB13-4A23-AB3B-A5FED98306DB}
Name: URLReqService - AppID: {D4859CE9-3B25-4235-8973-A74F5D9A04F2}
Name: DVSiTunes - AppID: {D5FEAED3-3444-4CEA-9940-A972FB6726F1}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: sfFTPLib - AppID: {D6625767-E42E-491C-A919-9A71641572A4}
Name: UACObject - AppID: {D8239E84-D6EC-41dc-B7EA-98CDBF472200}
Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: IndexedDbBrokerServer - AppID: {dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}
Name: Microsoft Volumetric Audio Compositor - AppID: {DD7B2C49-A779-4055-BBD5-7C96F502F97F}
Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: EAGetMailObj - AppID: {DE73C9C2-1C57-4306-99B9-CBFF7A423DA6}
Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
Name: FoxitThumbnailHndlr - AppID: {E1084781-9CA9-42EF-AC67-140D37CCD97E}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: Visual Studio Just-In-Time Debugger - AppID: {E62A7A31-6025-408E-87F6-81AEB0DC9347}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}
Name: Exchange Active Sync Policy Manager Broker - AppID: {E9DD849F-B3CF-4614-94BB-CB2696BD34FB}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: MassDownloader - AppID: {EC44F4D7-22E1-45EB-913A-3AB67DA2C5C6}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: MixedRealityCapture - AppID: {EE3C7093-A852-49BA-8AC8-7DFBEC469F72}
Name: RichVideo - AppID: {EEDE56D6-82E5-4B98-B99E-D4339825E216}
Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09}
Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: MyPrivilegedObject - AppID: {F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9}
Name: UACObject - AppID: {F632543F-3A79-4cc9-AACD-07036DF9FFCD}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Microsoft SQL Server Replication Queuereader Agent 11.0 - AppID: {FD737704-43CB-4791-B4DB-EE8CDBC64450}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: Microsoft SQL Server Replication Merge Agent 11.0 - AppID: {FDF7E044-456E-46C5-A396-807479AAFB4D}
Name: DefenderShellExt - AppID: {FF2EA936-C1E1-428D-9572-F4285AFC4F48}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-3-3215430884-1339816292-89257616-1145831019"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1F9BF350-B68F-4DCA-8B87-707E26DC7390}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F9BF350-B68F-4DCA-8B87-707E26DC7390}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-2781"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2A39E11E-7FDE-45b1-99C6-B9E557D3ABA1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{2B433F44-5456-42FF-8CBD-54E8176ECD01}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3DC42F2C-AD30-461E-B877-11C917E8FE20}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3DC42F2C-AD30-461E-B877-11C917E8FE20}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-1"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-2"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-3"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D5F23BB-D55A-4961-9BC0-3FE728E15D9D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D5F23BB-D55A-4961-9BC0-3FE728E15D9D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{534E4CF4-3249-4842-8D65-A9BEAE0BBEAC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{534E4CF4-3249-4842-8D65-A9BEAE0BBEAC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{67E88D46-FF81-4E57-8C5E-F270A4F9EA1A}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{67E88D46-FF81-4E57-8C5E-F270A4F9EA1A}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7953C53B-4031-43ca-9AE7-033F565EFD5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7953C53B-4031-43ca-9AE7-033F565EFD5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{7EB545FB-872B-4286-B4E2-96B3A64EEC57}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7EB545FB-872B-4286-B4E2-96B3A64EEC57}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{874E03B4-29BD-4628-A0F6-78B8B011ADA9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{874E03B4-29BD-4628-A0F6-78B8B011ADA9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{874E03B4-29BD-4628-A0F6-78B8B011ADA9}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{874E03B4-29BD-4628-A0F6-78B8B011ADA9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-80-4155767994-3874329934-3800885181-2130851812-726865888"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{90B553F3-415D-44D8-8665-C2F78763F8F1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{90B553F3-415D-44D8-8665-C2F78763F8F1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-3859068477-1314311106-1651661491-1685393560"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-3-1024-2922296261-1647482768-2017091146-3858667068-4135663662-2931985894-1627820925-818366431"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CB43451C-E132-4866-B714-435253C98BBA}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CB43451C-E132-4866-B714-435253C98BBA}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8239E84-D6EC-41dc-B7EA-98CDBF472200}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D8239E84-D6EC-41dc-B7EA-98CDBF472200}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538"
Win32_DCOMApplication.AppID="{E62A7A31-6025-408E-87F6-81AEB0DC9347}" - Win32_SID.SID="S-1-2-0"
Win32_DCOMApplication.AppID="{E62A7A31-6025-408E-87F6-81AEB0DC9347}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E62A7A31-6025-408E-87F6-81AEB0DC9347}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E62A7A31-6025-408E-87F6-81AEB0DC9347}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{E62A7A31-6025-408E-87F6-81AEB0DC9347}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EE3C7093-A852-49BA-8AC8-7DFBEC469F72}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EE3C7093-A852-49BA-8AC8-7DFBEC469F72}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-5-7"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F632543F-3A79-4cc9-AACD-07036DF9FFCD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F632543F-3A79-4cc9-AACD-07036DF9FFCD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-1"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-2"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-3"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameServer
"DevicesFlow"=DevicesFlowUserSvc
"smbsvcs"=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)

TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\2BrightSparks]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\A-PDF]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Acronis]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Admin Arsenal]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Aiseesoft Studio]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\AnyMedia Player]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\AppDataLow]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Ashampoo]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ASProtect]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ATI]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\AutoIt v3]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Avanquest]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\BugSplat]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\CamStudioOpenSource for Nick]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Caphyon]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ChemTable Software]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Chromium]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Chromium-BackupByVivaldiPortable]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\CineForm]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Clients]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Code Sector]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Corel]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\CyberGhost]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\CyberLink]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Disc Soft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\DivX]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\DivXNetworks]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\EaseUS]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ej-technologies]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Encrypt4allSoftware]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\EPSON]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\EPSON Software Updater]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\FileHippo.com]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\FlipBuilder]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Foxit Software]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Gabest]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\giveawayoftheday.com]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\GlarySoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\GNU]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Google]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Haali]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\HissenITMasterdata]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Informer Technologies, Inc.]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Innovative Solutions]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Interstatnogui]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\IrisTech]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\iSkysoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\JavaSoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\KillSoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Lake]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Laplink]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\LAV]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Leadertech]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Licenses]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\LogiShrd]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Logitech]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\LopeSoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\macrium]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\madFlac]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Magnet]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Malwarebytes]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\MediaInfo]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\MONOGRAM]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Mozilla]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\MPC-HC]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\msaver]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Netscape]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\NetVoyage]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\NewBlue]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Nico Mak Computing]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Obsidium]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\One System Care]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Online Video Recorder]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Ordinarysoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\OSTotoSoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Panda Security]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Paramount Software (UK) Ltd.]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\PCurVersion]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Perigee Software]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Piriform]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Policies]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Printers]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\proDAD]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\QtProject]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Rebit]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Remo Software]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Safer Networking Limited]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Sanwhole]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\SEIKO EPSON CORPORATION]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\SGSolution]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\SharewareOnSale]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Simply Super Software]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\softorbits]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Softvoile]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\StackDocklet]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\StartIsBack]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\SyncEngines]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Syncios]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\sysinternals]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\System Healer]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\TAdvCheckList]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\TeamViewer]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\techPowerUp]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\TechSmith]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Tihiy]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\TiushkovNikolay]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Trolltech]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Ultracopier]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\undefined]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\UsbFix]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\UsbFix Standard]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Viv]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Vivaldi]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\VOS]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\WajIEnhance]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\WinRAR]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\WixSharp]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Wondershare]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\WSVCUPlugin]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Xilisoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\xplorer2l]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ZabaraKatranemia Plc]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Zemana]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\ZHP]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\{98132F81-18BE-4722-8B1D-0A25D9AE3DA0}]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\AppDataLow\Software\AppTrailers]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Acronis]
[HKLM\Software\Admin Arsenal]
[HKLM\Software\AdsFix]
[HKLM\Software\AMD]
[HKLM\Software\Ashampoo]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVC3]
[HKLM\Software\Bitdefender]
[HKLM\Software\Clients]
[HKLM\Software\Code Sector]
[HKLM\Software\CodeGear]
[HKLM\Software\CyberGhost]
[HKLM\Software\CyberLink]
[HKLM\Software\Disc Soft]
[HKLM\Software\DivX]
[HKLM\Software\ej-technologies]
[HKLM\Software\EPSON]
[HKLM\Software\Foxit Software]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\GridinSoft]
[HKLM\Software\HaaliMkx]
[HKLM\Software\HDWallpaper]
[HKLM\Software\Ignis]
[HKLM\Software\Intel]
[HKLM\Software\Interwoven]
[HKLM\Software\jam software]
[HKLM\Software\JavaSoft]
[HKLM\Software\KeyCryptSDK]
[HKLM\Software\Khronos]
[HKLM\Software\Lavasoft]
[HKLM\Software\Logitech]
[HKLM\Software\Macrium]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\MozillaPlugins-BackupByVivaldiPortable]
[HKLM\Software\MSNSett]
[HKLM\Software\NewBlue]
[HKLM\Software\NSIS.Library.RegTool.v3]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Ordinarysoft]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Printers]
[HKLM\Software\proDAD]
[HKLM\Software\QEMU]
[HKLM\Software\QWR2YW5jZWRwY2NhcmUubmV0]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Remo Software]
[HKLM\Software\Seed4.Me VPN]
[HKLM\Software\Shadow Defender]
[HKLM\Software\Soci2Sear Browser Enhancer]
[HKLM\Software\sysinternals]
[HKLM\Software\TAP-Windows]
[HKLM\Software\WinRAR]
[HKLM\Software\Wondershare]
[HKLM\Software\WOW6432Node]
[HKLM\Software\xplorer2p64_u]
[HKLM\Software\zabkat]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\2BrightSparks]
[HKLM\Software\WOW6432Node\Acronis]
[HKLM\Software\WOW6432Node\Admin Arsenal]
[HKLM\Software\WOW6432Node\Amazing-Share]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\AnyMedia Player]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ArcSoft]
[HKLM\Software\WOW6432Node\Ashampoo]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\AutoIt v3]
[HKLM\Software\WOW6432Node\Avanquest]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Codec Tweak Tool]
[HKLM\Software\WOW6432Node\CyberGhost]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\Cygnus Solutions]
[HKLM\Software\WOW6432Node\DebugMode]
[HKLM\Software\WOW6432Node\DigitalWave]
[HKLM\Software\WOW6432Node\DivXNetworks]
[HKLM\Software\WOW6432Node\EaseUS]
[HKLM\Software\WOW6432Node\EaseUS Todo Backup]
[HKLM\Software\WOW6432Node\EPSON]
[HKLM\Software\WOW6432Node\Flip HTML5]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\FreeFileSync]
[HKLM\Software\WOW6432Node\g3n-h@ckm@n]
[HKLM\Software\WOW6432Node\Gabest]
[HKLM\Software\WOW6432Node\GlarySoft]
[HKLM\Software\WOW6432Node\GNU]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\HaaliMkx]
[HKLM\Software\WOW6432Node\Hummingbird]
[HKLM\Software\WOW6432Node\Innovative Solutions]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\InterVideo]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\iSkysoft]
[HKLM\Software\WOW6432Node\iSkysoftSysMenuDATA]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\KillSoft]
[HKLM\Software\WOW6432Node\KLCodecPack]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Laplink]
[HKLM\Software\WOW6432Node\Licenses]
[HKLM\Software\WOW6432Node\logishrd]
[HKLM\Software\WOW6432Node\Logitech]
[HKLM\Software\WOW6432Node\macrium]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Microsoft Corporation]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\muCommander]
[HKLM\Software\WOW6432Node\NewBlue]
[HKLM\Software\WOW6432Node\Nico Mak Computing]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NuGet]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OldTimer Tools]
[HKLM\Software\WOW6432Node\Online Video Recorder]
[HKLM\Software\WOW6432Node\OSTotoSoft]
[HKLM\Software\WOW6432Node\OtherSearch]
[HKLM\Software\WOW6432Node\Panda Security]
[HKLM\Software\WOW6432Node\Piriform]
[HKLM\Software\WOW6432Node\PowerProducer_Upgrade]
[HKLM\Software\WOW6432Node\PreEmptive Solutions]
[HKLM\Software\WOW6432Node\proDAD]
[HKLM\Software\WOW6432Node\Remo Software]
[HKLM\Software\WOW6432Node\Runtime Software]
[HKLM\Software\WOW6432Node\SecurityXploded]
[HKLM\Software\WOW6432Node\Seiko Epson Corporation]
[HKLM\Software\WOW6432Node\Simply Super Software]
[HKLM\Software\WOW6432Node\Soci2Sear Browser Enhancer]
[HKLM\Software\WOW6432Node\Spearit]
[HKLM\Software\WOW6432Node\Speed Install]
[HKLM\Software\WOW6432Node\Syncios]
[HKLM\Software\WOW6432Node\sysinternals]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\TechSmith]
[HKLM\Software\WOW6432Node\trolCommander]
[HKLM\Software\WOW6432Node\Ultra eBook Reader]
[HKLM\Software\WOW6432Node\Ultra File Opener]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WafCX]
[HKLM\Software\WOW6432Node\Wondershare]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Xilisoft]
[HKLM\Software\WOW6432Node\Zemana]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Security Center]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | FeatureControl

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"CyberGhost.exe"="1"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"CyberGhost.exe"="0"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"burningstudio2017.exe"="11001"
"softinfo.exe"="11000"
"CyberGhost.exe"="0"
"Trial.exe"="8888"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801]
"ashsnap.exe"="1"
"burningstudio2017.exe"="1"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
"ashsnap.exe"="1"
"burningstudio2017.exe"="1"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS]
"CyberGhost.exe"="1"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION]
"CyberGhost.exe"="1"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
"CyberGhost.exe"="1"
"ashsnap.exe"="1"
"burningstudio2017.exe"="1"
"softinfo.exe"="0"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"CyberGhost.exe"="0"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"ashsnap.exe"="10"
"burningstudio2017.exe"="10"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"ashsnap.exe"="10"
"burningstudio2017.exe"="10"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE]
"CyberGhost.exe"="0"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"ashsnap.exe"="1"
"burningstudio2017.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"winzip64.exe"="8000"
"sllauncher.exe"="8000"
"Filmora.exe"="9999"
"ColorDirector.exe"="9000"
"AudioDirector.exe"="9000"
"PDR.exe"="8000"
"softinfo.exe"="11000"
"CCleaner64.exe"="11001"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
"sllauncher.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
"softinfo.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BFCACHE]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION]
"devenv.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"Power2Go.exe"="8000"
"WebAuthBroker.exe"="10000"
"sllauncher.exe"="8000"
"MediaShow6.exe"="11000"
"PowerDVD.exe"="8000"
"FoxitReader.exe"="11000"
"AcqWeb.exe"="11001"
"FoxitPhantomPDF.exe"="11000"
"Syncios.exe"="10001"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
"devenv.exe"="0"
"sllauncher.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IFRAME_MAILTO_THRESHOLD]
"devenv.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"devenv.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"devenv.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"devenv.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
"devenv.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
"devenv.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"

---------- | The Created last ones ? Modified

[MD5.00000000000000000000000000000000] - [12/05/2017 04:38:34] - |D| - [280025586] - C:\Program Files (x86)\Acronis
[MD5.00000000000000000000000000000000] - [05/05/2017 13:28:37] - |D| - [50551896] - C:\Program Files (x86)\Admin Arsenal
[MD5.00000000000000000000000000000000] - [05/05/2017 12:41:19] - |D| - [227104879] - C:\Program Files (x86)\Anvsoft
[MD5.00000000000000000000000000000000] - [12/05/2017 07:08:39] - |D| - [118053460] - C:\Program Files (x86)\FileVoyager
[MD5.00000000000000000000000000000000] - [12/05/2017 07:17:09] - |D| - [319852949] - C:\Program Files (x86)\Flip HTML5
[MD5.00000000000000000000000000000000] - [12/05/2017 07:16:25] - |D| - [66508465] - C:\Program Files (x86)\FolderViewer
[MD5.00000000000000000000000000000000] - [04/05/2017 18:05:51] - |D| - [938781689] - C:\Program Files (x86)\Foxit Software
[MD5.00000000000000000000000000000000] - [12/05/2017 07:09:22] - |D| - [9090356] - C:\Program Files (x86)\Glorylogic
[MD5.00000000000000000000000000000000] - [12/05/2017 12:33:04] - |D| - [8655629] - C:\Program Files (x86)\HDWallPaper
[MD5.00000000000000000000000000000000] - [04/05/2017 11:07:35] - |D| - [160193397] - C:\Program Files (x86)\HissenITMasterdata
[MD5.00000000000000000000000000000000] - [02/05/2017 13:22:02] - |D| - [142475515] - C:\Program Files (x86)\InPixio
[MD5.00000000000000000000000000000000] - [01/05/2017 17:03:11] - |AD| - [49459832] - C:\Program Files (x86)\K-Lite Codec Pack
[MD5.00000000000000000000000000000000] - [01/05/2017 21:57:45] - |D| - [4763746] - C:\Program Files (x86)\Majorgeeks.com
[MD5.00000000000000000000000000000000] - [02/05/2017 17:37:54] - |AD| - [91566481] - C:\Program Files (x86)\MiniCopier
[MD5.00000000000000000000000000000000] - [05/05/2017 13:27:52] - |D| - [11412989] - C:\Program Files (x86)\muCommander
[MD5.00000000000000000000000000000000] - [12/05/2017 11:37:15] - |D| - [6742376] - C:\Program Files (x86)\mvJ8xTlUNS
[MD5.00000000000000000000000000000000] - [12/05/2017 12:33:46] - |D| - [9506146] - C:\Program Files (x86)\OneSystemCare
[MD5.00000000000000000000000000000000] - [05/05/2017 12:29:50] - |D| - [24456071] - C:\Program Files (x86)\proDAD
[MD5.00000000000000000000000000000000] - [05/05/2017 13:23:46] - |D| - [42321338] - C:\Program Files (x86)\Remo File Eraser 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 13:23:34] - |D| - [28697938] - C:\Program Files (x86)\Remo Privacy Cleaner
[MD5.00000000000000000000000000000000] - [12/05/2017 11:30:49] - |D| - [8603829] - C:\Program Files (x86)\RGyIkQB2O4
[MD5.00000000000000000000000000000000] - [12/05/2017 12:51:30] - |D| - [505707] - C:\Program Files (x86)\SEAF
[MD5.00000000000000000000000000000000] - [12/05/2017 12:35:37] - |D| - [8603829] - C:\Program Files (x86)\SeJjmGy6xJ
[MD5.00000000000000000000000000000000] - [12/05/2017 12:33:19] - |D| - [7746616] - C:\Program Files (x86)\SystemHealer
[MD5.00000000000000000000000000000000] - [05/05/2017 13:26:49] - |D| - [36830654] - C:\Program Files (x86)\trolCommander
[MD5.00000000000000000000000000000000] - [02/05/2017 17:37:09] - |D| - [14769381] - C:\Program Files (x86)\WinMend
[MD5.00000000000000000000000000000000] - [01/05/2017 22:10:23] - |AD| - [8547622] - C:\Program Files (x86)\XYplorerFree
[MD5.6C244522DB056F533F7595D47E17A103] - [10/05/2017 16:09:24] - |A| - [1249792] - C:\WINDOWS\aead19358f7df24ddb2ea25477c1ac3c.exe
[MD5.8B138ED363128BFF2C2E1E7FEA9793B4] - [01/05/2017 17:03:34] - |A| - [38] - C:\WINDOWS\avisplitter.ini
[MD5.00000000000000000000000000000000] - [05/05/2017 13:28:07] - |D| - [76365824] - C:\WINDOWS\Downloaded Installations
[MD5.F022E65DD130CB007AE4E0115BA8ACE1] - [02/05/2017 14:42:04] - |A| - [639868532] - C:\WINDOWS\MEMORY.DMP
[MD5.00000000000000000000000000000000] - [02/05/2017 14:42:10] - |D| - [2137412] - C:\WINDOWS\Minidump
[MD5.032483C3515CBC4FD7CB8D3427A927AF] - [02/05/2017 09:41:53] - |A| - [386088] - C:\WINDOWS\PFRO.log
[MD5.7CE3FB6E3BFBD7E49ABCA28EAD35459C] - [02/05/2017 09:57:18] - |A| - [6224] - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/05/2017 09:57:18] - |A| - [0] - C:\WINDOWS\setuperr.log
[MD5.4CCA7CD0B3E890F743B3DEC113581406] - [10/05/2017 16:09:24] - |A| - [51628] - C:\WINDOWS\uninstaller.dat
[MD5.C359BEE82D7DAA2D8D9759A2841A1C82] - [05/05/2017 12:59:06] - |A| - [12146] - C:\WINDOWS\W7Patcher_x64_Uninstall.log
[MD5.038356387332650843BCB352BB89A101] - [02/05/2017 09:42:28] - |A| - [275] - C:\WINDOWS\WindowsUpdate.log
[MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 13:17:42] - |A| - [36] - C:\WINDOWS\xlkfs.log
[MD5.5ACF52CA9954686443AC53099E5008A4] - [05/05/2017 13:28:08] - |A| - [40435712] - C:\WINDOWS\Installer\138ded.msi
[MD5.9DA712DEE05E779AA9443EE4800A6703] - [05/05/2017 13:29:15] - |A| - [35930112] - C:\WINDOWS\Installer\138df0.msi
[MD5.C183AC1AC5C184C326256170E6401F5A] - [04/05/2017 19:35:15] - |A| - [315478016] - C:\WINDOWS\Installer\1c27b35.msi
[MD5.8AA99A882CE7500CC9723E45EC44ADD2] - [04/05/2017 20:42:05] - |A| - [4444160] - C:\WINDOWS\Installer\218d823.msi
[MD5.7BA30BB7E15475F6027E86E86EA973CE] - [04/05/2017 20:41:00] - |A| - [3354624] - C:\WINDOWS\Installer\218d826.msi
[MD5.0EA1BEC4A29DD4C5A387C96CB2B6B7E9] - [12/05/2017 04:37:34] - |A| - [389709824] - C:\WINDOWS\Installer\2fc091.msi
[MD5.688EE095876693BEF78A15E379CF6FBB] - [12/05/2017 07:11:33] - |A| - [438272] - C:\WINDOWS\Installer\3244f7.msi
[MD5.3A2137454EB79200DD1E67ED6FD19BE7] - [01/05/2017 13:50:47] - |A| - [44052480] - C:\WINDOWS\Installer\3e481c0.msi
[MD5.3A2137454EB79200DD1E67ED6FD19BE7] - [01/05/2017 13:50:46] - |A| - [44052480] - C:\WINDOWS\Installer\reflect_setupv6.3.1745-x64-00.msi
[MD5.10D6C13E6AAD1E893A177CA1EAF7807D] - [04/05/2017 21:10:24] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2450591F-9CC5-4E4D-B650-F3FCD6D3F16F}
[MD5.FE859BEC89027BEC1A1C3CBA28CCDC43] - [12/05/2017 07:14:07] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2B75557A-B66B-4C26-8AFD-F1B752C1D4CB}
[MD5.7ECCDADF70D320D6D352E0E5708193A6] - [04/05/2017 21:12:27] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{46E9BE31-70DC-4797-A24B-CB7FF0BB68BB}
[MD5.39D62ABF8ABF0F5638F736A4EF3B3E5A] - [01/05/2017 13:52:39] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{595B8A7B-253D-4A4E-95C2-A823EDDD5496}
[MD5.B84215FF4A719A4EF2B5E2F209739780] - [05/05/2017 13:28:22] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}
[MD5.4F6478C50A591FE5FD9535AD7C98864B] - [04/05/2017 11:00:03] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{600C936B-7684-42F0-9FBF-04726F3D45E2}
[MD5.0BCB04BCE70AF939CFB57A189451CA7D] - [04/05/2017 19:35:33] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7BA87AB0-2055-11E7-8E16-000C2992F709}
[MD5.B0AA1398E555A265190F4767D507DED2] - [02/05/2017 17:29:29] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{925B61EB-DB5A-482E-9620-F1B67BC88393}
[MD5.BF13B4BFBD62A4FA55A4C0988E7F9C39] - [05/05/2017 13:32:59] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B398F6FE-E797-4764-B6F2-C4AE0121A71B}
[MD5.53E79610F348D57B91DFD5B8CD981428] - [12/05/2017 04:38:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/05/2017 13:52:56] - |A| - [0] - C:\WINDOWS\Installer\wix{595B8A7B-253D-4A4E-95C2-A823EDDD5496}.SchedServiceConfig.rmi
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/05/2017 13:28:43] - |A| - [0] - C:\WINDOWS\Installer\wix{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}.SchedServiceConfig.rmi
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/05/2017 13:33:16] - |A| - [0] - C:\WINDOWS\Installer\wix{B398F6FE-E797-4764-B6F2-C4AE0121A71B}.SchedServiceConfig.rmi
[MD5.00000000000000000000000000000000] - [12/05/2017 07:11:32] - |D| - [13683718] - C:\WINDOWS\Installer\{2B75557A-B66B-4C26-8AFD-F1B752C1D4CB}
[MD5.00000000000000000000000000000000] - [01/05/2017 13:52:55] - |D| - [665497] - C:\WINDOWS\Installer\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}
[MD5.00000000000000000000000000000000] - [05/05/2017 13:28:41] - |D| - [355574] - C:\WINDOWS\Installer\{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}
[MD5.00000000000000000000000000000000] - [04/05/2017 11:00:14] - |D| - [825906] - C:\WINDOWS\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2}
[MD5.00000000000000000000000000000000] - [04/05/2017 19:37:07] - |D| - [2603292] - C:\WINDOWS\Installer\{7BA87AB0-2055-11E7-8E16-000C2992F709}
[MD5.00000000000000000000000000000000] - [02/05/2017 17:29:41] - |D| - [749762] - C:\WINDOWS\Installer\{925B61EB-DB5A-482E-9620-F1B67BC88393}
[MD5.00000000000000000000000000000000] - [05/05/2017 13:33:15] - |D| - [355574] - C:\WINDOWS\Installer\{B398F6FE-E797-4764-B6F2-C4AE0121A71B}
[MD5.00000000000000000000000000000000] - [12/05/2017 04:38:51] - |D| - [1862565] - C:\WINDOWS\Installer\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
[MD5.39748F710CE4FC0FB5782ACA9A990E97] - [12/05/2017 04:31:53] - |A| - [527360] - C:\WINDOWS\system32\aadcloudap.dll
[MD5.AEF2A80BADA1526A700A867B6F35913B] - [12/05/2017 04:36:57] - |A| - [1293824] - C:\WINDOWS\system32\aadtb.dll
[MD5.A5D80134C702642F935D9334BF5B890A] - [12/05/2017 04:32:46] - |A| - [1886208] - C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
[MD5.EAE1B6D86D661BFC494A3975583F722C] - [12/05/2017 04:32:46] - |A| - [2800128] - C:\WINDOWS\system32\AppXDeploymentServer.dll
[MD5.FC84D5ABA3CD649965E17EA5E06D8033] - [12/05/2017 04:32:00] - |A| - [970240] - C:\WINDOWS\system32\autochk.exe
[MD5.36DF9BF16D48E76F2312E5630CAF8B0D] - [12/05/2017 04:32:37] - |A| - [1878016] - C:\WINDOWS\system32\AzureSettingSyncProvider.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/05/2017 12:38:22] - |AH| - [0] - C:\WINDOWS\system32\BITF033.tmp
[MD5.BDD5B497E14976311FA0250AA9C86E02] - [12/05/2017 04:32:32] - |A| - [207264] - C:\WINDOWS\system32\browserbroker.dll
[MD5.90C80EC09679810B2EAF2045A26B197E] - [12/05/2017 04:32:01] - |A| - [27040] - C:\WINDOWS\system32\browser_broker.exe
[MD5.C511B18C61DE577D3A563F65E55AE63A] - [12/05/2017 04:35:33] - |A| - [8244736] - C:\WINDOWS\system32\Chakra.dll
[MD5.7B7535D31FCDEA02BB97B862936B0C77] - [12/05/2017 04:36:20] - |A| - [667040] - C:\WINDOWS\system32\ci.dll
[MD5.9E4C3F959FE5B1D4A79CADAF715FDF79] - [12/05/2017 04:31:52] - |A| - [56832] - C:\WINDOWS\system32\cldapi.dll
[MD5.A5CA2992D42DB271DF933F49676E57DE] - [12/05/2017 04:32:32] - |A| - [872472] - C:\WINDOWS\system32\ClipSVC.dll
[MD5.3159602B419D3100363F3E57A3D0EE98] - [12/05/2017 04:32:26] - |A| - [3116184] - C:\WINDOWS\system32\combase.dll
[MD5.D734EBC7E66D82D543C874ED1FE9B40D] - [12/05/2017 04:32:01] - |A| - [923040] - C:\WINDOWS\system32\CoreMessaging.dll
[MD5.99C90305251B0FD6A3130957C447A2D3] - [12/05/2017 04:32:03] - |A| - [2969880] - C:\WINDOWS\system32\CoreUIComponents.dll
[MD5.5711CB1CCB087FEB595007782C935D78] - [12/05/2017 04:32:12] - |A| - [1852776] - C:\WINDOWS\system32\crypt32.dll
[MD5.9BE06592CAF8FEC3FE306AFC37B5A587] - [12/05/2017 04:35:44] - |A| - [4396032] - C:\WINDOWS\system32\D3DCompiler_47.dll
[MD5.78798FC20ECA1B2A916D77BBA2ABBEFF] - [12/05/2017 04:35:46] - |A| - [5557760] - C:\WINDOWS\system32\dbgeng.dll
[MD5.F3E97DC96CC837DAB1A521EC418509EE] - [12/05/2017 04:33:44] - |A| - [274944] - C:\WINDOWS\system32\dxtrans.dll
[MD5.A078808BB8B5DD95E6FD57E87C9B0AC0] - [12/05/2017 04:33:26] - |A| - [23677440] - C:\WINDOWS\system32\edgehtml.dll
[MD5.E105DC3C9E89B43A40646FD1E5DD5D1C] - [12/05/2017 12:31:17] - |A| - [256240] - C:\WINDOWS\system32\FNTCACHE.DAT
[MD5.63617C6E7D2DFF310B89C746AEB9A542] - [12/05/2017 04:36:30] - |A| - [1260544] - C:\WINDOWS\system32\GamePanel.exe
[MD5.FBF66B31FE79147FC70EBFAFA596C3E4] - [12/05/2017 04:33:17] - |A| - [1604312] - C:\WINDOWS\system32\gdi32full.dll
[MD5.F283519F280D5801493419DDF1DD5FF2] - [12/05/2017 04:36:33] - |A| - [224256] - C:\WINDOWS\system32\ie4uinit.exe
[MD5.88A2631E0AB7B2EFBC1CDD80D9A12463] - [12/05/2017 04:36:11] - |A| - [386560] - C:\WINDOWS\system32\iedkcs32.dll
[MD5.73318E5C8F169E99DDCFD17AD57E64D9] - [12/05/2017 04:33:22] - |A| - [12787200] - C:\WINDOWS\system32\ieframe.dll
[MD5.37F4384069A3BB69E8C04E292707D7C8] - [12/05/2017 04:31:54] - |A| - [140288] - C:\WINDOWS\system32\iepeers.dll
[MD5.AD2C05C37CF152D495AFA3AF915FB78F] - [12/05/2017 04:36:23] - |A| - [2635336] - C:\WINDOWS\system32\iertutil.dll
[MD5.AC4263ED0BABD1A395DFEAF3620AAF5F] - [12/05/2017 04:35:39] - |A| - [2077184] - C:\WINDOWS\system32\inetcpl.cpl
[MD5.9416887D770A85513D09EFFF69EFFE9A] - [12/05/2017 04:36:47] - |A| - [373760] - C:\WINDOWS\system32\InstallAgent.exe
[MD5.B7850E34C776DCDD12099B556E590136] - [12/05/2017 04:36:57] - |A| - [416256] - C:\WINDOWS\system32\InstallAgentUserBroker.exe
[MD5.184940CA672B0A4EBBF338AD6B4A230A] - [12/05/2017 04:32:25] - |A| - [4730368] - C:\WINDOWS\system32\jscript9.dll
[MD5.90224339656D3CFEC43150209B4CD38E] - [12/05/2017 04:32:09] - |A| - [708712] - C:\WINDOWS\system32\kernel32.dll
[MD5.030E2B28C4C1EBB77420B671E4F80735] - [12/05/2017 04:32:15] - |A| - [2399728] - C:\WINDOWS\system32\KernelBase.dll
[MD5.90F770D0D44F968F935DFCF6942402BA] - [12/05/2017 04:32:09] - |A| - [1027584] - C:\WINDOWS\system32\modernexecserver.dll
[MD5.E926504AA7995E38B158B08E5FA652C1] - [12/05/2017 04:35:42] - |A| - [751104] - C:\WINDOWS\system32\msfeeds.dll
[MD5.A7DF5ABDA0C578B69F35BF1C922624AD] - [12/05/2017 04:33:12] - |A| - [23681024] - C:\WINDOWS\system32\mshtml.dll
[MD5.2E5A651BBF463A5719AA93A853108D82] - [12/05/2017 04:31:53] - |A| - [84992] - C:\WINDOWS\system32\MshtmlDac.dll
[MD5.AEAA4B633250B9185AE3049D7C5DA59E] - [12/05/2017 04:33:45] - |A| - [96256] - C:\WINDOWS\system32\mshtmled.dll
[MD5.6D09091CE28B57C24035A7F267B9893F] - [12/05/2017 04:32:07] - |A| - [1302528] - C:\WINDOWS\system32\MSVPXENC.dll
[MD5.97825AA793465E58FBD3F9A43EB24885] - [12/05/2017 12:33:11] - |A| - [624640] - C:\WINDOWS\system32\NetUtils2016.dll
[MD5.DD8BF294D1E48A33CE59BF0A1F064AB6] - [12/05/2017 04:35:50] - |A| - [8320920] - C:\WINDOWS\system32\ntoskrnl.exe
[MD5.76F62C43216F80C4F221159174D8D03C] - [12/05/2017 04:32:33] - |A| - [29696] - C:\WINDOWS\system32\odbcconf.dll
[MD5.35763FCD88CEA06D6E520D7757756825] - [12/05/2017 04:32:29] - |A| - [1325456] - C:\WINDOWS\system32\ole32.dll
[MD5.955E4D3AE7BB4550B910BEACA6D2EA47] - [12/05/2017 04:32:11] - |A| - [775824] - C:\WINDOWS\system32\oleaut32.dll
[MD5.B956F35D1E90066B6AE6AD13400227A2] - [12/05/2017 04:32:41] - |A| - [5477088] - C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
[MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [12/05/2017 04:32:10] - |A| - [1085440] - C:\WINDOWS\system32\rpcss.dll
[MD5.A2CF5E536A28673109278FDB4E449DB8] - [12/05/2017 04:36:21] - |A| - [543640] - C:\WINDOWS\system32\securekernel.exe
[MD5.A32FE0DB351A04AA2D186E1A46364889] - [12/05/2017 04:32:44] - |A| - [314880] - C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
[MD5.C8EE79B9BF4533C7838F96D47DB6FE98] - [12/05/2017 04:32:31] - |A| - [21353200] - C:\WINDOWS\system32\shell32.dll
[MD5.00000000000000000000000000000000] - [12/05/2017 12:33:11] - |D| - [0] - C:\WINDOWS\system32\sstmp
[MD5.A3A6F89FA4470FFB170C98D9639034F1] - [12/05/2017 04:36:22] - |A| - [1075712] - C:\WINDOWS\system32\StoreAgent.dll
[MD5.E75668AD4602A0DDB57B4EB5E66BE45A] - [12/05/2017 04:31:58] - |A| - [82944] - C:\WINDOWS\system32\tdc.ocx
[MD5.163A2CAB4344FDBD83992F01D9870823] - [12/05/2017 12:33:12] - |A| - [1891] - C:\WINDOWS\system32\tmplog.log
[MD5.C83505A5CC15E39D6C6D7B3C20187E5C] - [12/05/2017 04:32:17] - |A| - [1054208] - C:\WINDOWS\system32\TokenBroker.dll
[MD5.EF2A12DF58465020112D3CB534A6370F] - [12/05/2017 04:32:08] - |A| - [985600] - C:\WINDOWS\system32\TSWorkspace.dll
[MD5.5FA84A984BC94375F7BC2D0AA8AFB4E2] - [12/05/2017 04:31:52] - |A| - [584192] - C:\WINDOWS\system32\UIRibbonRes.dll
[MD5.F5C92003AF01FB18C3958C44E2F43E86] - [12/05/2017 04:36:10] - |A| - [1803264] - C:\WINDOWS\system32\urlmon.dll
[MD5.78A9866950677529740B664C95DE2938] - [12/05/2017 04:36:10] - |A| - [5776384] - C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
[MD5.D10864C1730172780C2D4BE633B9220A] - [01/05/2017 23:46:28] - |A| - [1795952] - C:\WINDOWS\system32\WdfCoInstaller01011.dll
[MD5.6252787D9AEBBB185DE35B50F1B500F6] - [12/05/2017 04:36:08] - |A| - [457728] - C:\WINDOWS\system32\webplatstorageserver.dll
[MD5.8C9134EBA812B7E68271CC8536C99ADA] - [12/05/2017 04:33:16] - |A| - [2056192] - C:\WINDOWS\system32\win32kbase.sys
[MD5.50CA964E2B06E5D6F8CA07739279CF25] - [12/05/2017 04:33:15] - |A| - [3672064] - C:\WINDOWS\system32\win32kfull.sys
[MD5.5B39626D5182C6F27D031A73DA991050] - [12/05/2017 04:36:36] - |A| - [7904784] - C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
[MD5.721D545BBCB210B598B2B9F6BF5AE251] - [12/05/2017 04:31:57] - |A| - [218624] - C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
[MD5.02C4150DB616D34C9601110F3FF29FFE] - [12/05/2017 04:32:07] - |A| - [1051648] - C:\WINDOWS\system32\Windows.UI.dll
[MD5.2B1361AFBF330AF9A652A336EE77CBCB] - [12/05/2017 04:36:06] - |A| - [3307008] - C:\WINDOWS\system32\wininet.dll
[MD5.A42970F5DAA633B35322F200C39DF4CF] - [12/05/2017 04:31:52] - |A| - [64512] - C:\WINDOWS\system32\winsrv.dll
[MD5.46511F8AFD8911D05AB95F64BF0474E6] - [12/05/2017 04:32:17] - |A| - [387928] - C:\WINDOWS\system32\wmpps.dll
[MD5.C7215695095A0BFC2A01BBB5660E383A] - [12/05/2017 04:35:42] - |A| - [422400] - C:\WINDOWS\system32\WpAXHolder.dll
[MD5.FED578B27678A6B8563BB364494099C1] - [12/05/2017 04:36:31] - |A| - [925696] - C:\WINDOWS\system32\WpcWebFilter.dll
[MD5.4728C6AECEBC8135D349C38A3FDF5567] - [10/05/2017 16:09:24] - |A| - [66416] - C:\WINDOWS\system32\Drivers\b82d7dae78bbc7cbe3b8b9c71e3430cd.sys
[MD5.CFD199354CC01F5857F3F27BC1BA2DBE] - [12/05/2017 04:36:19] - |A| - [35840] - C:\WINDOWS\system32\Drivers\BasicRender.sys
[MD5.44293BF717CA39DC925C6A05453D8D34] - [01/05/2017 22:58:44] - |A| - [84768] - C:\WINDOWS\system32\Drivers\cgnetfilter1521.sys
[MD5.5FB6528EC95A2E83AE71005108C03D2B] - [12/05/2017 04:35:45] - |A| - [2444192] - C:\WINDOWS\system32\Drivers\dxgkrnl.sys
[MD5.3362EFB9ECE40CF85B0A729F23BAEB7D] - [12/05/2017 04:39:39] - |A| - [339808] - C:\WINDOWS\system32\Drivers\file_tracker.sys
[MD5.48E43456C95CE0D73D09CE8FA3E5978A] - [12/05/2017 04:39:14] - |A| - [160600] - C:\WINDOWS\system32\Drivers\fltsrv.sys
[MD5.E4626B663B94E5FEB90F497395B5C059] - [01/05/2017 21:53:38] - |A| - [20160] - C:\WINDOWS\system32\Drivers\GUSBootStartup.sys
[MD5.EFF3449AC1A0A573479DA8597252832F] - [05/05/2017 16:11:30] - |A| - [69400] - C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
[MD5.999995E6E594D8F7AA72029C8EB2B952] - [12/05/2017 12:33:11] - |A| - [907160] - C:\WINDOWS\system32\Drivers\NetUtils2016.sys
[MD5.8C048728D8D4F3B204C18C5379BE7645] - [12/05/2017 04:39:17] - |A| - [339288] - C:\WINDOWS\system32\Drivers\snapman.sys
[MD5.36EAC4FE629FC036632F13EC14788FD1] - [12/05/2017 04:32:09] - |A| - [414208] - C:\WINDOWS\system32\Drivers\srv.sys
[MD5.A84B05C7C2A233497BE1D518A662C326] - [12/05/2017 04:32:06] - |A| - [722944] - C:\WINDOWS\system32\Drivers\srv2.sys
[MD5.3F656867E983E8D9E71E57354383C23A] - [12/05/2017 04:39:21] - |A| - [1049432] - C:\WINDOWS\system32\Drivers\tib.sys
[MD5.DA3BF6E315D2FC2681CB7AE1E745DFDB] - [12/05/2017 04:39:22] - |A| - [202592] - C:\WINDOWS\system32\Drivers\tib_mounter.sys
[MD5.A6C7255A6C95B05E6551538F54248A7F] - [12/05/2017 04:39:23] - |A| - [581464] - C:\WINDOWS\system32\Drivers\tnd.sys
[MD5.0D5A09B08568760AE85A801FCBC0F83D] - [01/05/2017 22:43:57] - |A| - [28272] - C:\WINDOWS\system32\Drivers\TrueSight.sys
[MD5.50E70B3A95138AA4A30B095270EE0DE6] - [12/05/2017 04:36:19] - |A| - [388000] - C:\WINDOWS\system32\Drivers\USBXHCI.SYS
[MD5.0C987C7C5A0B710AB2881B3F19DF72F5] - [12/05/2017 04:39:25] - |A| - [301408] - C:\WINDOWS\system32\Drivers\virtual_file.sys
[MD5.A78463CAAAB338A0EC9BF4969B02E9A6] - [12/05/2017 04:36:45] - |A| - [1019904] - C:\WINDOWS\syswow64\aadtb.dll
[MD5.13FA039C5E464F3BF0C6D01E00581CAA] - [01/05/2017 17:03:26] - |A| - [151552] - C:\WINDOWS\syswow64\ac3acm.acm
[MD5.F28932A39BD903297C1B075D032FCF06] - [12/05/2017 04:32:00] - |A| - [891904] - C:\WINDOWS\syswow64\autochk.exe
[MD5.D69503945B9BFF322BB22702232FC85E] - [12/05/2017 04:32:38] - |A| - [1248768] - C:\WINDOWS\syswow64\AzureSettingSyncProvider.dll
[MD5.28610A16475F617FF3EFECFAECBA3803] - [12/05/2017 04:33:04] - |A| - [6292992] - C:\WINDOWS\syswow64\Chakra.dll
[MD5.01E0F3B54450B53318172C1C26B594E9] - [12/05/2017 04:31:53] - |A| - [50176] - C:\WINDOWS\syswow64\cldapi.dll
[MD5.79314543755599A145FACABD72725585] - [12/05/2017 04:32:21] - |A| - [2330520] - C:\WINDOWS\syswow64\combase.dll
[MD5.D333324DDC09806B477DAD41263EAFBA] - [12/05/2017 04:32:01] - |A| - [583160] - C:\WINDOWS\syswow64\CoreMessaging.dll
[MD5.29C27055A6FEC9326523E7CA75A42DDA] - [12/05/2017 04:32:02] - |A| - [2259760] - C:\WINDOWS\syswow64\CoreUIComponents.dll
[MD5.8002415AFF6B745EEEE84B2EB5E82D75] - [12/05/2017 04:32:16] - |A| - [1557288] - C:\WINDOWS\syswow64\crypt32.dll
[MD5.FCFC1AEE0CB5C6C4624E7DE639F9450A] - [12/05/2017 04:32:54] - |A| - [5225984] - C:\WINDOWS\syswow64\d2d1.dll
[MD5.D5F0CBCEE307046B99FEFDBBA0E8F7A1] - [12/05/2017 04:36:17] - |A| - [3667456] - C:\WINDOWS\syswow64\D3DCompiler_47.dll
[MD5.F85D2D6FB721C1812044026C3459D13B] - [12/05/2017 04:36:18] - |A| - [4559360] - C:\WINDOWS\syswow64\dbgeng.dll
[MD5.28356A3F5202289A0CBAAC44DDD5831B] - [12/05/2017 04:36:10] - |A| - [266240] - C:\WINDOWS\syswow64\dxtrans.dll
[MD5.BDEA7023B7F9924E2F0132FD05DD7739] - [12/05/2017 04:36:44] - |A| - [20505600] - C:\WINDOWS\syswow64\edgehtml.dll
[MD5.C58947149D01B615E478D7201DD0CFA4] - [01/05/2017 17:03:22] - |A| - [80896] - C:\WINDOWS\syswow64\ff_vfw.dll
[MD5.3B5BB4DA93EBCB6ECBAC48C66F4B28A4] - [01/05/2017 17:03:23] - |A| - [590] - C:\WINDOWS\syswow64\ff_vfw.dll.manifest
[MD5.C41AE32FBED58709CA1704FE00A102EC] - [12/05/2017 04:35:39] - |A| - [1411128] - C:\WINDOWS\syswow64\gdi32full.dll
[MD5.8B8950B1C7CA588B4941ABCB24A0B72B] - [12/05/2017 04:36:33] - |A| - [338432] - C:\WINDOWS\syswow64\iedkcs32.dll
[MD5.A0EB9E2886A798E8E36BD46236A3FF7B] - [12/05/2017 04:35:41] - |A| - [11870208] - C:\WINDOWS\syswow64\ieframe.dll
[MD5.38788A54F4523EA8B0C3B0D7EB5E76E1] - [12/05/2017 04:31:53] - |A| - [124928] - C:\WINDOWS\syswow64\iepeers.dll
[MD5.65CA4382CD65D0C30F500D5448D0C6BD] - [12/05/2017 04:36:53] - |A| - [2158544] - C:\WINDOWS\syswow64\iertutil.dll
[MD5.203BB184D940235B95A8C7C1D4FE2D53] - [12/05/2017 04:36:11] - |A| - [2008576] - C:\WINDOWS\syswow64\inetcpl.cpl
[MD5.EDBBC99B63B80E83E6E85F262C39703B] - [12/05/2017 04:36:57] - |A| - [328704] - C:\WINDOWS\syswow64\InstallAgent.exe
[MD5.93EF002E82894466CB2B4F17169C126F] - [12/05/2017 04:36:58] - |A| - [367104] - C:\WINDOWS\syswow64\InstallAgentUserBroker.exe
[MD5.3A42B8FD529B3F936CE7B0B758AF0320] - [12/05/2017 04:32:20] - |A| - [3655680] - C:\WINDOWS\syswow64\jscript9.dll
[MD5.00000000000000000000000000000000] - [05/05/2017 12:29:51] - |D| - [24704035] - C:\WINDOWS\syswow64\KDirectShow
[MD5.A13FBBCB836D29F404935175BA8A6ACF] - [12/05/2017 04:32:08] - |A| - [599576] - C:\WINDOWS\syswow64\kernel32.dll
[MD5.B28734768CE940DB239FA8C3D1C9F83A] - [12/05/2017 04:32:16] - |A| - [1839872] - C:\WINDOWS\syswow64\KernelBase.dll
[MD5.23D4907D662E248E09872E5A32E71570] - [01/05/2017 17:03:27] - |A| - [232448] - C:\WINDOWS\syswow64\mp3fhg.acm
[MD5.AFF8A77766D3673C5BB15C02C33B8B82] - [12/05/2017 04:36:33] - |A| - [663040] - C:\WINDOWS\syswow64\msfeeds.dll
[MD5.921E86E1090040C6A8D7439C33F1E82A] - [12/05/2017 04:36:16] - |A| - [19335168] - C:\WINDOWS\syswow64\mshtml.dll
[MD5.BBB45A9C1A5117C7A299A8239813A26C] - [12/05/2017 04:31:53] - |A| - [80384] - C:\WINDOWS\syswow64\mshtmled.dll
[MD5.506068326D7E17AD2BC1E847B432A16A] - [12/05/2017 04:32:34] - |A| - [25088] - C:\WINDOWS\syswow64\odbcconf.dll
[MD5.79754F4AD5E58808C18077BEBABDBB85] - [12/05/2017 04:32:28] - |A| - [988168] - C:\WINDOWS\syswow64\ole32.dll
[MD5.5F91E0B146C4B15D9FB179515E253E7F] - [12/05/2017 04:32:10] - |A| - [605936] - C:\WINDOWS\syswow64\oleaut32.dll
[MD5.80EEAEFFD3A2C57F94908939C0EE77C6] - [12/05/2017 04:32:28] - |A| - [89088] - C:\WINDOWS\syswow64\olepro32.dll
[MD5.00000000000000000000000000000000] - [12/05/2017 12:34:43] - |D| - [22378] - C:\WINDOWS\syswow64\SSL
[MD5.E1935003D8512C4D36555CCA3C975B18] - [12/05/2017 04:36:50] - |A| - [806400] - C:\WINDOWS\syswow64\StoreAgent.dll
[MD5.9B6EA22319C031730B2891AB747AD6C1] - [05/05/2017 12:13:51] - |A| - [313] - C:\WINDOWS\syswow64\swhealthex.log
[MD5.D74A0BBA769153C2E033BDAA7B5A2093] - [12/05/2017 04:31:58] - |A| - [72192] - C:\WINDOWS\syswow64\tdc.ocx
[MD5.E8003F21AECE4A5073837DBBFE1E23A4] - [12/05/2017 04:32:14] - |A| - [799232] - C:\WINDOWS\syswow64\TokenBroker.dll
[MD5.EE3F12FA7BDE7AC4E85F8C01EDCCC5FD] - [12/05/2017 04:31:53] - |A| - [584192] - C:\WINDOWS\syswow64\UIRibbonRes.dll
[MD5.0087F6F680BEFDA997B357BD55BE991C] - [01/05/2017 17:03:37] - |A| - [165376] - C:\WINDOWS\syswow64\unrar.dll
[MD5.C87BAA95CB88CDE1F5635A3D7CDA7D9B] - [12/05/2017 04:36:33] - |A| - [1626624] - C:\WINDOWS\syswow64\urlmon.dll
[MD5.CD046E296016C808623F06C3C3A003BE] - [12/05/2017 04:36:32] - |A| - [4544000] - C:\WINDOWS\syswow64\VsGraphicsDesktopEngine.exe
[MD5.F70D113494A14CD4B07F2484969D35FA] - [12/05/2017 04:36:57] - |A| - [329728] - C:\WINDOWS\syswow64\webplatstorageserver.dll
[MD5.F9626AD4A4718C7E97D806C6F87AF430] - [12/05/2017 04:35:38] - |A| - [2957824] - C:\WINDOWS\syswow64\win32kfull.sys
[MD5.8EF8D8C9A097CE15C9262639AE4FE541] - [12/05/2017 04:36:13] - |A| - [6759512] - C:\WINDOWS\syswow64\Windows.Media.Protection.PlayReady.dll
[MD5.2D4B4AFC36ED18D9B059AAF1655A48BD] - [12/05/2017 04:32:03] - |A| - [790528] - C:\WINDOWS\syswow64\Windows.UI.dll
[MD5.9F75F07B64DAD8B0C63BA73EE60351E1] - [12/05/2017 04:36:21] - |A| - [2859520] - C:\WINDOWS\syswow64\wininet.dll
[MD5.0F99926CFD22EB03603CFFEFE4A415C4] - [12/05/2017 04:36:55] - |A| - [636416] - C:\WINDOWS\syswow64\WpcWebFilter.dll
[MD5.2AE2C164587549B3872E5EB109FB12F8] - [01/05/2017 17:03:24] - |A| - [810496] - C:\WINDOWS\syswow64\xvidcore.dll
[MD5.717E9CA09CB53DC2BBB2DAF78D713828] - [01/05/2017 17:03:24] - |A| - [183808] - C:\WINDOWS\syswow64\xvidvfw.dll
[MD5.C52757F1EA2812847EB65B72A8371794] - [01/05/2017 17:03:25] - |A| - [237568] - C:\WINDOWS\syswow64\yv12vfw.dll

---------- | Drives


A:

[13/12/2024 12:50:15] - |A| - (.-.) - [552] - (0.0.0.0) - A:\COMODO TrustConnect (VPN).lnk
[11/12/2024 12:42:22] - |A| - (.Copyright (c) 1999-2015 Igor Pavlov - 7-Zip Shell Extension.) - [49664] - (15.14.0.0) - A:\7-zip.dll
[24/03/2017 10:39:59] - |H| - (.-.) - [16] - (0.0.0.0) - A:\AUTORUN.INF
[13/12/2024 13:19:22] - |A| - (.-.) - [64] - (0.0.0.0) - A:\a2whitelist.ini
[13/12/2024 13:19:22] - |A| - (.-.) - [6260] - (0.0.0.0) - A:\a2settings.ini

B:


D:

[06/04/2017 11:57:35] - |H| - (.-.) - [16] - (0.0.0.0) - D:\AUTORUN.INF

F:

[04/03/2003 14:14:50] - |R| - (.- AutoRun StudioXP.) - [878592] - (1.0.0.1) - F:\autorun.exe
[04/03/2003 14:15:02] - |R| - (.-.) - [45] - (0.0.0.0) - F:\autorun.inf

G:

[24/03/2017 10:37:12] - |H| - (.-.) - [16] - (0.0.0.0) - G:\AUTORUN.INF

H:

[25/09/2014 23:56:44] - |R| - (.Copyright (C) 2014 - DTVaultPrivacy MFC Application.) - [1173840] - (3.0.0.6) - H:\DTVP30_Launcher.exe
[19/10/2013 01:18:27] - |R| - (.-.) - [71] - (0.0.0.0) - H:\autorun.inf

I:


J:

[26/02/2017 19:31:59] - |A| - (.-.) - [292161608] - (0.0.0.0) - J:\EmsisoftEmergencyKit.exe
[26/02/2017 19:49:28] - |A| - (.-.) - [6190] - (0.0.0.0) - J:\a2settings.ini
[27/02/2017 07:22:30] - |A| - (.-.) - [64] - (0.0.0.0) - J:\a2whitelist.ini
[01/01/2017 16:31:45] - |A| - (.-.) - [1095] - (0.0.0.0) - J:\PecmdExt.ini

K:

[22/01/2017 09:50:46] - |A| - (.-.) - [574] - (0.0.0.0) - K:\COMODO TrustConnect (VPN).lnk
[21/02/2016 19:04:14] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2015. - StarBurn  CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3235200] - (15.5.1.4144) - K:\StarBurn.dll
[10/11/2016 21:48:56] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [3910208] - (6.0.3.0) - K:\adwcleaner_6.030.exe
[30/04/2016 20:13:58] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - K:\BitTorrent (1).exe
[30/04/2016 20:17:08] - |A| - (.©2016 BitTorrent, Inc. - BitTorrent.) - [1963528] - (7.9.6.42179) - K:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe
[12/05/2017 06:22:29] - |A| - (.                                                                                                   - FileVoyager Setup                                        .) - [32710943] - (17.4.7.0) - K:\FileVoyager_Setup_17.4.7.0_Full.exe
[04/03/2017 10:57:32] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2423808] - (5.3.2017.0) - K:\FRST64.exe
[21/04/2017 16:20:30] - |A| - (.-.) - [1974390] - (0.0.0.0) - K:\FyK-6.004.exe
[19/04/2017 18:52:22] - |A| - (.Copyright (c) GoPro, Inc.. - GoPro Studio 2.5.7.) - [121291664] - (2.5.7.549) - K:\GoProStudioPC-2.5.7.549 [1].exe
[19/04/2017 18:53:18] - |A| - (.(c) Malwarebytes.                                                              - Malwarebytes Anti-Malware                                .) - [22851472] - (2.2.1.1043) - K:\mbam-setup-2.2.1.1043.exe
[25/02/2015 15:22:15] - |A| - (.ENC Security Systems BV - SanDisk SecureAccessV3.) - [16024600] - (6.0.9.0) - K:\RunSanDiskSecureAccess_Win.exe
[22/01/2017 09:15:29] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [11619360] - (3.7.13.262) - K:\SophosClean_x64.exe
[16/12/2016 18:26:35] - |A| - (.-.) - [89589712] - (0.0.0.0) - K:\VideoMeetingPlus_1.0.1711.0_Beta_VMX160226-03.exe
[10/11/2016 22:04:11] - |A| - (.Nicolas Coolman - ZHPCleane.) - [2488832] - (2016.11.8.191) - K:\ZHPCleaner.exe
[10/11/2016 22:41:19] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2442240] - (2016.11.8.213) - K:\ZHPDiag3.exe
[09/12/2016 16:18:19] - |A| - (.-.) - [149] - (0.0.0.0) - K:\autorun (1).inf
[24/05/2016 07:32:13] - |A| - (.-.) - [5774] - (0.0.0.0) - K:\a2settings.ini
[24/05/2016 09:34:30] - |A| - (.-.) - [64] - (0.0.0.0) - K:\a2whitelist.ini
[28/04/2017 06:04:22] - |A| - (.-.) - [410] - (0.0.0.0) - K:\ampa.ini
[21/04/2017 17:10:51] - |A| - (.-.) - [4] - (0.0.0.0) - K:\bandeja.ini
[21/04/2017 17:10:51] - |A| - (.-.) - [10] - (0.0.0.0) - K:\config.ini
[18/04/2026 19:29:05] - |A| - (.-.) - [2054] - (0.0.0.0) - K:\Framakey.ini
[21/04/2017 17:10:51] - |A| - (.-.) - [4] - (0.0.0.0) - K:\idioma.ini
[09/08/2016 16:00:26] - |A| - (.-.) - [44] - (0.0.0.0) - K:\language.ini
[11/07/2016 09:24:15] - |A| - (.-.) - [0] - (0.0.0.0) - K:\LogAnalyZer.ini
[25/02/2017 07:34:32] - |A| - (.-.) - [2069] - (0.0.0.0) - K:\rk_config.ini

L:


M:


N:

[08/01/2017 10:41:18] - |H| - (.-.) - [16] - (0.0.0.0) - N:\AUTORUN.INF

P:

[11/04/2017 08:38:33] - |A| - (.-.) - [552] - (0.0.0.0) - P:\COMODO TrustConnect (VPN).lnk
[13/04/2017 19:00:45] - |A| - (.-.) - [1107968] - (0.0.0.0) - P:\RSIT.exe
[23/03/2017 22:37:48] - |H| - (.-.) - [16] - (0.0.0.0) - P:\AUTORUN.INF

Q:

[07/05/2017 23:34:48] - |A| - (.©  2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4555968] - (3.17.0.10) - Q:\DriveD.exe
[05/05/2017 17:40:57] - |A| - (.2007-2014 PortableApps.com, PortableApps.com Installer 3.0.15.0 - DriveSecurity Portable.) - [324112] - (1.0.0.0) - Q:\DriveSecurityPortable_1.0.paf.exe
[09/05/2017 06:21:24] - |A| - (.                                                                                                   - WiPS Office 2.1 Setup                                    .) - [113052628] - (0.0.0.0) - Q:\WiPS_Office21.exe
[09/05/2017 06:21:37] - |A| - (.                                                                                                   - WiPS Utilities 2.1 Setup                                 .) - [47142340] - (0.0.0.0) - Q:\WiPS_Utilities21.exe
[09/05/2017 06:22:00] - |A| - (.                                                                                                   - WiPS Network 2.1 Setup                                   .) - [90730190] - (0.0.0.0) - Q:\WiPS_Network21.exe
[09/05/2017 06:22:09] - |A| - (.                                                                                                   - WiPS System 2.1 Setup                                    .) - [33246670] - (0.0.0.0) - Q:\WiPS_System21.exe
[09/05/2017 06:22:39] - |A| - (.                                                                                                   - WiPS Golden 2.1 Setup                                    .) - [96588969] - (0.0.0.0) - Q:\wips_golden21.exe
[09/05/2017 06:22:51] - |A| - (.                                                                                                   - WiPS Graphic 2.1 Setup                                   .) - [46296084] - (0.0.0.0) - Q:\WiPS_Graphic21.exe
[09/05/2017 06:23:18] - |A| - (.                                                                                                   - WiPS Multimedia 2.1 Setup                                .) - [106491898] - (0.0.0.0) - Q:\WiPS_Multimedia21.exe
[09/05/2017 06:24:59] - |A| - (.Luparia Andrea - Lupo PenSuite Full.) - [398166757] - (2016.0.0.0) - Q:\Lupo_PenSuite_v2016_Full.exe
[26/07/2016 16:27:16] - |A| - (.©  2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4544192] - (4.1.5.0) - Q:\DriveSecurity.exe
[09/05/2017 06:27:19] - |A| - (.Copyright © 2008-2017 Auslogics Labs Pty Ltd - Downloader Manager.) - [7106704] - (2.0.0.0) - Q:\GiveawayClub_FlipHTML5.exe
[09/05/2017 06:27:21] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1167128] - (3.0.0.1006) - Q:\CyberLink_Power2Go_Downloader.exe
[09/05/2017 06:27:21] - |A| - (.Copyright 2016 Wondershare Corporation                                - wondershare-filmora-(fr)_setup_full1084.exe.) - [1284240] - (1.4.0.1) - Q:\filmora_setup_full1084.exe
[09/05/2017 06:27:23] - |A| - (.                                                                                                   - CyberGhost 6                                             .) - [8013944] - (6.0.6.0) - Q:\CyberGhost_6.0.7.2738.exe
[09/05/2017 06:27:53] - |A| - (.Copyright © 2005-2016 CHENGDU YIWO Tech Development Co., Ltd.                  - EaseUS Todo Backup Free Setup                            .) - [120287136] - (10.0.0.0) - Q:\tb_free.exe
[09/05/2017 06:28:15] - |A| - (.WiseVideoSuite.com                                                                                  - Wise Video Downloader                                    .) - [2910504] - (2.5.3.102) - Q:\WVDSetup.exe
[09/05/2017 06:28:16] - |A| - (.WiseCleaner.com                                                                                     - Wise Memory Optimizer                                    .) - [1499176] - (3.5.1.102) - Q:\WMOSetup.exe
[09/05/2017 06:28:16] - |A| - (.WiseCleaner.com                                                                                     - Wise Folder Hider                                        .) - [2121040] - (4.1.6.152) - Q:\WFHSetup.exe
[09/05/2017 06:28:36] - |A| - (.Copyright © 2005-2015 CHENGDU YIWO Tech Development Co., Ltd.                  - System GoBack Free Setup                                 .) - [80054176] - (1.0.0.0) - Q:\goback.exe
[09/05/2017 06:28:37] - |A| - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) - [957952] - (3.3.12.0) - Q:\ListParts64.exe
[09/05/2017 06:28:37] - |A| - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) - [860160] - (3.3.12.0) - Q:\ListParts.exe
[09/05/2017 06:28:39] - |A| - (.Copyright © 2005-2017 Piriform Ltd - CCleaner Installer.) - [9390672] - (5.29.0.6033) - Q:\ccsetup529.exe
[09/05/2017 06:28:40] - |A| - (.(c) Moo0. - Moo0 Installer.) - [9355264] - (1.0.0.0) - Q:\Moo0_VideoToAudio_v1.12_Installer.exe
[09/05/2017 06:28:43] - |A| - (.(c) Moo0. - Moo0 Installer.) - [7352320] - (1.0.0.0) - Q:\Moo0 RightClicker v1.53 Installer.exe
[09/05/2017 06:28:45] - |A| - (.(c) Moo0. - Moo0 Installer.) - [7364608] - (1.0.0.0) - Q:\Moo0 RightClicker Pro v1.53 Installer.exe
[09/05/2017 06:28:45] - |A| - (.(c) Moo0. - Moo0 Installer.) - [2871296] - (1.0.0.0) - Q:\Moo0 ImageSizer v1.22 Installer.exe
[09/05/2017 06:28:47] - |A| - (.(c) Moo0. - Moo0 Installer.) - [2850816] - (1.0.0.0) - Q:\Moo0_MultiDesktop_v1.17_Installer.exe
[09/05/2017 06:28:48] - |A| - (.(c) Moo0. - Moo0 Installer.) - [3477504] - (1.0.0.0) - Q:\Moo0 WindowMenuPlus v1.20 Installer.exe
[09/05/2017 06:28:49] - |A| - (.(c) Moo0. - Moo0 Installer.) - [3452928] - (1.0.0.0) - Q:\Moo0 TransparentMenu v1.20 Installer.exe
[09/05/2017 06:28:51] - |A| - (.(c) Moo0. - Moo0 Installer.) - [9326592] - (1.0.0.0) - Q:\Moo0.VideoCutter.v1.07-Installer.exe
[09/05/2017 06:28:51] - |A| - (.-.) - [1309184] - (5.0.0.1) - Q:\zoek.exe
[09/05/2017 06:28:52] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4102600] - (6.0.4.6) - Q:\adwcleaner_6.046.exe
[09/05/2017 06:28:52] - |A| - (.© 2008/2010 C_XX - SEAF.) - [498868] - (1.0.1.0) - Q:\seaf_1.exe
[09/05/2017 06:28:52] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - QuickDiag.) - [2775552] - (5.5.17.1) - Q:\quickdiag_3_05.05.17.1.exe
[09/05/2017 06:28:53] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - Pre_Scan.) - [3514792] - (4.5.17.1) - Q:\Pre_Scan.exe
[09/05/2017 06:31:33] - |A| - (.Copyright © 2011 Wondershare Software Co.,Ltd.All Rights Reserved. - Wondershare Time Freeze Setup.) - [7821928] - (2.0.3.0) - Q:\wondershare-time-freeze-5131-jetelecharge.exe
[09/05/2017 06:31:44] - |A| - (.Copyright (C) 2005-2017 by SUPERAntiSpyware - SUPERAntiSpyware Free Edition Setup.) - [30022456] - (6.0.0.1240) - Q:\SUPERAntiSpyware(2).exe
[09/05/2017 06:31:52] - |A| - (.Copyright (C) 2005-2017 by SUPERAntiSpyware - SUPERAntiSpyware Free Edition Setup.) - [30022456] - (6.0.0.1240) - Q:\SUPERAntiSpyware.exe
[09/05/2017 06:33:27] - |A| - (.Copyright Shane Gowland ©  2015 - ProcessAlive.) - [409088] - (0.0.8.0) - Q:\ProcessAlive-0.9.1.exe
[09/05/2017 06:33:27] - |A| - (.                                                                                                   - Remembr Setup                                            .) - [819850] - (0.0.0.0) - Q:\remembr-install-0.5.exe
[09/05/2017 06:33:27] - |A| - (.Copyright ©  2017 - CCEnhancer.) - [282624] - (4.4.2.0) - Q:\CCEnhancer-4.4.2.exe
[09/05/2017 06:33:27] - |A| - (.                                                                                                   - MetroTextual Setup                                       .) - [1279977] - (0.0.0.0) - Q:\metrotextual-install-2.0.1.exe
[09/05/2017 06:33:29] - |A| - (.                                                                                                   - System Ninja Pro Setup                                   .) - [2409131] - (0.0.0.0) - Q:\ninja-setup-pro-3.1.7.exe
[09/05/2017 06:33:29] - |A| - (.Copyright(C) 2008-2016, XOSLAB.COM. - Easy File Locker.) - [414128] - (2.2.0.184) - Q:\EFL2.2_Setup(x64).exe
[09/05/2017 06:33:29] - |A| - (.Copyright(C) 2008-2016, XOSLAB.COM. - Easy File Locker.) - [359168] - (2.2.0.184) - Q:\EFL2.2_Setup.exe
[09/05/2017 06:33:34] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [425304] - (0.1.1.1183) - Q:\Ninite foxit suite ultimate.exe
[09/05/2017 06:33:35] - |A| - (.-.) - [1275896] - (0.0.0.0) - Q:\NeoSetup foxit suite ultimate.exe
[09/05/2017 06:33:35] - |A| - (.-.) - [1275896] - (0.0.0.0) - Q:\NeoSetup foxit suite pro.exe
[09/05/2017 06:33:35] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [425304] - (0.1.1.1183) - Q:\Ninite foxit suite pro.exe
[09/05/2017 06:33:35] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [425304] - (0.1.1.1183) - Q:\Ninite foxit essentials 20janv2016.exe
[09/05/2017 06:33:35] - |A| - (.-.) - [1275816] - (0.0.0.0) - Q:\NeoSetup foxit.exe
[09/05/2017 06:33:36] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [425304] - (0.1.1.1183) - Q:\Ninite Foxit Reader Installer.exe
[09/05/2017 06:33:36] - |A| - (.Copyright (C) 2009 Secure By Design Inc - Ninite.) - [425304] - (0.1.1.1183) - Q:\Ninite Foxit Reader TeraCopy Installer.exe
[09/05/2017 06:33:37] - |A| - (.-.) - [1275832] - (0.0.0.0) - Q:\NeoSetup foxit b4lfsu100%sf.exe
[10/05/2017 17:10:26] - |A| - (.Geert Moernaut - Runscanner freeware startup analyzer.) - [2248504] - (2.0.0.60) - Q:\runscanner.exe
[10/05/2017 17:10:20] - |A| - (.- Piky Basket Setup                                        .) - [469795] - (0.0.0.0) - Q:\PkySetup.EXE
[11/05/2017 06:05:10] - |A| - (.Copyright © 1997-2013 ALTAP - Altap Salamander Setup.) - [7742400] - (2.0.0.0) - Q:\as308x86.exe
[09/05/2017 21:30:16] - |A| - (.2015 (c) Azureus Software, Inc. - Vuze Leap setup launcher.) - [1412560] - (2.6.0.1) - Q:\VuzeLeapSetup.exe
[09/05/2017 21:31:41] - |A| - (.(c) Azureus Software, Inc. -.) - [91808] - (1.0.1.4) - Q:\VuzeBittorrentClientInstaller.exe
[10/05/2017 17:10:16] - |A| - (.Bernat - Vuze Leap Portable.) - [585113] - (0.0.0.0) - Q:\VuzeLeap_Portable_MultiVersion_En_Online.exe
[10/05/2017 17:10:17] - |A| - (.Bernat - Azureus Portable.) - [9910887] - (0.0.0.0) - Q:\Azureus_Portable_5.7.5.0_32-64-bit_Multilingual.exe
[10/05/2017 17:10:19] - |A| - (.Bernat - xplorer² Ultimate Portable.) - [2851309] - (0.0.0.0) - Q:\Xplorer2_Ultimate_Portable_3.4.0.1_32-64-BIT_MULTILINGUAL.EXE
[11/05/2017 06:05:16] - |A| - (.Copyright © 1997-2013 ALTAP - Altap Salamander Setup.) - [7297504] - (2.0.0.0) - Q:\as308x64.exe
[11/05/2017 09:24:10] - |A| - (.-.) - [2063064] - (0.0.0.0) - Q:\wrar540fr.exe
[11/05/2017 06:04:21] - |A| - (.© Microsoft Corporation. - Win32 Cabinet Self-Extractor                                        .) - [74220544] - (11.0.9600.16384) - Q:\setupvolewindowsexpedition7041.exe
[11/05/2017 06:04:46] - |A| - (.                                                                                                   - FileVoyager Setup                                        .) - [32710943] - (17.4.7.0) - Q:\FileVoyager_Setup_17.4.7.0_Full.exe
[04/05/2017 10:12:17] - |A| - (.-.) - [13499406] - (0.0.0.0) - Q:\SkinPack zune light.sfx.exe
[09/05/2017 14:47:10] - |A| - (.Copyright © 2016 Wondershare.                                                  - Wondershare TidyMyMusic Setup                            .) - [19390976] - (1.5.0.1) - Q:\tidymymusic_full1690.exe
[07/05/2017 15:17:26] - |A| - (.© 2016 Cole Williams - Windows 7 - Codec Pack.) - [40046784] - (4.1.7.109) - Q:\windows.7.codec.pack.v4.1.7.setup.exe
[05/02/2017 16:50:15] - |A| - (.Nicolas Coolman - ZHPCleane.) - [2700800] - (2017.2.5.23) - Q:\ZHPCleaner.exe
[05/02/2017 16:20:27] - |A| - (.                                                                                                   - Software Informer Setup                                  .) - [3734672] - (0.0.0.0) - Q:\siinst(1).exe
[05/02/2017 16:15:58] - |A| - (.                                                                                                   - Software Informer Setup                                  .) - [3734672] - (0.0.0.0) - Q:\siinst.exe
[05/05/2017 04:14:43] - |A| - (.-.) - [29884686] - (0.0.0.0) - Q:\SkinPack Crystal.sfx.exe
[05/05/2017 04:11:52] - |A| - (.-.) - [23099678] - (0.0.0.0) - Q:\SkinPack MeeGo.sfx.exe
[05/05/2017 04:08:33] - |A| - (.-.) - [24158350] - (0.0.0.0) - Q:\SkinPack Tango!.sfx.exe
[05/02/2017 13:08:52] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4015056] - (6.0.4.3) - Q:\adwcleaner_6.043.exe
[09/05/2017 14:41:45] - |A| - (.Copyright© 2005-2017                                                                                - Advanced SystemCare 10                                   .) - [39658392] - (10.3.0.745) - Q:\asc10-setup-aff.exe
[05/05/2017 06:29:09] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo Burning Studio 2017 Setup                       .) - [76992632] - (18.0.1.0) - Q:\ashampoo_burning_studio_2017_25270.exe
[06/05/2017 05:43:14] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo Snap 9 Setup                                    .) - [57561216] - (9.0.6.0) - Q:\ashampoo_snap_9_9.0.6_sm.exe
[09/05/2017 14:51:48] - |A| - (.                                                                                                   - Ashampoo StartUp Tuner 2 Setup                           .) - [1622680] - (2.0.0.0) - Q:\ashampoo_startup_tuner200_fm.exe
[09/05/2017 14:55:02] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo UnInstaller 6 Setup                             .) - [16316152] - (6.0.14.0) - Q:\ashampoo_uninstaller_6_6.00.14_sm.exe
[10/05/2017 19:19:02] - |A| - (.Copyright © 2017 - Java Platform SE binary.) - [738368] - (8.0.1310.11) - Q:\chromeinstall-8u131.exe
[05/02/2017 16:20:23] - |A| - (.                                                                                                   - Free Download Manager Setup                              .) - [41932064] - (0.0.0.0) - Q:\fdm5_x86_setup.exe
[09/05/2017 21:44:07] - |A| - (.Zenju - All Rights Reserved                                                                         - FreeFileSync 9.0 Setup                                   .) - [12624224] - (9.0.0.0) - Q:\FreeFileSync_9.0_Windows_Setup.exe
[10/05/2017 21:41:22] - |A| - (.Copyright © 1996-2017 Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 25.0 r0.) - [20602360] - (25.0.0.171) - Q:\install_flash_player_ppapi.exe
[07/05/2017 15:25:12] - |A| - (.                                                                                                   - KLCP Update 13.1.4 Setup                                 .) - [10228090] - (13.1.4.0) - Q:\klcp_update_1314_20170430.exe
[07/05/2017 15:28:42] - |A| - (.                                                                                                   - K-Lite Mega Codec Pack Setup                             .) - [44819912] - (13.1.0.0) - Q:\K-Lite_Codec_Pack_1310_Mega.exe
[05/02/2017 13:47:03] - |A| - (.© 2016 Malwarebytes.                                                          - Malwarebytes                                             .) - [55566792] - (3.0.6.1469) - Q:\mb3-setup-35891.35891-3.0.6.1469.exe
[05/05/2017 04:00:07] - |A| - (.Copyright (C) 2013-2015 SosVirus Software - Process Killer.) - [993192] - (8.1.17.1) - Q:\processclose_2_08.01.17.1.exe
[05/05/2017 05:15:47] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - QuickDiag.) - [2780072] - (3.5.17.1) - Q:\quickdiag_3_03.05.17.1 (1).exe
[05/05/2017 05:16:10] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - QuickDiag.) - [2780072] - (3.5.17.1) - Q:\quickdiag_3_03.05.17.1 (2).exe
[05/05/2017 05:15:19] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - QuickDiag.) - [2780072] - (3.5.17.1) - Q:\quickdiag_3_03.05.17.1.exe
[05/02/2017 12:58:53] - |A| - (.Copyright © 2016 Reason Software Company Inc. - Reason Core Security Setup.) - [6406240] - (1.2.0.1) - Q:\reason-core-security-setup.exe
[06/05/2017 19:28:41] - |A| - (.-.) - [2254264] - (0.0.0.0) - Q:\SharewareOnSale_Giveaway_Encrypt4all_Pro_hub.exe
[05/05/2017 17:34:10] - |A| - (.©  2005-2014 ClevX, LLC - Removable media anti-virus.) - [4817440] - (3.0.5.2) - Q:\DSInstall.exe
[09/05/2017 07:06:01] - |A| - (.-.) - [51] - (0.0.0.0) - Q:\cc_config.ini

S:

[14/02/2010 00:18:58] - |A| - (.Codyssey.com - StartCodySafe - Starter for CodySafe portable environment.) - [182756] - (0.2.0.3) - S:\StartCodySafe.exe
[23/03/2017 22:37:43] - |H| - (.-.) - [16] - (0.0.0.0) - S:\AUTORUN.INF

V:

[01/01/2017 15:17:08] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2624000] - (2016.12.30.255) - V:\ZHPDiag3.exe
[01/01/2017 15:17:09] - |A| - (.© 2008/2010 C_XX - SEAF.) - [498868] - (1.0.1.0) - V:\SEAF.exe
[29/12/2016 21:12:05] - |A| - (.-.) - [64] - (0.0.0.0) - V:\a2whitelist.ini
[29/12/2016 14:31:41] - |A| - (.-.) - [6226] - (0.0.0.0) - V:\a2settings.ini
[01/01/2017 15:17:10] - |SH| - (.-.) - [104] - (0.0.0.0) - V:\desktop.ini

W:

[11/06/2012 07:39:39] - |A| - (.-.) - [472466] - (0.8.0.2) - W:\Framakey.exe
[20/04/2017 07:00:25] - |A| - (.                                                                                                   - Gobihocido Setup                                         .) - [1261685] - (0.0.0.0) - W:\SkinPacks_0568074478.exe
[20/04/2017 07:09:38] - |A| - (.-.) - [25127169] - (0.0.0.0) - W:\SkinPack Nature.exe
[11/06/2012 07:39:39] - |A| - (.-.) - [2054] - (0.0.0.0) - W:\Framakey.ini

---------- | C:

[10/11/2016 16:26:48] - |HD| - [194092] - C:\$GetCurrent
[05/03/2013 01:30:20] - |SHD| - [258] - C:\$RECYCLE.BIN
[11/11/2016 13:24:20] - |D| - [176863383] - C:\AdsFix
[MD5.3349F0B5E8F7C248E74B89B39C37A13B] - [29/04/2017 21:54:18] - |A| - (.-.) - [36742] - (0.0.0.0) - C:\AdsFix.txt
[10/11/2016 21:49:12] - |D| - [1453719314] - C:\AdwCleaner
[26/04/2017 13:54:01] - |D| - [1201] - C:\AeroGlass
[02/05/2017 10:36:24] - |D| - [1902787072] - C:\AmazingSave
[10/11/2016 20:17:35] - |D| - [0] - C:\AMD
[02/08/2012 04:02:18] - |SHD| - [18220692] - C:\Boot
[MD5.21BF183C15AFE62A8D1137BB9007B2A3] - [26/07/2012 10:18:43] - |RASH| - (.-.) - [398156] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 10:18:43] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[10/11/2016 16:47:21] - |SHD| - [0] - C:\Config.Msi
[26/07/2012 09:22:08] - |SD| - [0] - C:\Documents and Settings
[MD5.23B58DEF11B45727D3351702515F86AF] - [12/05/2017 12:35:21] - |A| - (.-.) - [2] - (0.0.0.0) - C:\END
[23/04/2017 14:05:27] - |D| - [0] - C:\EverySync
[27/04/2017 10:05:45] - |D| - [3475116] - C:\FyK
[MD5.6AEEC8720342E5726CFD9F4E8E691CDD] - [27/04/2017 10:27:36] - |A| - (.-.) - [3450] - (0.0.0.0) - C:\FyK_Kill.txt
[MD5.6DA0208705E997AEC50A8F356A724339] - [01/05/2017 21:50:57] - |A| - (.-.) - [2239] - (0.0.0.0) - C:\GUDownLoaddebug.txt
[07/01/2013 13:49:41] - |RSD| - [3776986] - C:\hp
[26/04/2017 12:14:47] - |D| - [309935] - C:\Look_my_hardware
[11/11/2016 18:27:25] - |D| - [830782] - C:\MARMITON
[12/05/2017 12:35:03] - |D| - [0] - C:\Microsoft
[27/04/2017 10:34:27] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 09:30:46] - |RAS| - (.-.) - [0] - (0.0.0.0) - C:\OS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/05/2017 12:12:09] - |ASH| - (.-.) - [3892314112] - (0.0.0.0) - C:\pagefile.sys
[18/03/2017 23:03:28] - |D| - [0] - C:\PerfLogs
[11/11/2016 13:21:09] - |D| - [342644066] - C:\Pre_Scan
[MD5.CF89BFFF26E3D7A6C1B74B42B6EDA13D] - [03/05/2017 20:51:41] - |A| - (.-.) - [15218] - (0.0.0.0) - C:\Pre_Scan.txt
[MD5.9E0F42B80FE950AFB570C4729F6C0299] - [11/11/2016 20:54:33] - |RA| - (.-.) - [11250] - (0.0.0.0) - C:\Pre_Scan_11_11_2016_19_54_32.txt
[18/03/2017 23:03:28] - |RD| - [11659039637] - C:\Program Files
[18/03/2017 23:03:28] - |RD| - [23934342420] - C:\Program Files (x86)
[18/03/2017 23:03:29] - |HD| - [107306562609] - C:\ProgramData
[10/11/2016 20:27:11] - |D| - [210903993050] - C:\QuickDiag
[MD5.1D729B99E9288989AE4A4F735811B2C5] - [12/05/2017 12:55:01] - |A| - (.-.) - [429013] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.455D0DC10A9E340E226952D9CB725F96] - [28/04/2017 05:45:47] - |RA| - (.-.) - [807052] - (0.0.0.0) - C:\QuickDiag_28_04_2017_05_45_47.txt
[MD5.E9C7AA1C6B5AE24F7CBB602B4354BEA3] - [12/05/2017 11:25:13] - |A| - (.-.) - [39926753] - (0.0.0.0) - C:\QuickScript.txt
[26/04/2017 19:45:05] - |SHD| - [1006] - C:\Recovery
[MD5.87228A18FC91980CE10A09E1524DA7A8] - [14/11/2016 10:38:16] - |A| - (.-.) - [617130] - (0.0.0.0) - C:\Reflect_Install.log
[MD5.81051BCC2CF1BEDF378224B0A93E2877] - [12/05/2017 13:20:13] - |A| - (.-.) - [2] - (0.0.0.0) - C:\runcheck.txt
[25/04/2017 18:18:12] - |D| - [53742570] - C:\SkinPack
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/11/2016 15:45:31] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[02/08/2012 05:15:28] - |AD| - [1021170604] - C:\SWSETUP
[10/11/2016 15:45:30] - |SHD| - [0] - C:\System Volume Information
[01/08/2012 11:57:15] - |RASD| - [38369484] - C:\SYSTEM.SAV
[MD5.B69E8D79D7BC1613BBFB3C2B328CAC46] - [30/04/2017 18:19:34] - |A| - (.-.) - [18104] - (0.0.0.0) - C:\Trace.txt
[12/05/2017 06:11:03] - |RD| - [131735791] - C:\Unreal Commander
[11/11/2016 11:26:34] - |D| - [8700494] - C:\UsbFix
[18/03/2017 13:40:20] - |RD| - [303088316282] - C:\Users
[12/05/2017 13:01:19] - |HD| - [49297920] - C:\W7P_Backups
[18/03/2017 13:40:20] - |D| - [28232046301] - C:\Windows
[26/04/2017 19:36:46] - |D| - [116085142315] - C:\Windows.old
[10/11/2016 16:25:37] - |D| - [20702897] - C:\Windows10Upgrade
[12/05/2017 13:20:09] - |D| - [0] - C:\zoek_backup
[25/04/2017 15:20:43] - |D| - [17171] - C:\_OTM

---------- | C:\WINDOWS

[18/03/2017 23:03:29] - |D| - [802] - C:\WINDOWS\addins
[MD5.6C244522DB056F533F7595D47E17A103] - [10/05/2017 16:09:24] - |A| - (.-.) - [1249792] - (0.0.0.0) - C:\WINDOWS\aead19358f7df24ddb2ea25477c1ac3c.exe
[18/03/2017 23:03:29] - |D| - [50420633] - C:\WINDOWS\appcompat
[18/03/2017 23:03:29] - |D| - [12457918] - C:\WINDOWS\AppPatch
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness
[18/03/2017 23:03:28] - |RSD| - [2263406934] - C:\WINDOWS\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/04/2017 18:50:25] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin
[MD5.8B138ED363128BFF2C2E1E7FEA9793B4] - [01/05/2017 17:03:34] - |A| - (.-.) - [38] - (0.0.0.0) - C:\WINDOWS\avisplitter.ini
[18/03/2017 23:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr
[MD5.656C4FB61D87D920B0ED68BA29CF8083] - [18/03/2017 22:57:19] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.15063.0) - C:\WINDOWS\bfsvc.exe
[18/03/2017 23:03:29] - |D| - [38042947] - C:\WINDOWS\Boot
[MD5.7DD508A94CD81AB7FA5EEA48713E4902] - [26/04/2017 18:49:14] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[18/03/2017 23:03:29] - |D| - [2447960] - C:\WINDOWS\Branding
[18/03/2017 22:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.F471CF70EE6D49C5650A4D5295531435] - [20/03/2017 07:12:07] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml
[18/03/2017 23:03:29] - |D| - [9620220] - C:\WINDOWS\Cursors
[18/03/2017 23:03:29] - |D| - [29409755] - C:\WINDOWS\debug
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/04/2017 20:15:35] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[18/03/2017 23:03:29] - |D| - [4450554] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/04/2017 20:15:35] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.57F716609A45CBC5B15C65981F6B4E89] - [29/04/2017 09:20:55] - |A| - (.-.) - [64] - (0.0.0.0) - C:\WINDOWS\diskpt.crt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/04/2017 20:57:52] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\diskpt.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/04/2017 20:57:52] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\diskptex.dat
[05/05/2017 13:28:07] - |D| - [76365824] - C:\WINDOWS\Downloaded Installations
[18/03/2017 23:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[18/03/2017 23:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP
[20/03/2017 07:10:26] - |D| - [0] - C:\WINDOWS\en-US
[MD5.6314A1E16B2B6D2E0E3FE65C9BA7BD73] - [26/04/2017 19:34:26] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4848440] - (10.0.15063.168) - C:\WINDOWS\explorer.exe
[18/03/2017 23:03:29] - |RSD| - [365919236] - C:\WINDOWS\Fonts
[20/03/2017 07:10:26] - |D| - [109056] - C:\WINDOWS\fr-FR
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[18/03/2017 23:03:29] - |D| - [45966826] - C:\WINDOWS\Globalization
[18/03/2017 23:03:29] - |D| - [1598646] - C:\WINDOWS\Help
[MD5.F8D8ED24ECA8D9C7A9FDD38C30DFFB49] - [18/03/2017 22:57:30] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.0) - C:\WINDOWS\HelpPane.exe
[MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 22:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe
[20/03/2017 07:11:49] - |D| - [14071088] - C:\WINDOWS\HoloShell
[18/03/2017 23:03:29] - |D| - [173056880] - C:\WINDOWS\IME
[18/03/2017 23:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel
[18/03/2017 23:01:21] - |D| - [134417969] - C:\WINDOWS\INF
[18/03/2017 23:03:29] - |D| - [1171230124] - C:\WINDOWS\InfusedApps
[18/03/2017 23:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod
[18/03/2017 23:03:29] - |SHD| - [2938437136] - C:\WINDOWS\Installer
[27/04/2017 15:07:30] - |D| - [0] - C:\WINDOWS\IObit
[18/03/2017 23:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[18/03/2017 13:40:24] - |D| - [32549679] - C:\WINDOWS\Logs
[18/03/2017 23:03:29] - |RSD| - [20316123] - C:\WINDOWS\Media
[MD5.F022E65DD130CB007AE4E0115BA8ACE1] - [02/05/2017 14:42:04] - |A| - (.-.) - [639868532] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 22:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[18/03/2017 23:03:28] - |RD| - [980072566] - C:\WINDOWS\Microsoft.NET
[18/03/2017 23:03:29] - |D| - [2751] - C:\WINDOWS\Migration
[02/05/2017 14:42:10] - |D| - [2137412] - C:\WINDOWS\Minidump
[18/03/2017 23:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe
[20/03/2017 07:11:22] - |D| - [199472] - C:\WINDOWS\OCR
[18/03/2017 23:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[26/04/2017 16:34:14] - |DC| - [255377152] - C:\WINDOWS\Panther
[MD5.F007C4273BA24B52A56387E899311DB7] - [24/04/2017 09:23:13] - |A| - (.Eastman Kodak Company Copyright 1995 - PCDLIB32.) - [212480] - (3.0.0.0) - C:\WINDOWS\pcdlib32.dll
[18/03/2017 23:03:29] - |D| - [29314434] - C:\WINDOWS\Performance
[MD5.032483C3515CBC4FD7CB8D3427A927AF] - [02/05/2017 09:41:53] - |A| - (.-.) - [386088] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[MD5.1B2C7EFB196140F81412A308E7F507FA] - [24/04/2017 10:24:44] - |A| - (.-.) - [21] - (0.0.0.0) - C:\WINDOWS\PI4_setup.ini
[18/03/2017 23:03:29] - |D| - [1136442] - C:\WINDOWS\PLA
[18/03/2017 23:03:29] - |D| - [2730616] - C:\WINDOWS\PolicyDefinitions
[26/04/2017 18:48:40] - |D| - [35359123] - C:\WINDOWS\Prefetch
[18/03/2017 23:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog
[MD5.09394999ADB19901C665454EE964B13C] - [26/04/2017 16:24:33] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini
[18/03/2017 23:03:29] - |D| - [2883564] - C:\WINDOWS\Provisioning
[MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 22:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe
[18/03/2017 23:03:29] - |D| - [1095144] - C:\WINDOWS\Registration
[18/03/2017 23:03:29] - |D| - [8523324] - C:\WINDOWS\Resources
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\SchCache
[18/03/2017 23:03:29] - |D| - [121229] - C:\WINDOWS\schemas
[18/03/2017 23:03:29] - |D| - [3547136] - C:\WINDOWS\security
[26/04/2017 19:26:27] - |D| - [38855639] - C:\WINDOWS\ServiceProfiles
[18/03/2017 13:40:20] - |D| - [60335416] - C:\WINDOWS\servicing
[18/03/2017 23:06:43] - |D| - [349] - C:\WINDOWS\Setup
[MD5.7CE3FB6E3BFBD7E49ABCA28EAD35459C] - [02/05/2017 09:57:18] - |A| - (.-.) - [6224] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/05/2017 09:57:18] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[18/03/2017 23:03:29] - |D| - [41942528] - C:\WINDOWS\ShellExperiences
[12/11/2016 16:30:14] - |D| - [5151] - C:\WINDOWS\ShellNew
[20/03/2017 07:11:06] - |D| - [3070736] - C:\WINDOWS\SKB
[12/11/2016 10:01:33] - |D| - [196479749] - C:\WINDOWS\SoftwareDistribution
[18/03/2017 23:03:29] - |D| - [86037185] - C:\WINDOWS\Speech
[18/03/2017 23:03:29] - |D| - [58890509] - C:\WINDOWS\Speech_OneCore
[MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 22:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe
[12/11/2016 14:22:54] - |D| - [11776] - C:\WINDOWS\symbols
[18/03/2017 23:03:29] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [12/11/2016 09:22:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[18/03/2017 13:40:20] - |D| - [8842441266] - C:\WINDOWS\System32
[18/03/2017 23:03:29] - |D| - [189881188] - C:\WINDOWS\SystemApps
[18/03/2017 23:03:29] - |D| - [19463439] - C:\WINDOWS\SystemResources
[18/03/2017 13:40:24] - |D| - [1545841423] - C:\WINDOWS\SysWOW64
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\TAPI
[12/11/2016 09:22:36] - |D| - [8314] - C:\WINDOWS\Tasks
[18/03/2017 23:03:29] - |D| - [159058804] - C:\WINDOWS\Temp
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\tracing
[18/03/2017 23:03:29] - |D| - [43083340] - C:\WINDOWS\twain_32
[MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 22:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[MD5.4CCA7CD0B3E890F743B3DEC113581406] - [10/05/2017 16:09:24] - |A| - (.-.) - [51628] - (0.0.0.0) - C:\WINDOWS\uninstaller.dat
[MD5.5D5FC880C46C1F08D72464250C8B0D70] - [01/03/2015 00:22:50] - |A| - (.Copyright (c) 2014 - Unsigned Themes service executable.) - [22184] - (0.2.4.1) - C:\WINDOWS\unsignedthemes.exe
[MD5.E6E7ED3CEEBFC47D7C23F71665110432] - [24/04/2017 09:40:59] - |A| - (.-.) - [433] - (0.0.0.0) - C:\WINDOWS\videoimp.ini
[MD5.1B2C7EFB196140F81412A308E7F507FA] - [24/04/2017 09:23:20] - |A| - (.-.) - [21] - (0.0.0.0) - C:\WINDOWS\VI_setup.ini
[18/03/2017 23:03:29] - |D| - [12420] - C:\WINDOWS\Vss
[MD5.3135B6A59B0BDAD940AF864F9917E4E2] - [29/12/2016 10:21:02] - |A| - (.-.) - [97784] - (0.0.0.0) - C:\WINDOWS\vssMgr.exe
[MD5.C359BEE82D7DAA2D8D9759A2841A1C82] - [05/05/2017 12:59:06] - |A| - (.-.) - [12146] - (0.0.0.0) - C:\WINDOWS\W7Patcher_x64_Uninstall.log
[18/03/2017 23:03:30] - |D| - [16422365] - C:\WINDOWS\Web
[MD5.3E871300AD274CEA32DFCD4AB3901D45] - [12/11/2016 09:22:43] - |A| - (.-.) - [128] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 22:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [02/05/2017 09:42:28] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 22:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe
[18/03/2017 13:40:20] - |D| - [7524020154] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 22:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe
[MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 13:17:42] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\xlkfs.log
[MD5.48423656A17FE1DB778E66FFA96BAD84] - [14/11/2016 10:12:55] - |A| - (.-.) - [99525] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.E5562BC017FD6F149FF47FB6EAF93291] - [14/11/2016 10:12:48] - |A| - (.-.) - [63433] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[05/05/2017 13:28:08] - C:\WINDOWS\Installer\138ded.msi : (PDQ Deploy - Admin Arsenal)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2017 13:29:15] - C:\WINDOWS\Installer\138df0.msi : (PDQ Inventory - Admin Arsenal)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:36:17] - C:\WINDOWS\Installer\19afc4.msi : (AntimalwareEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:41:42] - C:\WINDOWS\Installer\19afcb.msi : (FirewallEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:43:59] - C:\WINDOWS\Installer\19afd2.msi : (ProxyEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:45:56] - C:\WINDOWS\Installer\19afd9.msi : (OnlineThreatsEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:46:53] - C:\WINDOWS\Installer\19afe0.msi : (AntispamEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 10:47:10] - C:\WINDOWS\Installer\19afe7.msi : (AvcEngine - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/11/2016 22:53:00] - C:\WINDOWS\Installer\1bd715.msi : (Rebit Pro - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/04/2017 23:00:10] - C:\WINDOWS\Installer\1e4100.msi : ( - Sanwhole)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/05/2017 20:42:05] - C:\WINDOWS\Installer\218d823.msi : (FoxitSpellCheck - Foxit Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/05/2017 20:41:00] - C:\WINDOWS\Installer\218d826.msi : (FileOpen - Foxit Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/11/2009 17:00:00] - C:\WINDOWS\Installer\23dcc0c.msi : ( - Lukas Fellechner)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/05/2017 07:11:33] - C:\WINDOWS\Installer\3244f7.msi : (Fast HTML Checker - WebTweakTools.com)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/06/2016 20:57:14] - C:\WINDOWS\Installer\38dda8.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/06/2016 21:10:27] - C:\WINDOWS\Installer\38ddac.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2011 20:36:38] - C:\WINDOWS\Installer\38ddb3.msi : ( - DivX, Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/06/2016 21:30:13] - C:\WINDOWS\Installer\38ddb7.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/06/2016 21:33:02] - C:\WINDOWS\Installer\38ddbb.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/05/2017 13:50:47] - C:\WINDOWS\Installer\3e481c0.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/04/2017 11:35:38] - C:\WINDOWS\Installer\42fab6e.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2017 09:05:42] - C:\WINDOWS\Installer\46a8d78.msi : (SearchGUARDIAN - UTILILAB GmbH)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/04/2017 04:44:00] - C:\WINDOWS\Installer\482399e.msi : (Epson Software Updater - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/04/2017 21:11:08] - C:\WINDOWS\Installer\4a0ad7.msi : (Blank Project Template - adaware)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:24] - C:\WINDOWS\Installer\528ea.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 10:49:56] - C:\WINDOWS\Installer\528f0.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:16] - C:\WINDOWS\Installer\528f6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:22] - C:\WINDOWS\Installer\528fc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:30] - C:\WINDOWS\Installer\52902.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:36] - C:\WINDOWS\Installer\52908.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:44] - C:\WINDOWS\Installer\5290e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:52] - C:\WINDOWS\Installer\52914.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:00] - C:\WINDOWS\Installer\5291a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:06] - C:\WINDOWS\Installer\52920.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:16] - C:\WINDOWS\Installer\52926.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:22] - C:\WINDOWS\Installer\5292c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:30] - C:\WINDOWS\Installer\52932.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:38] - C:\WINDOWS\Installer\52938.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:46] - C:\WINDOWS\Installer\5293e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:54] - C:\WINDOWS\Installer\52944.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:02] - C:\WINDOWS\Installer\5294a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:10] - C:\WINDOWS\Installer\52950.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:18] - C:\WINDOWS\Installer\52956.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:26] - C:\WINDOWS\Installer\5295c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:34] - C:\WINDOWS\Installer\52962.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:42] - C:\WINDOWS\Installer\52968.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:50] - C:\WINDOWS\Installer\5296e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:58] - C:\WINDOWS\Installer\52974.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:06] - C:\WINDOWS\Installer\5297a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:40] - C:\WINDOWS\Installer\52980.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:07:30] - C:\WINDOWS\Installer\52986.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:12] - C:\WINDOWS\Installer\5298c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/04/2017 22:34:04] - C:\WINDOWS\Installer\56687b.msi : ( - Sanwhole)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:24] - C:\WINDOWS\Installer\646d7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 10:49:56] - C:\WINDOWS\Installer\646df.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:16] - C:\WINDOWS\Installer\646e7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:22] - C:\WINDOWS\Installer\646ef.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:30] - C:\WINDOWS\Installer\646f7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:36] - C:\WINDOWS\Installer\646ff.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:44] - C:\WINDOWS\Installer\64707.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:52] - C:\WINDOWS\Installer\6470f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:00] - C:\WINDOWS\Installer\64717.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:06] - C:\WINDOWS\Installer\6471f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:16] - C:\WINDOWS\Installer\64727.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:22] - C:\WINDOWS\Installer\6472f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:30] - C:\WINDOWS\Installer\64737.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:38] - C:\WINDOWS\Installer\6473f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:46] - C:\WINDOWS\Installer\64747.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:04:54] - C:\WINDOWS\Installer\6474f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:02] - C:\WINDOWS\Installer\64757.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:10] - C:\WINDOWS\Installer\6475f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:18] - C:\WINDOWS\Installer\64767.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:26] - C:\WINDOWS\Installer\6476f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:34] - C:\WINDOWS\Installer\64777.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:42] - C:\WINDOWS\Installer\6477f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:50] - C:\WINDOWS\Installer\64787.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:05:58] - C:\WINDOWS\Installer\6478f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:06] - C:\WINDOWS\Installer\64797.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:06:40] - C:\WINDOWS\Installer\6479f.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:07:30] - C:\WINDOWS\Installer\647a7.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 20:03:12] - C:\WINDOWS\Installer\647af.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/03/2015 00:23:12] - C:\WINDOWS\Installer\664730d.msi : (UxStyle - The Within Network, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/09/2015 15:21:54] - C:\WINDOWS\Installer\666bd76.msi : (Jing - TechSmith Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2016 11:52:05] - C:\WINDOWS\Installer\686e81.msi : (e-Carte Bleue LCL - e-Carte Bleue LCL)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:29:56] - C:\WINDOWS\Installer\69f2519.msi : (Caisse Epargne - e-Carte Bleue Caisse d'Epargne)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:42:34] - C:\WINDOWS\Installer\6ab0003.msi : (Autorun File Remover - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:47:25] - C:\WINDOWS\Installer\6ab0006.msi : (Advanced Windows Service Manager - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:51:10] - C:\WINDOWS\Installer\6ab0009.msi : (Google Ad Blocker - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:52:42] - C:\WINDOWS\Installer\6ab000c.msi : (Spy BHO Remover - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 10:56:42] - C:\WINDOWS\Installer\6ab000f.msi : (SX Antivirus Kit - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/01/2017 18:05:59] - C:\WINDOWS\Installer\6ab0012.msi : (SX Blocker Suite - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/01/2017 16:36:24] - C:\WINDOWS\Installer\6ab0015.msi : (SX Network Suite - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 11:06:19] - C:\WINDOWS\Installer\6ab0018.msi : (SX System Suite - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/04/2017 11:09:53] - C:\WINDOWS\Installer\6ab001b.msi : (SX WiFi Security Suite - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2017 19:41:32] - C:\WINDOWS\Installer\6b0ab6d.msi : (YouTube Video Ad Blocker - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2017 19:42:28] - C:\WINDOWS\Installer\6b0ab70.msi : (VirusTotal Scanner - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2017 19:43:23] - C:\WINDOWS\Installer\6b0ab73.msi : (uTorrent AD Remover - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2016 13:09:58] - C:\WINDOWS\Installer\729c084.msi : (Epson Event Manager - Seiko Epson Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2016 13:20:00] - C:\WINDOWS\Installer\729c08c.msi : (MyEpson Portal Setup - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/03/2016 01:00:00] - C:\WINDOWS\Installer\729c094.msi : ( -)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/10/2016 22:00:00] - C:\WINDOWS\Installer\72bd7b.msi : (WinZip Compression Utility - Copyright (c) 1991-2016 VAPC (Lux) S.a.r.L.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/05/2016 15:59:07] - C:\WINDOWS\Installer\a0904e9.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/04/2017 02:12:43] - C:\WINDOWS\Installer\a57685b.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 01:34:20] - C:\WINDOWS\Installer\c525d4c.msi : (LWS Help_main - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:18] - C:\WINDOWS\Installer\c525d54.msi : (LWS Webcam Software - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:16] - C:\WINDOWS\Installer\c525d5c.msi : (CameraHelperMsi - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2012 19:55:20] - C:\WINDOWS\Installer\c525d6c.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/07/2012 00:15:18] - C:\WINDOWS\Installer\c525d74.msi : (LWS Facebook - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:19:08] - C:\WINDOWS\Installer\c525d7c.msi : (LWS Gallery - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 01:36:58] - C:\WINDOWS\Installer\c6d966a.msi : (LWS Launcher - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:12] - C:\WINDOWS\Installer\c6d9672.msi : (LWS Motion Detection - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:22] - C:\WINDOWS\Installer\c6d967a.msi : (LWS Pictures And Video - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2011 04:51:16] - C:\WINDOWS\Installer\c6d9682.msi : (LWS Twitter - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/06/2011 05:26:48] - C:\WINDOWS\Installer\c6d968a.msi : (LWS WLM Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2011 00:14:28] - C:\WINDOWS\Installer\c6d9692.msi : (LWS YouTube Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2016 13:51:42] - C:\WINDOWS\Installer\d5be64.msi : (Laplink PCmover Professional - Laplink Software, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/06/2016 05:44:30] - C:\WINDOWS\Installer\e89933.msi : (PreEmptive Solutions provides analytics, obfuscation, tamper defense, and shelf life. - PreEmptive Solutions LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/06/2016 05:44:08] - C:\WINDOWS\Installer\e8993b.msi : (Les services d'instrumentation post-build PreEmptive Solutions offrent des fonctions d'obfuscation, de protection contre la falsification, de durée de conservation et d'exécution. - PreEmptive Solutions LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/06/2015 04:09:05] - C:\WINDOWS\Installer\e89943.msi : (PreEmptive Analytics Visual Studio Components - PreEmptive Solutions)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/06/2015 04:11:26] - C:\WINDOWS\Installer\e8994b.msi : (PreEmptive Analytics Client French Language Pack - PreEmptive Solutions)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 11:59:32] - C:\WINDOWS\Installer\fc0e02.msi : (Silent Install Builder 5 - Aprel Tech, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/05/2017 13:50:46] - C:\WINDOWS\Installer\reflect_setupv6.3.1745-x64-00.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/04/2017 18:52:21] - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe     () - ()
[27/04/2017 10:39:12] - [59352] - C:\WINDOWS\Installer\{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[26/04/2017 18:52:09] - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe     () - ()
[25/04/2017 19:42:03] - [167036] - C:\WINDOWS\Installer\{07CF5846-FAEA-4A01-8B70-9014216AA707}\SystemFoldermsiexec.exe     () - ()
[25/04/2017 19:42:03] - [154677] - C:\WINDOWS\Installer\{07CF5846-FAEA-4A01-8B70-9014216AA707}\VistaUACMaker.exe     () - ()
[26/04/2017 18:52:02] - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe     () - ()
[28/04/2017 14:21:45] - [25214] - C:\WINDOWS\Installer\{08C03D14-B619-4CD6-938F-C2BB569364E0}\_6FEFF9B68218417F98F549.exe     () - ()
[28/04/2017 14:21:45] - [25214] - C:\WINDOWS\Installer\{08C03D14-B619-4CD6-938F-C2BB569364E0}\_E12803CE05B6ADEA321A01.exe     () - ()
[26/04/2017 18:51:53] - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:51:56] - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:00] - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:04] - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe     () - ()
[25/04/2017 19:43:41] - [167036] - C:\WINDOWS\Installer\{22CAD597-F1DB-4045-9CEC-0256478424C3}\SystemFoldermsiexec.exe     () - ()
[25/04/2017 19:43:41] - [187077] - C:\WINDOWS\Installer\{22CAD597-F1DB-4045-9CEC-0256478424C3}\VistaUACMaker.exe     () - ()
[26/04/2017 18:52:13] - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe     () - ()
[27/04/2017 10:46:39] - [59352] - C:\WINDOWS\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[26/04/2017 18:52:05] - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe     () - ()
[25/04/2017 09:06:23] - [5430] - C:\WINDOWS\Installer\{313FC459-42E4-4F49-9053-E6A7D6456ACC}\main_1.exe     () - ()
[25/04/2017 09:06:23] - [14534] - C:\WINDOWS\Installer\{313FC459-42E4-4F49-9053-E6A7D6456ACC}\SystemFolder_msiexec.exe     () - ()
[26/04/2017 18:52:01] - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:18] - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 11:00:38] - [162342] - C:\WINDOWS\Installer\{35AB7D6C-C217-4470-B2D7-021291708FF4}\SXPasswordDumpSuite.exe     () - ()
[29/04/2017 11:00:39] - [167036] - C:\WINDOWS\Installer\{35AB7D6C-C217-4470-B2D7-021291708FF4}\SystemFoldermsiexec.exe     () - ()
[27/04/2017 10:48:09] - [59352] - C:\WINDOWS\Installer\{3E5BEF30-3962-4B47-AECA-937B6CBB0A68}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[25/04/2017 19:43:00] - [165365] - C:\WINDOWS\Installer\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}\GooglePasswordDecryptor.exe     () - ()
[25/04/2017 19:43:00] - [167036] - C:\WINDOWS\Installer\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}\SystemFoldermsiexec.exe     () - ()
[27/04/2017 15:51:45] - [197853] - C:\WINDOWS\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011}\AdvancedInstaller.exe     () - ()
[27/04/2017 15:51:45] - [22486] - C:\WINDOWS\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011}\ext.exe     () - ()
[27/04/2017 15:51:45] - [49334] - C:\WINDOWS\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011}\ext_1.exe     () - ()
[01/05/2017 13:52:55] - [43646] - C:\WINDOWS\Installer\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}\ImgToVHD.exe     () - ()
[01/05/2017 13:52:55] - [19942] - C:\WINDOWS\Installer\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}\xReflect.exe     () - ()
[29/04/2017 10:53:42] - [372526] - C:\WINDOWS\Installer\{5DD7489B-EC46-47AF-BB68-22F47253228B}\BHORemover.exe     () - ()
[29/04/2017 10:53:42] - [167036] - C:\WINDOWS\Installer\{5DD7489B-EC46-47AF-BB68-22F47253228B}\SystemFoldermsiexec.exe     () - ()
[04/05/2017 11:00:14] - [410598] - C:\WINDOWS\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2}\_269978E4F928B201F70A39.exe     () - ()
[04/05/2017 11:00:14] - [410598] - C:\WINDOWS\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2}\_435336CC62D6F4F60EBF9C.exe     () - ()
[04/05/2017 11:00:14] - [4710] - C:\WINDOWS\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2}\_A8DAF100E4417D79709043.exe     () - ()
[26/04/2017 18:51:45] - [88102] - C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:51:59] - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:19] - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe     () - ()
[04/05/2017 19:37:07] - [733166] - C:\WINDOWS\Installer\{7BA87AB0-2055-11E7-8E16-000C2992F709}\IconName.exe     () - ()
[27/04/2017 10:47:03] - [59352] - C:\WINDOWS\Installer\{7DE129E5-BB4A-4517-A6CD-C69EEB346781}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[27/04/2017 10:44:52] - [59352] - C:\WINDOWS\Installer\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[26/04/2017 18:52:07] - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 09:28:54] - [316416] - C:\WINDOWS\Installer\{8C784F8B-89D0-4A59-A000-7EEF129E1574}\IconA17C9A58.exe     () - ()
[26/04/2017 18:52:17] - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 10:43:22] - [123790] - C:\WINDOWS\Installer\{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}\GooglePasswordDecryptor.exe     () - ()
[29/04/2017 10:43:22] - [167036] - C:\WINDOWS\Installer\{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}\SystemFoldermsiexec.exe     () - ()
[15/11/2016 11:43:46] - [291445] - C:\WINDOWS\Installer\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:15] - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe     () - ()
[02/05/2017 17:29:41] - [372526] - C:\WINDOWS\Installer\{925B61EB-DB5A-482E-9620-F1B67BC88393}\_099289D542249C20F0963D.exe     () - ()
[02/05/2017 17:29:41] - [372526] - C:\WINDOWS\Installer\{925B61EB-DB5A-482E-9620-F1B67BC88393}\_4116E4E2A383BA28D38B7C.exe     () - ()
[02/05/2017 17:29:41] - [4710] - C:\WINDOWS\Installer\{925B61EB-DB5A-482E-9620-F1B67BC88393}\_9228CC65AA447ED20B0631.exe     () - ()
[12/11/2016 15:39:44] - [216358] - C:\WINDOWS\Installer\{94E1227C-08A9-4962-B388-1F05D89AEA75}\MSDeployIcon.exe     () - ()
[29/04/2017 11:03:58] - [183363] - C:\WINDOWS\Installer\{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}\sxnetworksuite.exe     () - ()
[29/04/2017 11:03:59] - [167036] - C:\WINDOWS\Installer\{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}\SystemFoldermsiexec.exe     () - ()
[13/11/2016 19:25:35] - [1241296] - C:\WINDOWS\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe     (Copyright (C) 2011) - (EProjManager Application)
[26/04/2017 18:52:10] - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:16] - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe     () - ()
[27/04/2017 10:42:49] - [59352] - C:\WINDOWS\Installer\{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[15/11/2016 11:55:14] - [75223] - C:\WINDOWS\Installer\{ADD5DB49-72CF-11D8-9D75-000129760D75}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:31] - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:12] - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 10:58:21] - [197719] - C:\WINDOWS\Installer\{BBD54A11-C598-4789-8F12-AA189B3374C2}\SXAntivirusKit.exe     () - ()
[29/04/2017 10:58:21] - [167036] - C:\WINDOWS\Installer\{BBD54A11-C598-4789-8F12-AA189B3374C2}\SystemFoldermsiexec.exe     () - ()
[26/04/2017 21:20:11] - [358360] - C:\WINDOWS\Installer\{BECD7155-DC57-4F89-B1A8-A90B033C6209}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[26/04/2017 18:52:08] - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:51:57] - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe     () - ()
[15/11/2016 11:37:07] - [97873] - C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:10] - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe     () - ()
[12/11/2016 12:05:44] - [429568] - C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}\IconCD95F66111.exe     () - ()
[12/11/2016 12:05:44] - [230400] - C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}\IconCD95F66112.exe     () - ()
[12/11/2016 12:05:44] - [316928] - C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}\IconCD95F66114.exe     () - ()
[12/11/2016 12:05:45] - [374272] - C:\WINDOWS\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}\IconCD95F66117.exe     () - ()
[14/11/2016 08:53:30] - [212024] - C:\WINDOWS\Installer\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 11:08:40] - [195098] - C:\WINDOWS\Installer\{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}\sxsystemsuite.exe     () - ()
[29/04/2017 11:08:41] - [167036] - C:\WINDOWS\Installer\{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}\SystemFoldermsiexec.exe     () - ()
[27/04/2017 10:54:17] - [358360] - C:\WINDOWS\Installer\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[27/04/2017 10:54:17] - [358360] - C:\WINDOWS\Installer\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}\NewShortcut1_9D26517437AB43F988CAFF4AC3CA05DE.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[27/04/2017 10:54:17] - [358360] - C:\WINDOWS\Installer\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}\NewShortcut6_46B5678CC4A24F4AA166FBA0D99B16EE.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[29/04/2017 10:30:21] - [56568] - C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A}\ARPPRODUCTICON.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[29/04/2017 10:30:21] - [56568] - C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A}\NewShortcut11_3A13657E2A9B474C9CBE8FC99A3952AD.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[29/04/2017 10:30:21] - [56568] - C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A}\NewShortcut1_668AB6C34E564B2590F1D18F53BCB9E4.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[29/04/2017 10:30:21] - [56568] - C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A}\UNINST_Uninstall_C_A54A9B508C1B4A67A668BB79335F88A9.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[12/11/2016 11:53:42] - [89312] - C:\WINDOWS\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}\ARPPRODUCTICON.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[12/11/2016 11:53:43] - [89312] - C:\WINDOWS\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}\NewShortcut11_E6B283D8175F4BC19FC17F65EFE4B744.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[12/11/2016 11:53:42] - [89312] - C:\WINDOWS\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}\NewShortcut1_829796642B0B4A4B97CC2E54446112B8.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[12/11/2016 11:53:42] - [56544] - C:\WINDOWS\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}\UNINST_Uninstall_L_9763391B70144C79B9921EEF1464E058.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[29/04/2017 10:51:57] - [167036] - C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\SystemFoldermsiexec.exe     () - ()
[29/04/2017 10:51:57] - [123790] - C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\VistaUACMaker.exe     () - ()
[15/11/2016 11:56:44] - [82613] - C:\WINDOWS\Installer\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 10:48:18] - [167036] - C:\WINDOWS\Installer\{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}\SystemFoldermsiexec.exe     () - ()
[29/04/2017 10:48:18] - [132914] - C:\WINDOWS\Installer\{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}\WinServiceManager.exe     () - ()
[26/04/2017 18:52:23] - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:11] - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe     () - ()
[26/04/2017 18:52:00] - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe     () - ()
[29/04/2017 11:11:51] - [183914] - C:\WINDOWS\Installer\{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}\APPDIR_1.exe     () - ()
[29/04/2017 11:11:51] - [167036] - C:\WINDOWS\Installer\{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}\SystemFoldermsiexec.exe     () - ()
[12/11/2016 13:52:52] - [134817] - C:\WINDOWS\Installer\{F8C774EE-B937-4694-9BE4-D20167FCF20F}\ARPPRODUCTICON.exe     () - ()
[12/11/2016 13:52:52] - [176128] - C:\WINDOWS\Installer\{F8C774EE-B937-4694-9BE4-D20167FCF20F}\FR_DskTp_ShrtCt_6242ECAD76714BAA83F0791073A22A60.exe     (Copyright (C) 2006 Macrovision Corporation) - (InstallShield)
[12/11/2016 13:52:52] - [176128] - C:\WINDOWS\Installer\{F8C774EE-B937-4694-9BE4-D20167FCF20F}\FR_PCm_Mnu_ShrtCt_6242ECAD76714BAA83F0791073A22A60.exe     (Copyright (C) 2006 Macrovision Corporation) - (InstallShield)
[12/11/2016 13:52:52] - [65536] - C:\WINDOWS\Installer\{F8C774EE-B937-4694-9BE4-D20167FCF20F}\Fr_StartUpThis_Shr_6242ECAD76714BAA83F0791073A22A60.exe     (Copyright (C) 2006 Macrovision Corporation) - (InstallShield)
[26/04/2017 18:51:58] - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe     () - ()

---------- | %System%\*.in*

[18/03/2017 22:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[26/10/2012 17:42:24] - [29494] - C:\WINDOWS\System32\lvcoin64.ini
[26/04/2017 18:52:14] - [3067976] - C:\WINDOWS\System32\PerfStringBackup.INI
[18/03/2017 22:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[18/03/2017 22:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[18/03/2017 22:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[26/04/2017 18:52:03] - [1978024] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[18/03/2017 22:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1.36 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
[MD5.5168D79177585FF036B6B44D9E3B875F] - |A| - [12/11/2016 16:14:01] - (.-.) - [1.36 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\Custom\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb
[MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 22:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.3AB7AF6B50ABA6A542330F6D57069C9B] - |A| - [12/05/2017 04:32:50] - (.-.) - [549.65 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 02:42:31] - [0 Ko] - C:\WINDOWS\Temp\15bc4625-cf65-47d5-84cc-1472b126cfc0
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 23:53:44] - [0 Ko] - C:\WINDOWS\Temp\1665fb1a-abc9-4da3-8c59-b39bc4b53cfe
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 22:36:09] - [0 Ko] - C:\WINDOWS\Temp\2adfc264-0131-44df-99b4-918d5ebd6a11
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 10:19:45] - [0 Ko] - C:\WINDOWS\Temp\5AD4655A-EBB2-4046-8A9E-BB175516B31D-Sigs
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 01:40:29] - [0 Ko] - C:\WINDOWS\Temp\63044c13-bf4c-41ee-af88-08b251081aa9
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 10:14:45] - [0 Ko] - C:\WINDOWS\Temp\a6d694d3-afad-43c3-899a-1a9639cdc54f
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 07:41:56] - [0 Ko] - C:\WINDOWS\Temp\a91047e4-3944-4125-862e-e8e9a35bcdf6
[MD5.E209738513585C4C51785006541F4467] - |AT| - [05/05/2017 11:46:16] - (.-.) - [52.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.0kspkmodpxnzrvmha3q6iiecc.tmp
[MD5.A7F7FC1B2D04D3B3F1572CB51ED102C1] - |AT| - [05/05/2017 11:46:24] - (.-.) - [11.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.1yvaz4znbj5wew_j8r04n_umb.tmp
[MD5.04D4559076A704778F5E8526B344A5EE] - |AT| - [05/05/2017 11:45:53] - (.-.) - [14.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.32ynf3i4867h9d1ay09b76lrf.tmp
[MD5.D6E147B83D04B6CEFC72F778679D2006] - |AT| - [05/05/2017 11:45:53] - (.-.) - [10.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.7n8_5vkxpnqq5su8pfwziivgf.tmp
[MD5.00BAF58A066378AD2FDD1AB3EF2BCFC1] - |AT| - [05/05/2017 11:46:16] - (.-.) - [10.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.aa7_o4toek04qt2byxmn56d6g.tmp
[MD5.88C3DB71CE7EA8570FC029CF091389F2] - |AT| - [05/05/2017 11:46:16] - (.-.) - [248.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.cni9fmmelpdvj4gs4ryrud1j.tmp
[MD5.A3CFB665637858DCB041DDA637EECB78] - |AT| - [05/05/2017 13:38:54] - (.-.) - [6.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.f4vncar6z1f1i9lgxhe9zdscd.tmp
[MD5.A3CFB665637858DCB041DDA637EECB78] - |AT| - [05/05/2017 11:46:21] - (.-.) - [6.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.jhq70mif6wmtn3h2izpnlh4pf.tmp
[MD5.D05A6695F5A60906C8102016C45DFEB7] - |AT| - [05/05/2017 13:38:54] - (.-.) - [10.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.rr9bb1szskma1b72vdy35vggf.tmp
[MD5.253653DBBE7CB0F59D39D8C7C66BC6E0] - |AT| - [05/05/2017 13:38:54] - (.-.) - [10.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.tj4319f2hh76h85ad0ch8v2be.tmp
[MD5.764617AFC1C080403624B9F5C854630B] - |AT| - [05/05/2017 13:38:54] - (.-.) - [729.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.tuvs4wi3votf_7ked59d4r65g.tmp
[MD5.D05A6695F5A60906C8102016C45DFEB7] - |AT| - [05/05/2017 11:46:21] - (.-.) - [10.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.uy3ak4z9nlx8p_5ru48_bhqub.tmp
[MD5.D5A3FEA2FC267836707C3C06826CFB1C] - |AT| - [05/05/2017 11:46:16] - (.-.) - [19.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.v5q_fuzneadamzzsv4xtyjbnh.tmp
[MD5.764617AFC1C080403624B9F5C854630B] - |AT| - [05/05/2017 11:46:21] - (.-.) - [729.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.vl7soq16vxo72bopvvt_6jn_c.tmp
[MD5.253653DBBE7CB0F59D39D8C7C66BC6E0] - |AT| - [05/05/2017 11:46:21] - (.-.) - [10.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.vz3z98i_qj305t0jr5riea0sf.tmp
[MD5.028D8237A5A830DFD2862309BEAC6331] - |AT| - [05/05/2017 11:46:24] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.w536up5gkrfwfv43ulb8i6sqe.tmp
[MD5.6CBF800AE0C0C4BCC707B68969356E02] - |AT| - [05/05/2017 11:46:24] - (.-.) - [10.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.wvd6icg0s8w3av4bmwjnk4bk.tmp
[MD5.4FFED75FEC879490AD6DD83C99C9CCFF] - |AT| - [05/05/2017 11:45:53] - (.-.) - [0.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.z8jfhd6jk8jrlvjh3t1jggo7d.tmp
[MD5.F715C4866634EF5CC72CFED44D78A304] - |AT| - [05/05/2017 11:46:24] - (.-.) - [4.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX._hrrb7ee5zy87867g9wvd40ab.tmp
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 23:59:22] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 06:39:25] - [0 Ko] - C:\WINDOWS\Temp\b4624c1e-fc0f-4045-8c1c-956902d6bc7d
[MD5.10A562BB8C8571866BAF54B1D7EC031E] - |A| - [03/05/2017 02:09:22] - (.-.) - [11.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [03/05/2017 02:09:22] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [03/05/2017 02:09:19] - [1679.84 Ko] - C:\WINDOWS\Temp\CR_B4AA6.tmp
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 21:58:52] - [94.74 Ko] - C:\WINDOWS\Temp\DriverAgent
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 08:56:28] - [0 Ko] - C:\WINDOWS\Temp\fc39df59-71a9-4534-a1bb-1ad84bc53f67
[MD5.FD0454BFCA4575B6B96B33A83393A769] - |A| - [01/05/2017 21:43:01] - (.-.) - [169.62 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170501-2143.log
[MD5.A6122AB8F2A6B82E6E33E5AA18627560] - |A| - [01/05/2017 22:01:57] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170501-2201.log
[MD5.5ECE7C7A3FC1C1A94A2466ACF8038466] - |A| - [01/05/2017 22:28:20] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170501-2228.log
[MD5.58C885619EEDC59B308F0F5BEAC81FC1] - |A| - [01/05/2017 23:00:37] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170501-2300.log
[MD5.C216C6F320FEE304AFEDFAFA596573EE] - |A| - [02/05/2017 04:03:03] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-0403.log
[MD5.01430BE11175196DDEF443D655B53B5B] - |A| - [02/05/2017 06:25:46] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-0625.log
[MD5.F1D57E900E775784A6FA63964CB73863] - |A| - [02/05/2017 07:10:50] - (.-.) - [6.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-0710.log
[MD5.07366A5C8B7E2682A64073B395CA2671] - |A| - [02/05/2017 09:42:26] - (.-.) - [130.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-0942.log
[MD5.C8B25A8C39760722DEB7017BB68E9E8E] - |A| - [02/05/2017 10:03:11] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1003.log
[MD5.2EEF66BA9A96A81085D391F67AFB810C] - |A| - [02/05/2017 10:29:27] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1029.log
[MD5.58335D4EF2901226C235E895D7320439] - |A| - [02/05/2017 10:59:41] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1059.log
[MD5.7A988F71572B7BB5EDB756D8022F4D8F] - |A| - [02/05/2017 13:47:06] - (.-.) - [49.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1347.log
[MD5.BBAB60986174E65810748A7C8EF15B9B] - |A| - [02/05/2017 14:11:18] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1411.log
[MD5.7D20EDE6861A6DE354FCAC281578A156] - |A| - [02/05/2017 14:42:30] - (.-.) - [49.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1442.log
[MD5.0693EDF8436976C59219D11A3AC97CCA] - |A| - [02/05/2017 14:59:28] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1459.log
[MD5.DAF6E2FFD6A44DBA359E7A088A94221D] - |A| - [02/05/2017 15:27:51] - (.-.) - [49.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1527.log
[MD5.66D48DBC04BC680E7F6CD4CA1DDC7E4F] - |A| - [02/05/2017 15:44:58] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1544.log
[MD5.DFAAEA9204B3D60F5AA371D9CDEE4C70] - |A| - [02/05/2017 15:55:31] - (.-.) - [128.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1555.log
[MD5.0AACAD2231552928CC7BECFA246BE80D] - |A| - [02/05/2017 16:15:19] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1615.log
[MD5.24C25C04784B82A0840AF46CC6CC10A7] - |A| - [02/05/2017 16:42:19] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1642.log
[MD5.4F33475F874CC76058D8C93281534901] - |A| - [02/05/2017 17:12:19] - (.-.) - [4.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1712.log
[MD5.CF8C68799B356037A5864420541D9BA0] - |A| - [02/05/2017 18:32:03] - (.-.) - [10.87 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1832.log
[MD5.A84D1D222A0B0D743B679B0D8D7EA42B] - |A| - [02/05/2017 18:55:45] - (.-.) - [128.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1855.log
[MD5.B5D314F128A089A3216D582DDB9B9A8B] - |A| - [02/05/2017 19:12:54] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1912.log
[MD5.ABE737CFCC262A855AD2E71C6E163309] - |A| - [02/05/2017 19:43:35] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-1943.log
[MD5.5DAAABF115D742FC1D5114ABD8672813] - |A| - [02/05/2017 20:12:45] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170502-2012.log
[MD5.5B1955C45C4D9DD3874D90BA05812E5F] - |A| - [03/05/2017 04:00:10] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-0400.log
[MD5.1C2D985D5D1A29406EB3032344EA6943] - |A| - [03/05/2017 05:53:16] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-0553.log
[MD5.B082017E09F5FA4622AE70C6651F85BE] - |A| - [03/05/2017 13:33:16] - (.-.) - [9.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1333.log
[MD5.D5F21BFACCDC9AA7580F6F426025B776] - |A| - [03/05/2017 13:35:17] - (.-.) - [130.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1335.log
[MD5.38C8CEF9EE63BE01C72F51A7861F046F] - |A| - [03/05/2017 13:51:28] - (.-.) - [4.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1351.log
[MD5.909FCA8F85D164E991DC66AE0E054A6F] - |A| - [03/05/2017 14:20:33] - (.-.) - [4.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1420.log
[MD5.3C91F7ED24B7EB0B802998B7CAEC56E6] - |A| - [03/05/2017 14:50:32] - (.-.) - [4.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1450.log
[MD5.C4E8F3E6A7F5E4F7425CF4F02D31C3D3] - |A| - [03/05/2017 15:52:16] - (.-.) - [128.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1552.log
[MD5.0114CC818E92670A4D1C89E4EBE9AD24] - |A| - [03/05/2017 16:44:22] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1644.log
[MD5.21A7C379C995685D350664FA1AC7105C] - |A| - [03/05/2017 17:14:19] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1714.log
[MD5.74E4329B68338F9FF27075E1F54272A3] - |A| - [03/05/2017 17:44:19] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1744.log
[MD5.100AABCD540EE72BF06247E5E582C75C] - |A| - [03/05/2017 19:50:00] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170503-1950.log
[MD5.D6D0CAE3FB7AAACF439CE43B41012C48] - |A| - [04/05/2017 04:00:01] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-0400.log
[MD5.FE82864C202982CE663463C042F00D85] - |A| - [04/05/2017 09:29:56] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-0929.log
[MD5.19FD5ADB77D00A41278FAA9BC8E01191] - |A| - [04/05/2017 10:27:57] - (.-.) - [88.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1027.log
[MD5.B3A54A4F8D8B98CC2B444C4C7086FFEB] - |A| - [04/05/2017 10:46:03] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1046.log
[MD5.E0D9150C44AED737B6D5446431470382] - |A| - [04/05/2017 11:17:04] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1117.log
[MD5.CA3575F554157A9112EB20F1B1FD8844] - |A| - [04/05/2017 11:24:01] - (.-.) - [128.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1124.log
[MD5.980C5F4C5949B1B3462031BC338091BA] - |A| - [04/05/2017 13:00:37] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1300.log
[MD5.7E7909B38CA6BCC058BDCEB33E8A6825] - |A| - [04/05/2017 13:30:35] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1330.log
[MD5.F1F27ADD42A676A0483E4B0AC343E08C] - |A| - [04/05/2017 14:00:34] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-1400.log
[MD5.F1223200954A3F35908AE9074D24E4B0] - |A| - [04/05/2017 22:08:29] - (.-.) - [11.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170504-2208.log
[MD5.B18A57875F1ABBD64C4DD8108A897D2E] - |A| - [05/05/2017 11:35:57] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1135.log
[MD5.E9423867EEC31C205CF3B10E25A42DA6] - |A| - [05/05/2017 11:42:17] - (.-.) - [6.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1142.log
[MD5.DD0CB16CE9E8DBC51F2BB8D645D0BB08] - |A| - [05/05/2017 11:42:17] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1142a.log
[MD5.E989446F3215666985AEE49F9BCC5435] - |A| - [05/05/2017 11:54:13] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1154.log
[MD5.E38E0059D555378AD3420EE7DD8D204F] - |A| - [05/05/2017 12:12:16] - (.-.) - [11.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1212.log
[MD5.68CA17FB47984A45847C6B75F39160B4] - |A| - [05/05/2017 13:08:00] - (.-.) - [128.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1308.log
[MD5.F975C6D02927C03F827348C84262B1F2] - |A| - [05/05/2017 13:31:59] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1331.log
[MD5.8F4A5E0A4FE6D3ED7953A21AA157A3FE] - |A| - [05/05/2017 13:55:33] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1355.log
[MD5.D8E040B49512B222DCE8C5469D15A3DE] - |A| - [05/05/2017 14:31:23] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170505-1431.log
[MD5.C0EB1C62BB9D6AC0C30B2C09CE0B2EAF] - |A| - [12/05/2017 03:46:35] - (.-.) - [182.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0346.log
[MD5.51387AFE307057816FA1A86016BF28E1] - |A| - [12/05/2017 03:54:40] - (.-.) - [6.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0354.log
[MD5.3E85850F4AB21C47B06EF1E2A73A08D7] - |A| - [12/05/2017 03:54:40] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0354a.log
[MD5.817F3C6D2BDAAEEAC814E5C794FEC1F6] - |A| - [12/05/2017 04:00:01] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0400.log
[MD5.78559E4EC699A2B24F5408F56024C76A] - |A| - [12/05/2017 04:04:52] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0404.log
[MD5.DB7B9F6B01EF24511B61E41D9669EB8E] - |A| - [12/05/2017 04:35:38] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0435.log
[MD5.09D4D48AC64F0F3BC3D3BF034AF5149D] - |A| - [12/05/2017 05:05:00] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0505.log
[MD5.BF6C78CF1DC72C1FF9607801A51164DD] - |A| - [12/05/2017 06:12:55] - (.-.) - [11.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0612.log
[MD5.E686A53705E347FC63C24D2A12C48D20] - |A| - [12/05/2017 06:20:03] - (.-.) - [128.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0620.log
[MD5.8F4BC9CADFEA93C3E8A8A862463A0969] - |A| - [12/05/2017 06:43:27] - (.-.) - [4.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0643.log
[MD5.4E459F78C883291EC2B71295ED46F8E0] - |A| - [12/05/2017 07:13:25] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0713.log
[MD5.D724A2757A861E20510A9F7079441DE4] - |A| - [12/05/2017 07:43:30] - (.-.) - [4.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-0743.log
[MD5.EB520E1B0171C696EF51A7EED35DD2D2] - |A| - [12/05/2017 11:00:56] - (.-.) - [11.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-1100.log
[MD5.C6689E9EC44FB6BF11037E1498E32D6E] - |A| - [12/05/2017 12:31:36] - (.-.) - [11.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LFSULTRA-WIDEN-20170512-1231.log
[MD5.3A404994DCE38BE023E43D2DC446E7E9] - |A| - [01/05/2017 21:54:30] - (.-.) - [41.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 11:41:14] - [0.92 Ko] - C:\WINDOWS\Temp\MPInstrumentation
[MD5.79E63C7D77F67118C9502BFDFCC87AF0] - |A| - [02/05/2017 10:19:46] - (.-.) - [53.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 06:21:30] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 13:47:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705021347071154).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 14:42:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705021442301110).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 15:27:55] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705021527541184).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 15:55:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705021555311294).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 18:32:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170502183204AC0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 18:55:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705021855451104).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 13:33:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705031333171FCC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 15:52:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705031552171134).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 19:50:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017050319500127F0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/05/2017 10:27:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705041027571200).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/05/2017 11:24:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017050411240210CC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/05/2017 11:35:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705051135591160).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/05/2017 13:08:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705051308021210).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/05/2017 03:46:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170512034637FDC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/05/2017 06:20:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017051206200310D8).log
[MD5.FDDD3A96B78EC3D102948A5348309487] - |A| - [01/05/2017 23:08:39] - (.-.) - [87.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\reimage.log
[MD5.3BAB25A3E651A9E4A00473D2257B99F9] - |A| - [05/05/2017 13:30:36] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SyncBackTouch.log
[MD5.6D1C3070DFFCD92912DE19B0CDCCBEEC] - |AT| - [04/05/2017 11:07:27] - (.-.) - [139344.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TMP351A20BB2C1722A4
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:24:18] - [0 Ko] - C:\WINDOWS\Temp\tw2902.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:27:36] - [0 Ko] - C:\WINDOWS\Temp\tw2BA8.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:36:23] - [0 Ko] - C:\WINDOWS\Temp\tw3617.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:36:24] - [0 Ko] - C:\WINDOWS\Temp\tw3B88.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:58] - [0 Ko] - C:\WINDOWS\Temp\tw41.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:59] - [0 Ko] - C:\WINDOWS\Temp\tw68D.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:19] - [0 Ko] - C:\WINDOWS\Temp\tw6A9E.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:30] - [0 Ko] - C:\WINDOWS\Temp\tw95C7.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:36:50] - [0 Ko] - C:\WINDOWS\Temp\tw9FF1.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:25:57] - [0 Ko] - C:\WINDOWS\Temp\twA92C.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:34:01] - [0 Ko] - C:\WINDOWS\Temp\twB42.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:36:57] - [0 Ko] - C:\WINDOWS\Temp\twBDAC.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:34:51] - [0 Ko] - C:\WINDOWS\Temp\twD105.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:35:58] - [0 Ko] - C:\WINDOWS\Temp\twD7F7.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:22:54] - [0 Ko] - C:\WINDOWS\Temp\twDF2B.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:53] - [0 Ko] - C:\WINDOWS\Temp\twEE59.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:55] - [0 Ko] - C:\WINDOWS\Temp\twF456.tmp
[MD5.00000000000000000000000000000000] - |D| - [02/05/2017 16:33:55] - [0 Ko] - C:\WINDOWS\Temp\twF785.tmp
[MD5.751B44A4A4CF18D6D013E4583D6F23B8] - |A| - [02/05/2017 07:21:42] - (.-.) - [35.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\url_setting_definitions.txt
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 17:02:11] - [714.57 Ko] - C:\WINDOWS\Temp\Utility
[MD5.E2F08FAA9B2CC5DCAA244D5DF2FA25BF] - |A| - [05/05/2017 11:51:08] - (.-.) - [9366.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXcj2u2mrj.vnd
[MD5.C675450A2E08964264527FC2EF6FB924] - |A| - [12/05/2017 05:05:51] - (.-.) - [0.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_05ab408f-e18b-47df-a755-edf054fe2cce.log
[MD5.8B7166FF8C06868F2F754A13ACEAD84C] - |A| - [05/05/2017 11:45:33] - (.-.) - [0.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_486e66de-b5fc-425f-a7d3-7c3e049c9499.log
[MD5.85DA7ED13DAC043C767F54BCDF53AC01] - |A| - [12/05/2017 03:55:53] - (.-.) - [0.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_8698336a-d68e-4eb0-a2f3-dc306f952895.log
[MD5.7FC12DDEC6509B99B13A82302442D200] - |A| - [03/05/2017 05:03:44] - (.-.) - [0.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_b656c0d4-1054-4e3f-b672-014e7d22fc90.log
[MD5.769E4A043A1357054B8306DD9DFBF0F6] - |A| - [04/05/2017 05:02:35] - (.-.) - [0.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_ca2fefe8-1650-4ebb-83fc-19bbf421d1a8.log
[MD5.CE3AE6AD6F487C3BD34E2C0F1789314C] - |A| - [02/05/2017 05:09:21] - (.-.) - [0.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_fe8c6440-8e96-4398-9cfc-7bc70789e8c7.log
[MD5.00000000000000000000000000000000] - |D| - [01/05/2017 23:21:27] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 18:55:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{29A11A4F-7AC6-41F7-A67F-4744B38AB70B} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/05/2017 10:27:55] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{29D24926-9175-4407-8719-985406B46C94} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 19:49:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{3C0A8BA5-1C27-48AE-81E6-7E41B7DAC554} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 13:47:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{3F6B2DF2-E804-4DD9-9C5D-0BB5FED7FA18} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/05/2017 13:07:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{4008036D-B99A-458D-A0AE-04F4B39AFE81} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 15:27:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{45EB4F95-3339-4158-B526-5BC11A809676} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 18:32:03] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{52F1DB06-02BE-428C-8A9C-8CB8474AD60B} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/05/2017 11:35:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{61A15260-BAA0-4827-8770-5ED79E3E346C} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 14:42:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{7CB8692E-9E73-40F6-BA95-40E177E0E0D4} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/05/2017 06:20:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{8E62FED3-0479-4243-A493-12C7323A010D} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/05/2017 15:55:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{991D75E1-FD07-4398-95EF-07E08534014D} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 15:52:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{C669ECFE-00EF-4232-9C2E-1F6420E50C14} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [04/05/2017 11:24:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{CC2F832C-1600-445E-859C-3AA5A180F70F} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/05/2017 13:33:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{E5531460-A58C-4581-AFEC-98347EF339C7} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/05/2017 03:46:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{FEB884DD-D696-4885-9EA9-8859B617013C} - OProcSessId.dat
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 11:45:55] - [410.05 Ko] - C:\WINDOWS\System32\1033
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 11:11:16] - [29.19 Ko] - C:\WINDOWS\System32\1036
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 22:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 22:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 22:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 22:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 22:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [2979.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/07/2015 22:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amde31a.dat
[MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |A| - [21/10/2015 03:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll
[MD5.AF1928F5E15921A29877C2E18626F80E] - |A| - [21/10/2015 03:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdhdl64.dll
[MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [23/07/2015 12:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdicdxx.dat
[MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |A| - [21/10/2015 03:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\WINDOWS\System32\amdlvr64.dll
[MD5.C366C5A2EE8F1F586691E4511AB56040] - |A| - [21/10/2015 03:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\System32\amdmantle64.dll
[MD5.3960C946E67311C9831550AEDC649C3A] - |A| - [21/10/2015 03:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll
[MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |A| - [21/10/2015 03:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmmcl6.dll
[MD5.7BA9A6BBF176D945D7B201865897E158] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\WINDOWS\System32\amdocl12cl64.dll
[MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\System32\amdocl64.dll
[MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |A| - [21/10/2015 03:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_as64.exe
[MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |A| - [21/10/2015 03:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_ld64.exe
[MD5.2B79CD2445F85D54959702583ECBCC04] - |A| - [21/10/2015 03:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\amdpcom64.dll
[MD5.C0F1FF923616DEDEAA7655F7FA03FD06] - |A| - [24/04/2017 15:30:37] - (.-.) - [3117.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\APMBoot.exe
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 22:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2473.24 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.28DF09388444100467873AC906FD6CB2] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\atiadlxx.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 02:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb
[MD5.CC2470CA903EA355A24F05520D79BDB8] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\System32\atiapfxx.exe
[MD5.279066332FA267076E3BEE81C4297F87] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalcl64.dll
[MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticaldd64.dll
[MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalrt64.dll
[MD5.BE92AD0155D4A23D0073AF51BE808B29] - |A| - [21/10/2015 03:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\aticfx64.dll
[MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |A| - [21/10/2015 03:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\WINDOWS\System32\atidemgy.dll
[MD5.8700278344BED8D4A3A5AC2875359584] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\System32\atidxx64.dll
[MD5.69F82C40A189962A65F6D5A02DF8599F] - |A| - [21/10/2015 03:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe
[MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |A| - [21/10/2015 03:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atieclxx.exe
[MD5.521248FA26458669BAAE6AB7DB21F3AC] - |A| - [21/10/2015 03:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atiesrxx.exe
[MD5.E4F96DFF0501430BF7C6E90841A7282D] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6pxx.dll
[MD5.86F2AE002AF9222F34937823B98753C2] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6txx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 11:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiicdxx.dat
[MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |A| - [21/10/2015 03:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\atimpc64.dll
[MD5.C84C24F13663EF5A59C1E598A350C8C3] - |A| - [21/10/2015 03:14:46] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\System32\atimuixx.dll
[MD5.7D9CCB5DD8837D6AC954956A5812112C] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\WINDOWS\System32\atio6axx.dll
[MD5.0E89795F721B2BC02D0A12C470750DF6] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODCLI.exe
[MD5.C7A506822BE45CD42415710979CDAE7F] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODE.exe
[MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |A| - [21/10/2015 03:14:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\System32\atitmm64.dll
[MD5.067CED045532C58B46E6527BCE3CB47F] - |A| - [21/10/2015 03:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiu9p64.dll
[MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\atiumd64.dll
[MD5.486D6985E7B7826DBBEAE12755851027] - |A| - [22/08/2015 02:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap
[MD5.0A9CA09952D768F768D2903F984102DC] - |A| - [21/10/2015 03:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\System32\atiumd6a.dll
[MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiuxp64.dll
[MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [24/07/2015 22:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce02.dat
[MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/07/2015 23:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce03.dat
[MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [29/05/2015 02:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik.dat
[MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [29/05/2015 01:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik_nd.dat
[MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [29/05/2015 02:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cz_nd.dat
[MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [29/05/2015 02:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ.dat
[MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [29/05/2015 02:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ_nd.dat
[MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [29/05/2015 02:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi.dat
[MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [29/05/2015 02:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 02:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 02:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat
[MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 22:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [12/05/2017 12:38:22] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BITF033.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4546.61 Ko] - C:\WINDOWS\System32\Boot
[MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 22:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 22:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp
[MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 22:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp
[MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 22:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [84038.15 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [29089.07 Ko] - C:\WINDOWS\System32\catroot2
[MD5.F18E1F295EBB5FDD7E6D93571113E5A8] - |A| - [28/04/2017 13:10:08] - (.Copyright © 2001-2015 GoPro Inc. - CineForm DirectShow Decoder.) - [1221 Ko] - (9.2.1.690) - C:\WINDOWS\System32\CFDecode64.ax
[MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |A| - [21/10/2015 03:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3580.04 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.A0E91D21C945781D03EA0BA1C95F821E] - |A| - [21/10/2015 03:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.20.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com
[MD5.A797EED94B22B29D3974CB20B66BE6C6] - |A| - [01/08/2013 14:12:30] - (.2012 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [108 Ko] - (1.0.0.2) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [468420.35 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK
[MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 22:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 22:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 23:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 17:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\System32\DevManagerCore.dll
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 22:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:02:55] - [115943.36 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [4957764.49 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [15/11/2016 11:34:26] - [418.36 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [159 Ko] - C:\WINDOWS\System32\dsc
[MD5.B0A3B85B6A2605A26B8C44B9A9C5F9B1] - |A| - [26/04/2017 19:34:20] - (.-.) - [31.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.45753B2B17E144450F611AE8C5AEB447] - |A| - [26/04/2017 20:07:12] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2159.03 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX
[MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [10/11/2016 19:36:30] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL
[MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [10/11/2016 19:36:28] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_ID4BLPE.DLL
[MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [10/11/2016 19:36:28] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\WINDOWS\System32\E_ILMBLPE.DLL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [28451.16 Ko] - C:\WINDOWS\System32\F12
[MD5.E5421FB92280483FA59B6518C70B3319] - |A| - [14/11/2016 09:12:40] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [23.54 Ko] - (3.0.0.1) - C:\WINDOWS\System32\fbnative.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.E105DC3C9E89B43A40646FD1E5DD5D1C] - |A| - [12/05/2017 12:31:17] - (.-.) - [250.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:26] - [3402.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [44640.75 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 22:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 22:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.77071BF934BEF16D5F02E31624258A91] - |A| - [21/10/2015 03:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [304.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:11:49] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 22:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 22:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25951.67 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 22:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [233.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 22:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [13254.46 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 17:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 17:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPPApp.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [26/10/2012 17:42:22] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvco1380853.dll
[MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [26/10/2012 17:42:24] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvcod64.dll
[MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [26/10/2012 17:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoin64.ini
[MD5.10916F973F49249B60D32E292E07B369] - |A| - [26/04/2017 18:51:35] - (.-.) - [6.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log
[MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [26/10/2012 17:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUI64.dll
[MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [26/10/2012 17:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUIRC64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [29382.94 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantle64.dll
[MD5.EA33454E28EE1F3CA432DA87203DA24F] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantleaxl64.dll
[MD5.A8A402B0C566B1AF97F35DD492C4A6B6] - |A| - [18/03/2017 22:57:20] - (.-.) - [759.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.CF17A39BA7D1D1E386FD0C1303642B91] - |A| - [25/02/2013 11:10:02] - (.-.) - [20.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MDA_NTDRV.sys
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 22:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 19:26:27] - [6.01 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5496.63 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [47432.17 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [13/11/2016 22:44:33] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4180.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\NDF
[MD5.B77C6EFD3A8A11C5EF05C9364FDDE0E3] - |A| - [26/04/2017 18:47:23] - (.-.) - [24.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 22:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.97825AA793465E58FBD3F9A43EB24885] - |A| - [12/05/2017 12:33:11] - (.-.) - [610 Ko] - (1.0.40.4) - C:\WINDOWS\System32\NetUtils2016.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.DABD3C78809D580EBCF04B4D183ECFC9] - |A| - [12/04/2017 05:38:36] - (.-.) - [696.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\npe-fre.exe
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 23:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 22:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [13178.95 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 22:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.652F1F54E573AF4D59E0AE658376D077] - |A| - [16/07/2010 02:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [103.52 Ko] - (4.1.0.2001) - C:\WINDOWS\System32\Packet.dll
[MD5.1BD31AF098E9E4A4A48D2ECFF0A12F30] - |A| - [30/04/2017 18:28:03] - (.© 2003 Glyph & Cog, LLC <derekn@foolabs.com> - Xpdf: utilities for PDF documents.) - [502.5 Ko] - (2.3.1382.39045) - C:\WINDOWS\System32\pdfinfo.exe
[MD5.1FEFCBFFE96D2C5EE074AAE27846C30E] - |A| - [30/04/2017 18:28:03] - (.© 2003 Glyph & Cog, LLC <derekn@foolabs.com> - Xpdf: utilities for PDF documents.) - [539.5 Ko] - (2.3.1382.39045) - C:\WINDOWS\System32\pdftotext.exe
[MD5.64CCC9EEC6A3096CE1BD1C9365FCB1BF] - |A| - [18/03/2017 23:05:34] - (.-.) - [298.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.E1211EFA62791878C076C726E0FDBCB2] - |A| - [20/03/2017 07:10:29] - (.-.) - [336.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 23:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 07:10:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.8ACB432A68CC4455CD25709169CBB772] - |A| - [18/03/2017 23:05:34] - (.-.) - [980.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.51C1880D7DBCE7F87B10C9B898FAC800] - |A| - [20/03/2017 07:10:29] - (.-.) - [1358.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.0609FCBA953CEB8C8B338BD5875781C3] - |A| - [26/04/2017 18:52:14] - (.-.) - [2996.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.0225FC6F0D91F84B44CE252487D8D725] - |A| - [29/04/2017 18:19:45] - (.Copyright (C) 2008-2013 - Video-Codec by proDAD.) - [593.02 Ko] - (1.0.18.0) - C:\WINDOWS\System32\prodad-codec.dll
[MD5.E5FCE41A5114E40EE573AB8631925BF3] - |A| - [29/04/2017 18:19:30] - (.Copyright (C) 2008 - Part of the proDAD.) - [367.52 Ko] - (1.0.4.0) - C:\WINDOWS\System32\proDAD-PA-Support.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 22:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [26/10/2012 17:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Repository.reg
[MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [251.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/08/2013 14:12:34] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.166CDCF1CA92579C051BCA8C5C13C3FB] - |A| - [27/04/2017 15:49:32] - (.Copyright (c) 2000 - 2015 Advanced Messaging Systems LLC - Outlook Redemption COM library.) - [12500.1 Ko] - (5.10.0.4312) - C:\WINDOWS\System32\rsror64.dll
[MD5.F7BAB6656AA3851FB90D3E1699F9B946] - |A| - [27/04/2017 15:49:32] - (.Copyright (c) 2000 - 2015 Advanced Messaging Systems LLC - Outlook Redemption COM library.) - [3793.1 Ko] - (5.10.0.4312) - C:\WINDOWS\System32\rsrorx64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/08/2013 14:12:34] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 22:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 22:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 18:47:17] - [10451.78 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 22:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [13385.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 22:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11620.73 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190890.5 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5936.25 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 09:22:35] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 22:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/08/2013 14:12:36] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 18:50:57] - [2126.38 Ko] - C:\WINDOWS\System32\SRSLabs
[MD5.A028717B791416182959B325D5B40679] - |A| - [01/08/2013 14:12:36] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/08/2013 14:12:36] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/08/2013 14:12:36] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [9112 Ko] - C:\WINDOWS\System32\sru
[MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 22:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 12:33:11] - [0 Ko] - C:\WINDOWS\System32\sstmp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1591.02 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [906.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [622.19 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 09:22:35] - [546.19 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 22:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH
[MD5.163A2CAB4344FDBD83992F01D9870823] - |A| - [12/05/2017 12:33:12] - (.-.) - [1.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tmplog.log
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 22:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 22:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [84849.62 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [44055.15 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 22:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [76165.44 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 22:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [9339.42 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [130600 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4744.09 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.A2473CC88ABA67391CE7929E5C69E767] - |A| - [16/07/2010 02:45:42] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [360.52 Ko] - (4.1.0.2001) - C:\WINDOWS\System32\wpcap.dll
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 22:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.F1D3B38E1E93729388D0EABB37A09C99] - |A| - [18/03/2017 22:58:04] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 09:22:36] - [3 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 11:45:54] - [328.34 Ko] - C:\WINDOWS\SysWOW64\1033
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 14:36:58] - [113.39 Ko] - C:\WINDOWS\SysWOW64\1036
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.13FA039C5E464F3BF0C6D01E00581CAA] - |A| - [01/05/2017 17:03:26] - (.Copyright © 2010 by fccHandler - AC-3 ACM Codec.) - [148 Ko] - (1.5.0.0) - C:\WINDOWS\SysWOW64\ac3acm.acm
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.7D4761FD5A02353C9BD70C1F5B15AA4F] - |A| - [21/10/2015 03:14:42] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
[MD5.F12467373381C72FAE9CA7C08ED6C919] - |A| - [21/10/2015 03:14:42] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdhdl32.dll
[MD5.87882BCCDF63B74B675ECCE6B6609DC2] - |A| - [21/10/2015 03:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\WINDOWS\SysWOW64\amdlvr32.dll
[MD5.8F2144D05F41DD27308548B5D9D19101] - |A| - [21/10/2015 03:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\amdmantle32.dll
[MD5.F9F99EA40AF48C716C2E823F2B6FD2D8] - |A| - [21/10/2015 03:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmmcl.dll
[MD5.E30B1D883DC886016C38FDEE6755CCC6] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38790.48 Ko] - (10.0.1800.11) - C:\WINDOWS\SysWOW64\amdocl.dll
[MD5.5F0F6073A243FC8C4C190E3F06D1247E] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\amdocl12cl.dll
[MD5.40A2E4C2933EB5DE99C06F00A9E2C589] - |A| - [21/10/2015 03:14:44] - (.-.) - [980.49 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_as32.exe
[MD5.985589A3C4BB14ED23A15D9477475F7B] - |A| - [21/10/2015 03:14:42] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_ld32.exe
[MD5.170EA2F4A32130BBF7EABD2D94B235AE] - |A| - [21/10/2015 03:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\amdpcom32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxx.dll
[MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxy.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 02:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb
[MD5.4A8BC73F07C13E602B573BE723BFB360] - |A| - [21/10/2015 03:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalcl.dll
[MD5.64E261847856C53DE5A3007682707290] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticaldd.dll
[MD5.F1E925DE8ECC7BE99BCC380BBA3F477E] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalrt.dll
[MD5.DCE2F09D2DF45938DB476B287D6F560B] - |A| - [21/10/2015 03:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.88 Ko] - (8.17.10.1404) - C:\WINDOWS\SysWOW64\aticfx32.dll
[MD5.194B36603ED7BB93290F4A3C73B94764] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\WINDOWS\SysWOW64\atidxx32.dll
[MD5.B84EF06D0D8192F33EE5BC12B2BA3702] - |A| - [21/10/2015 03:14:46] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe
[MD5.B728F7B42DA61395F43C86BDDE5196E5] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atigktxx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 03:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiglpxx.dll
[MD5.B344A7D717211B7DF53E369FC58290DF] - |A| - [21/10/2015 03:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\atimpc32.dll
[MD5.6557A2BB671495C8F7E127FCD23FAF3E] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\WINDOWS\SysWOW64\atioglxx.dll
[MD5.E183E40B75E742A6E597A922168C2405] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiu9pag.dll
[MD5.E638384DCD47CEA8F0DF2B6BAFB11F57] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\WINDOWS\SysWOW64\atiumdag.dll
[MD5.A98DA23A524803615B083CFCED1CE362] - |A| - [22/08/2015 02:50:46] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap
[MD5.34438A391DADBD03940AF0760E2932CB] - |A| - [21/10/2015 03:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\atiumdva.dll
[MD5.C62336798199A3705424A6708445DD11] - |A| - [21/10/2015 03:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 02:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 02:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2705.51 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 17:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\DevManagerCore.dll
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.F42E95BFB193754E9148DB6434D2E88E] - |A| - [19/02/2010 21:27:36] - (.Copyright © 2000-2009 DivX, Inc. - DivX.) - [703.5 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\DivX.dll
[MD5.8A917DFB8115382CE129F1F140F268A9] - |A| - [23/03/2013 03:09:28] - (.© Copyright 2000 - 2009 DivX, Inc. - DivX Control Panel.) - [346.34 Ko] - (1.2.0.25) - C:\WINDOWS\SysWOW64\DivXControlPanelApplet.cpl
[MD5.A266D3E430E9FF97E9D659E5F087EF99] - |A| - [19/02/2010 21:27:16] - (.Copyright © 2001-2008 DivX, Inc. - DivX.) - [836 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\divx_xx07.dll
[MD5.0DADCB1C15AB04A655F7B386FE625B35] - |A| - [19/02/2010 21:27:16] - (.Copyright © 2001-2008 DivX, Inc. - DivX.) - [828 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\divx_xx0a.dll
[MD5.725C556795DFC534660E784F9324515C] - |A| - [19/02/2010 21:27:16] - (.Copyright © 2001-2008 DivX, Inc. - DivX.) - [836 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\divx_xx0c.dll
[MD5.E1F94DFDC350BB8CE14655F5DB567149] - |A| - [19/02/2010 21:27:16] - (.Copyright ? 2001-2008 DivX, Inc. - DivX.) - [820 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\divx_xx11.dll
[MD5.AD8E4393EAD5A8A71378BEEE95C59FDA] - |A| - [19/02/2010 21:27:16] - (.Copyright © 2001-2008 DivX, Inc. - DivX.) - [824 Ko] - (6.9.2.26) - C:\WINDOWS\SysWOW64\divx_xx16.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1077.55 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.90C7F5E71EEFE13F762CFE7B42C7157A] - |A| - [21/10/2011 01:26:22] - (.Copyright © 2005-2006 - dpl100.) - [92 Ko] - (1.3.0.25) - C:\WINDOWS\SysWOW64\dpl100.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3422.56 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1547.03 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [24157.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.C58947149D01B615E478D7201DD0CFA4] - |A| - [01/05/2017 17:03:22] - (.-.) - [79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ff_vfw.dll
[MD5.3B5BB4DA93EBCB6ECBAC48C66F4B28A4] - |A| - [01/05/2017 17:03:23] - (.-.) - [0.58 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ff_vfw.dll.manifest
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:27] - [3149 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [37328.29 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.CC8206C9288EA409781DE1D7FC754A39] - |A| - [29/04/2017 21:39:17] - (.2005-2013 - Generic Service.) - [478.72 Ko] - (2.4.4.0) - C:\WINDOWS\SysWOW64\GSService.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 22:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.506C5BE8B184615F7F35A85C00A16E76] - |A| - [21/10/2015 03:14:48] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 22:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.CADC1F6669EC3F9143A33D1342C2410E] - |A| - [28/04/2017 14:48:55] - (.-.) - [209.5 Ko] - (1.0.0.110) - C:\WINDOWS\SysWOW64\ISCM32.dll
[MD5.ED5D4435EC628F9EBB6AEC8A1D3FA41D] - |A| - [28/04/2017 14:48:56] - (.-.) - [704.36 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\ISCM64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [222.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.5ACD11DF2AA5F3E3F30F785589B70347] - |A| - [13/11/2005 20:07:12] - (.-.) - [6.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\kc.exe
[MD5.00000000000000000000000000000000] - |D| - [05/05/2017 12:29:51] - [24125.03 Ko] - C:\WINDOWS\SysWOW64\KDirectShow
[MD5.6315AB54B0156C7B5B1B6E499601C171] - |A| - [29/10/2006 17:36:54] - (.Killer{R} -.) - [1158 Ko] - (2.8.4.0) - C:\WINDOWS\SysWOW64\killcopy.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [220.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 17:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 17:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPPApp.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [224.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [26/10/2012 17:42:22] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\lvcodec2.dll
[MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [26/10/2012 17:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2.dll
[MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [26/10/2012 17:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2RC.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23946.13 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.39CE334A6E1CBED62462A0CCCC080A5C] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantle32.dll
[MD5.890CD0E80FA4CA7728FF49E372D789F2] - |A| - [21/10/2015 03:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantleaxl32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2977.89 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.23D4907D662E248E09872E5A32E71570] - |A| - [01/05/2017 17:03:27] - (.Copyright © 2004 Fraunhofer IIS - MPEG Audio Layer-3 Codec for MSACM.) - [227 Ko] - (3.4.0.0) - C:\WINDOWS\SysWOW64\mp3fhg.acm
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - |A| - [28/04/2017 13:59:56] - (.-.) - [69.43 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\NMSAccessU.exe
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [635.23 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.1250BEF11BFA086F772CD2A273BC036E] - |A| - [16/07/2010 02:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.2001) - C:\WINDOWS\SysWOW64\Packet.dll
[MD5.A03878583E9A9CD28C418B3E37CE0021] - |A| - [26/04/2017 18:52:03] - (.-.) - [1931.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.C7A1F603619B96503674D15BF4FFE637] - |A| - [24/04/2017 10:29:12] - (.Copyright (C) ArcSoft Inc. 2001 - ArcSoft Screen Saver.) - [160 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\PhotoImpression Screen Saver.scr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [288 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [28/04/2017 13:58:48] - [29.74 Ko] - C:\WINDOWS\SysWOW64\PolicyDefinitions
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [285.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [16/07/2010 02:45:44] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll
[MD5.F318E151801F7EB505894718E03BC438] - |A| - [24/04/2017 09:27:30] - (.-.) - [5.54 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\quartz.vxd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [230.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.F5C5B3A75783BEFF7257EABA026783CA] - |A| - [27/04/2017 15:49:49] - (.Copyright (c) 2000 - 2015 Advanced Messaging Systems LLC - Outlook Redemption COM library.) - [7776.6 Ko] - (5.10.0.4312) - C:\WINDOWS\SysWOW64\rsror32.dll
[MD5.3FE1177C731A499D875FFD2555C0EED1] - |A| - [27/04/2017 15:50:02] - (.Copyright (c) 2000 - 2015 Advanced Messaging Systems LLC - Outlook Redemption COM library.) - [2393.6 Ko] - (5.10.0.4312) - C:\WINDOWS\SysWOW64\rsrorx32.dll
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 18:50:33] - [2075.98 Ko] - C:\WINDOWS\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [283.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [231 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [228.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4128.41 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [8208.6 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1271.66 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 09:22:36] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [231.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 22:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/05/2017 12:34:43] - [21.85 Ko] - C:\WINDOWS\SysWOW64\SSL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.9B6EA22319C031730B2891AB747AD6C1] - |A| - [05/05/2017 12:13:51] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\swhealthex.log
[MD5.B71EDD2C82F513AACCD3059635F483EA] - |A| - [28/04/2017 13:58:53] - (.-.) - [676 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\SyncBackPro.dll
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.0087F6F680BEFDA997B357BD55BE991C] - |A| - [01/05/2017 17:03:37] - (.-.) - [161.5 Ko] - (3.93.100.73) - C:\WINDOWS\SysWOW64\unrar.dll
[MD5.550BA20DF6C08E628CA9ABD0F6E917B8] - |A| - [24/04/2017 09:27:31] - (.-.) - [10 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vidx16.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [15582.66 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 22:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7506.99 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4744.1 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:28] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.190FB481D293D85B507D071E75BCB05C] - |A| - [16/07/2010 02:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.2001) - C:\WINDOWS\SysWOW64\wpcap.dll
[MD5.0EE8797A5CBE1C3FC90960992217FBB9] - |A| - [18/03/2017 22:58:52] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [26/04/2017 19:18:54] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.2AE2C164587549B3872E5EB109FB12F8] - |A| - [01/05/2017 17:03:24] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidcore.dll
[MD5.717E9CA09CB53DC2BBB2DAF78D713828] - |A| - [01/05/2017 17:03:24] - (.-.) - [179.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidvfw.dll
[MD5.C52757F1EA2812847EB65B72A8371794] - |A| - [01/05/2017 17:03:25] - (.www.helixcommunity.org - Helix YV12 YUV Codec.) - [232 Ko] - (1.3.0.0) - C:\WINDOWS\SysWOW64\yv12vfw.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/11/2016 09:22:36] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Jean-Marie\AppData\Roaming   [26/04/2017 18:53:29]
"Local AppData"=C:\Users\Jean-Marie\AppData\Local   [26/04/2017 18:53:29]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Libraries   [12/11/2016 10:02:24]
"My Video"=C:\Users\Jean-Marie\Videos   [10/11/2016 15:52:02]
"My Pictures"=C:\Users\Jean-Marie\Pictures   [10/11/2016 15:52:02]
"Desktop"=C:\Users\Jean-Marie\Desktop   [10/11/2016 15:52:04]
"History"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\History   [12/11/2016 09:57:56]
"NetHood"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [26/04/2017 18:53:29]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Jean-Marie\Contacts   [10/11/2016 15:54:29]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\RoamingTiles   [12/11/2016 10:09:10]
"Cookies"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\INetCookies   [12/11/2016 09:57:56]
"Favorites"=C:\Users\Jean-Marie\Favorites   [10/11/2016 15:52:02]
"SendTo"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\SendTo   [12/11/2016 09:57:55]
"Start Menu"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu   [12/11/2016 09:57:55]
"My Music"=C:\Users\Jean-Marie\Music   [10/11/2016 15:52:02]
"Programs"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [12/11/2016 09:57:55]
"Recent"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Recent   [12/11/2016 09:57:55]
"CD Burning"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Burn\Burn1   [26/04/2017 20:51:23]
"PrintHood"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [26/04/2017 18:53:29]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Jean-Marie\Searches   [12/11/2016 10:09:10]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Jean-Marie\Downloads   [10/11/2016 15:52:02]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Jean-Marie\AppData\LocalLow   [10/11/2016 15:52:15]
"Startup"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [12/11/2016 10:09:10]
"Administrative Tools"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [12/11/2016 10:09:10]
"Personal"=C:\Users\Jean-Marie\Documents   [10/11/2016 15:52:02]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Jean-Marie\Links   [10/11/2016 15:52:02]
"Cache"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\INetCache   [26/04/2017 18:53:29]
"Templates"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Templates   [26/04/2017 18:53:29]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Jean-Marie\Saved Games   [10/11/2016 15:52:02]
"Fonts"=C:\WINDOWS\Fonts   [18/03/2017 23:03:29]

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache   
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"CD Burning"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn1   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 23:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 23:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [26/07/2012 10:12:59]
"Common Documents"=C:\Users\Public\Documents   [26/07/2012 10:12:59]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 23:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 23:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 23:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [26/07/2012 10:12:59]
"CommonMusic"=C:\Users\Public\Music   [26/07/2012 10:12:59]
"CommonPictures"=C:\Users\Public\Pictures   [26/07/2012 10:12:59]
"CommonVideo"=C:\Users\Public\Videos   [26/07/2012 10:12:59]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 23:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 23:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [26/07/2012 10:12:59]
"Common Documents"=C:\Users\Public\Documents   [26/07/2012 10:12:59]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 23:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 23:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 23:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [26/07/2012 10:12:59]
"CommonMusic"=C:\Users\Public\Music   [26/07/2012 10:12:59]
"CommonPictures"=C:\Users\Public\Pictures   [26/07/2012 10:12:59]
"CommonVideo"=C:\Users\Public\Videos   [26/07/2012 10:12:59]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [Jean-Marie]

[26/04/2017 18:53:29] - |D| - [30810767692] - C:\Users\Jean-Marie\AppData\Local
[10/11/2016 15:52:15] - |D| - [2927202] - C:\Users\Jean-Marie\AppData\LocalLow
[26/04/2017 18:53:29] - |D| - [617214711] - C:\Users\Jean-Marie\AppData\Roaming
[28/04/2017 13:57:21] - |D| - [2914] - C:\Users\Jean-Marie\AppData\Local\2BrightSparks
[27/04/2017 11:28:14] - |D| - [688496] - C:\Users\Jean-Marie\AppData\Local\AdAwareDesktop
[23/04/2017 20:15:36] - |D| - [688496] - C:\Users\Jean-Marie\AppData\Local\AdAwareUpdater
[12/05/2017 12:33:58] - |D| - [376] - C:\Users\Jean-Marie\AppData\Local\AdvinstAnalytics
[28/04/2017 12:23:22] - |D| - [617] - C:\Users\Jean-Marie\AppData\Local\Aiseesoft Studio
[12/11/2016 10:15:07] - |D| - [102055] - C:\Users\Jean-Marie\AppData\Local\AMD
[28/04/2017 13:18:28] - |D| - [75820] - C:\Users\Jean-Marie\AppData\Local\anti-malware-setup
[12/11/2016 16:27:22] - |D| - [1953204] - C:\Users\Jean-Marie\AppData\Local\Apowersoft
[26/04/2017 18:53:30] - |SHD| - [28017169396] - C:\Users\Jean-Marie\AppData\Local\Application Data
[28/04/2017 13:25:59] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Apps
[12/05/2017 12:35:40] - |D| - [1140442] - C:\Users\Jean-Marie\AppData\Local\AppTrailers
[01/05/2017 20:50:15] - |D| - [366178] - C:\Users\Jean-Marie\AppData\Local\ashampoo
[12/11/2016 10:14:29] - |D| - [66104] - C:\Users\Jean-Marie\AppData\Local\ATI
[02/05/2017 13:22:19] - |D| - [1529276] - C:\Users\Jean-Marie\AppData\Local\Avanquest
[01/05/2017 23:30:40] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\CEF
[28/04/2017 13:28:57] - |D| - [99] - C:\Users\Jean-Marie\AppData\Local\ChemTable Software
[26/04/2017 13:53:01] - |D| - [327735017] - C:\Users\Jean-Marie\AppData\Local\chromium
[12/11/2016 10:51:55] - |D| - [26959876] - C:\Users\Jean-Marie\AppData\Local\Comms
[12/11/2016 10:08:51] - |D| - [354910] - C:\Users\Jean-Marie\AppData\Local\ConnectedDevicesPlatform
[29/04/2017 09:47:01] - |D| - [138] - C:\Users\Jean-Marie\AppData\Local\Copy Handler
[25/04/2017 15:09:02] - |D| - [9735608] - C:\Users\Jean-Marie\AppData\Local\CrashDumps
[12/05/2017 11:27:19] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\CrashRpt
[23/04/2017 11:18:15] - |D| - [190831] - C:\Users\Jean-Marie\AppData\Local\CyberGhost
[14/11/2016 19:14:54] - |D| - [4312362] - C:\Users\Jean-Marie\AppData\Local\CyberLink
[26/04/2017 20:49:14] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\DBG
[28/04/2017 13:25:59] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Deployment
[27/04/2017 15:24:14] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Diagnostics
[12/11/2016 11:52:06] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Downloaded Installations
[28/04/2017 13:44:38] - |D| - [2836618] - C:\Users\Jean-Marie\AppData\Local\DownloadFileOpener
[12/05/2017 07:14:37] - |D| - [869] - C:\Users\Jean-Marie\AppData\Local\Fast HTML Checker
[23/04/2017 11:35:50] - |D| - [8257501] - C:\Users\Jean-Marie\AppData\Local\Google
[29/04/2017 09:25:18] - |D| - [634126] - C:\Users\Jean-Marie\AppData\Local\Greenshot
[26/04/2017 18:53:30] - |SHD| - [130] - C:\Users\Jean-Marie\AppData\Local\Historique
[28/04/2017 14:01:24] - |D| - [92346799] - C:\Users\Jean-Marie\AppData\Local\Innovative Solutions
[28/04/2017 14:56:51] - |D| - [82] - C:\Users\Jean-Marie\AppData\Local\iSkysoft
[30/04/2017 18:30:29] - |D| - [5434145] - C:\Users\Jean-Marie\AppData\Local\Kotobee Author
[30/04/2017 18:30:12] - |D| - [5401856] - C:\Users\Jean-Marie\AppData\Local\Kotobee Reader
[28/04/2017 13:45:45] - |D| - [586] - C:\Users\Jean-Marie\AppData\Local\LabPixels
[14/11/2016 20:17:30] - |D| - [2914129] - C:\Users\Jean-Marie\AppData\Local\Logitech® Webcam Software
[26/04/2017 18:53:29] - |D| - [317709244] - C:\Users\Jean-Marie\AppData\Local\Microsoft
[12/11/2016 10:25:42] - |D| - [82096] - C:\Users\Jean-Marie\AppData\Local\MicrosoftEdge
[12/11/2016 14:05:55] - |D| - [179354326] - C:\Users\Jean-Marie\AppData\Local\Moonchild Productions
[12/11/2016 10:29:20] - |D| - [56950559] - C:\Users\Jean-Marie\AppData\Local\Mozilla
[01/05/2017 17:02:08] - |D| - [57102] - C:\Users\Jean-Marie\AppData\Local\Online Video Recorder
[12/11/2016 10:09:01] - |D| - [222697180] - C:\Users\Jean-Marie\AppData\Local\Packages
[15/11/2016 10:50:51] - |D| - [40960] - C:\Users\Jean-Marie\AppData\Local\Power2Go11
[12/11/2016 16:27:11] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Programs
[12/11/2016 10:11:36] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Publishers
[03/05/2017 14:57:48] - |D| - [9209] - C:\Users\Jean-Marie\AppData\Local\Recovery
[29/04/2017 08:06:41] - |D| - [14122] - C:\Users\Jean-Marie\AppData\Local\Seed4Me
[27/04/2017 16:15:04] - |D| - [630981955] - C:\Users\Jean-Marie\AppData\Local\SIB
[28/04/2017 14:10:22] - |D| - [1470604] - C:\Users\Jean-Marie\AppData\Local\StartIsBack
[24/04/2017 10:18:01] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\TeamViewer
[29/04/2017 09:29:15] - |D| - [1810510] - C:\Users\Jean-Marie\AppData\Local\TechSmith
[26/04/2017 18:53:29] - |D| - [709650905] - C:\Users\Jean-Marie\AppData\Local\Temp
[26/04/2017 18:53:30] - |SHD| - [25175476] - C:\Users\Jean-Marie\AppData\Local\Temporary Internet Files
[04/05/2017 10:26:10] - |A| - [212906] - C:\Users\Jean-Marie\AppData\Local\Temprad22880.tmp
[27/04/2017 13:41:47] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Thinstall
[12/11/2016 10:08:57] - |D| - [15753216] - C:\Users\Jean-Marie\AppData\Local\TileDataLayer
[29/04/2017 10:45:55] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\VDownloader
[12/11/2016 10:09:05] - |D| - [4338763] - C:\Users\Jean-Marie\AppData\Local\VirtualStore
[29/04/2017 10:09:12] - |D| - [22310139] - C:\Users\Jean-Marie\AppData\Local\Vision
[12/11/2016 12:05:34] - |D| - [46182785] - C:\Users\Jean-Marie\AppData\Local\WinZip
[28/04/2017 13:08:23] - |D| - [82] - C:\Users\Jean-Marie\AppData\Local\Wondershare
[14/11/2016 10:04:35] - |D| - [70174033] - C:\Users\Jean-Marie\AppData\Local\Zemana
[25/04/2017 09:09:12] - |D| - [162404] - C:\Users\Jean-Marie\AppData\Local\ZHP
[25/04/2017 18:19:29] - |D| - [694254] - C:\Users\Jean-Marie\AppData\Local\{C7C5F199-E36D-9D21-8EF5-B8C9AA9D4451}
[27/04/2017 15:00:38] - |D| - [299] - C:\Users\Jean-Marie\AppData\LocalLow\IObit
[10/11/2016 15:52:30] - |SD| - [2926680] - C:\Users\Jean-Marie\AppData\LocalLow\Microsoft
[26/04/2017 14:20:25] - |D| - [223] - C:\Users\Jean-Marie\AppData\LocalLow\Mozilla
[12/05/2017 04:41:00] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Acronis
[27/04/2017 11:28:55] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\adaware
[12/11/2016 10:09:01] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Adobe
[24/04/2017 16:00:44] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\AmazingPartitionManager
[12/11/2016 16:27:31] - |D| - [678] - C:\Users\Jean-Marie\AppData\Roaming\Apowersoft
[12/05/2017 12:34:31] - |D| - [67214672] - C:\Users\Jean-Marie\AppData\Roaming\AppTrailers
[01/05/2017 20:50:33] - |D| - [2603] - C:\Users\Jean-Marie\AppData\Roaming\Ashampoo
[12/11/2016 10:14:29] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\ATI
[02/05/2017 13:22:18] - |D| - [1323761] - C:\Users\Jean-Marie\AppData\Roaming\Avanquest Software
[12/05/2017 05:56:47] - |D| - [251999715] - C:\Users\Jean-Marie\AppData\Roaming\Azureus
[02/05/2017 11:32:29] - |A| - [83] - C:\Users\Jean-Marie\AppData\Roaming\Camdata.ini
[02/05/2017 11:32:29] - |A| - [408] - C:\Users\Jean-Marie\AppData\Roaming\CamLayout.ini
[02/05/2017 11:32:29] - |A| - [408] - C:\Users\Jean-Marie\AppData\Roaming\CamShapes.ini
[02/05/2017 11:32:29] - |A| - [4547] - C:\Users\Jean-Marie\AppData\Roaming\CamStudio.cfg
[28/04/2017 13:38:24] - |D| - [89629] - C:\Users\Jean-Marie\AppData\Roaming\ChemTable Software
[12/05/2017 13:52:56] - |D| - [206696] - C:\Users\Jean-Marie\AppData\Roaming\CintaNotes
[25/04/2017 10:21:23] - |D| - [1761937] - C:\Users\Jean-Marie\AppData\Roaming\Clipdiary
[15/11/2016 10:52:05] - |D| - [143340] - C:\Users\Jean-Marie\AppData\Roaming\CyberLink
[28/04/2017 14:05:10] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DAEMON Tools Lite
[14/11/2016 10:27:11] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DAEMON Tools Pro
[12/05/2017 11:28:43] - |D| - [30911704] - C:\Users\Jean-Marie\AppData\Roaming\devnull
[23/04/2017 11:52:30] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DiskDefrag
[02/05/2017 10:10:48] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DivX
[28/04/2017 13:44:42] - |D| - [27] - C:\Users\Jean-Marie\AppData\Roaming\DownloadFileOpener
[23/04/2017 14:05:11] - |D| - [384] - C:\Users\Jean-Marie\AppData\Roaming\EASEUS
[12/05/2017 07:10:42] - |D| - [82100] - C:\Users\Jean-Marie\AppData\Roaming\Encrypt4all Software
[13/11/2016 19:26:19] - |D| - [6777] - C:\Users\Jean-Marie\AppData\Roaming\Epson
[23/04/2017 10:38:02] - |D| - [8419217] - C:\Users\Jean-Marie\AppData\Roaming\eufsc
[04/05/2017 18:08:04] - |D| - [12] - C:\Users\Jean-Marie\AppData\Roaming\Foxit AgentInformation
[04/05/2017 18:07:39] - |D| - [21364512] - C:\Users\Jean-Marie\AppData\Roaming\Foxit Software
[24/04/2017 20:31:12] - |D| - [240333] - C:\Users\Jean-Marie\AppData\Roaming\FreeFileSync
[23/04/2017 11:52:28] - |D| - [459170] - C:\Users\Jean-Marie\AppData\Roaming\GlarySoft
[29/04/2017 09:25:18] - |D| - [15688] - C:\Users\Jean-Marie\AppData\Roaming\Greenshot
[12/05/2017 12:33:05] - |D| - [134] - C:\Users\Jean-Marie\AppData\Roaming\HDWallPaper
[04/05/2017 11:08:56] - |D| - [54] - C:\Users\Jean-Marie\AppData\Roaming\HissenIT Masterdata
[28/04/2017 13:57:07] - |D| - [38017235] - C:\Users\Jean-Marie\AppData\Roaming\Innovative Solutions
[12/05/2017 12:33:09] - |D| - [2988888] - C:\Users\Jean-Marie\AppData\Roaming\Interstatnogui
[27/04/2017 14:47:37] - |D| - [44350] - C:\Users\Jean-Marie\AppData\Roaming\IObit
[25/04/2017 11:18:12] - |D| - [307280] - C:\Users\Jean-Marie\AppData\Roaming\JAM Software
[04/05/2017 11:09:07] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\java
[23/04/2017 11:29:55] - |D| - [20] - C:\Users\Jean-Marie\AppData\Roaming\KastorFreeVimeoDownloader
[23/04/2017 11:27:09] - |D| - [22] - C:\Users\Jean-Marie\AppData\Roaming\KastorStreamRecorder
[23/04/2017 11:27:37] - |D| - [387] - C:\Users\Jean-Marie\AppData\Roaming\KastorTubeToMp3
[29/04/2017 11:31:00] - |D| - [245] - C:\Users\Jean-Marie\AppData\Roaming\KastorVideoConverter
[30/04/2017 18:36:09] - |D| - [22242029] - C:\Users\Jean-Marie\AppData\Roaming\KotobeePublisher
[12/11/2016 10:26:25] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Lavasoft
[12/11/2016 10:25:39] - |D| - [737] - C:\Users\Jean-Marie\AppData\Roaming\LavasoftStatistics
[14/11/2016 19:39:48] - |D| - [345] - C:\Users\Jean-Marie\AppData\Roaming\Leadertech
[13/11/2016 20:28:03] - |D| - [725] - C:\Users\Jean-Marie\AppData\Roaming\Macromedia
[02/05/2017 13:58:19] - |D| - [228] - C:\Users\Jean-Marie\AppData\Roaming\Media Player Classic
[26/04/2017 18:53:29] - |SD| - [2262353] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft
[12/11/2016 11:46:14] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Modules
[12/11/2016 14:05:55] - |D| - [14327328] - C:\Users\Jean-Marie\AppData\Roaming\Moonchild Productions
[12/11/2016 10:29:20] - |D| - [10] - C:\Users\Jean-Marie\AppData\Roaming\Mozilla
[12/05/2017 11:29:44] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Nico Mak Computing
[24/04/2017 18:53:52] - |HD| - [576] - C:\Users\Jean-Marie\AppData\Roaming\Obsidium
[12/05/2017 12:33:46] - |D| - [464226] - C:\Users\Jean-Marie\AppData\Roaming\One System Care
[27/04/2017 15:56:01] - |AD| - [23476675] - C:\Users\Jean-Marie\AppData\Roaming\PhrozenWinja
[29/04/2017 18:19:48] - |D| - [75332] - C:\Users\Jean-Marie\AppData\Roaming\proDAD
[27/04/2017 15:51:26] - |D| - [3072] - C:\Users\Jean-Marie\AppData\Roaming\Remo
[25/04/2017 19:41:30] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\SecurityXploded
[12/11/2016 10:32:54] - |D| - [77] - C:\Users\Jean-Marie\AppData\Roaming\Skype
[29/04/2017 10:37:58] - |D| - [4753] - C:\Users\Jean-Marie\AppData\Roaming\SoftCDN
[02/05/2017 13:13:40] - |D| - [899764] - C:\Users\Jean-Marie\AppData\Roaming\StartMenuX
[05/05/2017 12:43:11] - |D| - [36111557] - C:\Users\Jean-Marie\AppData\Roaming\SyncDroid
[05/05/2017 12:43:12] - |D| - [150813] - C:\Users\Jean-Marie\AppData\Roaming\Syncios
[05/05/2017 12:43:11] - |D| - [3012] - C:\Users\Jean-Marie\AppData\Roaming\Syncios Data Transfer
[12/05/2017 12:33:19] - |D| - [464222] - C:\Users\Jean-Marie\AppData\Roaming\System Healer
[24/04/2017 09:52:03] - |D| - [4059] - C:\Users\Jean-Marie\AppData\Roaming\TeamViewer
[24/04/2017 18:52:30] - |D| - [173242] - C:\Users\Jean-Marie\AppData\Roaming\TeraCopy
[27/04/2017 13:41:47] - |D| - [48700] - C:\Users\Jean-Marie\AppData\Roaming\Thinstall
[12/11/2016 11:46:04] - |AD| - [15345563] - C:\Users\Jean-Marie\AppData\Roaming\UsbFix
[25/04/2017 09:06:14] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\UTILILAB
[02/05/2017 10:10:23] - |A| - [96] - C:\Users\Jean-Marie\AppData\Roaming\version2.xml
[27/04/2017 16:06:25] - |D| - [1996] - C:\Users\Jean-Marie\AppData\Roaming\Viv
[23/04/2017 13:17:25] - |D| - [28014805] - C:\Users\Jean-Marie\AppData\Roaming\VOS
[24/04/2017 09:52:27] - |D| - [13] - C:\Users\Jean-Marie\AppData\Roaming\WinParam
[25/04/2017 18:59:54] - |D| - [12] - C:\Users\Jean-Marie\AppData\Roaming\WinRAR
[29/04/2017 09:37:52] - |D| - [15870] - C:\Users\Jean-Marie\AppData\Roaming\Xilisoft
[02/05/2017 13:48:25] - |D| - [2239492] - C:\Users\Jean-Marie\AppData\Roaming\XYplorerFree
[12/11/2016 12:17:58] - |D| - [45276013] - C:\Users\Jean-Marie\AppData\Roaming\ZHP
[12/11/2016 10:09:10] - |ASH| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[26/04/2017 18:53:30] - |SHD| - [122273] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[12/11/2016 09:57:55] - |RD| - [122273] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[26/04/2017 18:53:29] - |RD| - [3888] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[26/04/2017 18:53:29] - |RD| - [2931] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[12/11/2016 10:09:10] - |RD| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[12/05/2017 12:34:51] - |D| - [3860] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
[24/04/2017 17:02:01] - |D| - [2183] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CHM Editor
[26/04/2017 13:55:30] - |A| - [1243] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
[23/04/2017 11:18:42] - |A| - [2077] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
[29/04/2017 09:24:03] - |D| - [4156] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
[26/04/2017 20:46:44] - |ASH| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[28/04/2017 13:44:42] - |D| - [1199] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DownloadFileOpener
[05/05/2017 13:17:33] - |D| - [1606] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy File Locker
[12/05/2017 07:14:11] - |D| - [2810] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast HTML Checker
[30/04/2017 19:13:56] - |A| - [2123] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
[26/04/2017 11:58:38] - |D| - [3613] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freeraser
[28/04/2017 13:45:07] - |D| - [2106] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hard Disk Shield
[04/05/2017 11:08:37] - |D| - [8301] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HissenIT
[27/04/2017 15:52:56] - |D| - [6821] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iGetting Audio
[24/04/2017 18:45:14] - |D| - [6022] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy
[29/04/2017 11:16:14] - |D| - [2989] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrorit Partition  Extender Free
[26/04/2017 18:53:29] - |D| - [170] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[05/05/2017 13:27:54] - |D| - [4557] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\muCommander
[28/04/2017 13:25:07] - |D| - [2379] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multi Install 2.4.5
[12/11/2016 10:31:58] - |A| - [2428] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[29/04/2017 21:26:54] - |D| - [2340] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-to-Word
[29/04/2017 09:44:54] - |D| - [4714] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PerigeeCopy
[28/04/2017 14:38:34] - |D| - [3483] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QEMU
[14/11/2016 08:54:58] - |D| - [5250] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker
[12/11/2016 10:09:10] - |RD| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[01/05/2017 22:06:26] - |D| - [2281] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier
[05/05/2017 12:41:46] - |D| - [3950] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
[26/04/2017 18:53:29] - |RD| - [3496] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/04/2017 18:15:42] - |D| - [3912] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[05/05/2017 13:26:53] - |D| - [4623] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\trolCommander
[23/04/2017 10:38:38] - |D| - [1706] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
[23/04/2017 10:45:04] - |D| - [3540] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[29/04/2017 10:09:16] - |D| - [2363] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vision
[12/05/2017 05:56:46] - |D| - [992] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vuze Leap
[26/04/2017 18:53:29] - |RD| - [7238] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[25/04/2017 09:06:02] - |D| - [4401] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[12/11/2016 10:09:10] - |ASH| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [MSSQL$ADK]

[26/04/2017 18:53:28] - |D| - [16729812] - C:\Users\MSSQL$ADK\AppData\Local
[11/11/2016 10:12:03] - |D| - [0] - C:\Users\MSSQL$ADK\AppData\LocalLow
[26/04/2017 18:53:28] - |D| - [41525] - C:\Users\MSSQL$ADK\AppData\Roaming
[26/04/2017 18:53:28] - |SHD| - [15431917] - C:\Users\MSSQL$ADK\AppData\Local\Application Data
[26/04/2017 18:53:28] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Historique
[26/04/2017 18:53:28] - |D| - [1297895] - C:\Users\MSSQL$ADK\AppData\Local\Microsoft
[26/04/2017 18:53:28] - |D| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temp
[26/04/2017 18:53:28] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temporary Internet Files
[26/04/2017 18:53:28] - |SD| - [41525] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft
[26/04/2017 18:53:28] - |SHD| - [16278] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[12/11/2016 09:57:53] - |D| - [16278] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[26/04/2017 18:53:28] - |RD| - [3888] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[26/04/2017 18:53:28] - |RD| - [1486] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[26/04/2017 18:53:28] - |D| - [170] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[26/04/2017 18:53:28] - |RD| - [3496] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[26/04/2017 18:53:28] - |RD| - [7238] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [Public]


---------- | C:\ProgramData

[28/04/2017 13:54:51] - |D| - [12288] - C:\ProgramData\2BrightSparks
[12/05/2017 12:35:44] - |D| - [4275712] - C:\ProgramData\2f79860f-0d73-0
[12/05/2017 12:35:41] - |D| - [4275712] - C:\ProgramData\2f79860f-42b7-0
[12/05/2017 12:35:37] - |D| - [4275712] - C:\ProgramData\2f79860f-73f3-1
[29/04/2017 11:38:26] - |D| - [0] - C:\ProgramData\A-PDF
[12/05/2017 04:38:47] - |D| - [1249203] - C:\ProgramData\Acronis
[23/04/2017 20:06:22] - |D| - [451897029] - C:\ProgramData\adaware
[12/05/2017 03:47:00] - |D| - [1875968] - C:\ProgramData\Admin Arsenal
[28/04/2017 12:22:17] - |D| - [0] - C:\ProgramData\Aiseesoft Studio
[26/04/2017 18:52:24] - |D| - [152] - C:\ProgramData\AMD
[26/04/2017 20:18:25] - |SHD| - [97356175078] - C:\ProgramData\Application Data
[14/11/2016 08:09:16] - |D| - [786424] - C:\ProgramData\Ashampoo
[12/11/2016 10:14:29] - |D| - [186] - C:\ProgramData\ATI
[02/05/2017 13:22:01] - |D| - [2399] - C:\ProgramData\Avanquest
[01/05/2017 22:19:18] - |D| - [4084871] - C:\ProgramData\AVAST Software
[12/11/2016 10:42:16] - |D| - [0] - C:\ProgramData\BitDefender
[12/11/2016 10:06:06] - |SHD| - [10958] - C:\ProgramData\Bureau
[25/04/2017 19:42:07] - |D| - [21378672] - C:\ProgramData\Caphyon
[28/04/2017 13:31:50] - |D| - [380] - C:\ProgramData\Chemtable Software
[25/04/2017 09:06:38] - |D| - [1275] - C:\ProgramData\clp
[15/11/2016 11:29:55] - |D| - [1345] - C:\ProgramData\CLSK
[12/11/2016 09:22:34] - |D| - [0] - C:\ProgramData\Comms
[02/05/2017 13:18:20] - |D| - [1943] - C:\ProgramData\Configuration
[12/11/2016 10:21:20] - |D| - [1787762] - C:\ProgramData\CyberLink
[28/04/2017 14:02:44] - |D| - [3104] - C:\ProgramData\DAEMON Tools Lite
[14/11/2016 10:26:06] - |D| - [2348] - C:\ProgramData\DAEMON Tools Pro
[15/11/2016 10:51:07] - |D| - [0] - C:\ProgramData\dbg
[23/04/2017 10:56:06] - |D| - [0] - C:\ProgramData\DigitalWave.ApplicationUpdater_files
[15/11/2016 11:52:05] - |D| - [4139835] - C:\ProgramData\DivX
[26/04/2017 20:18:25] - |SHD| - [286359292] - C:\ProgramData\Documents
[12/05/2017 12:35:51] - |D| - [0] - C:\ProgramData\e18e187b-6d61-0
[26/04/2017 18:51:20] - |D| - [11076615] - C:\ProgramData\EPSON
[04/05/2017 21:12:32] - |D| - [49932] - C:\ProgramData\FileOpen
[29/04/2017 11:24:41] - |D| - [0] - C:\ProgramData\flipBook
[28/04/2017 13:49:53] - |D| - [31532685] - C:\ProgramData\Folderico
[04/05/2017 18:08:04] - |D| - [29] - C:\ProgramData\Foxit ContentPlatform
[04/05/2017 18:10:06] - |D| - [0] - C:\ProgramData\Foxit Software
[23/04/2017 11:50:51] - |D| - [32995447] - C:\ProgramData\GlarySoft
[28/04/2017 13:47:28] - |D| - [324] - C:\ProgramData\Hard Disk Shield
[01/05/2017 22:32:03] - |D| - [531] - C:\ProgramData\Informer Technologies, Inc
[28/04/2017 14:10:35] - |D| - [113292839] - C:\ProgramData\Innovative Solutions
[12/11/2016 10:23:59] - |D| - [269199581] - C:\ProgramData\install_backup
[12/11/2016 10:23:59] - |D| - [241700] - C:\ProgramData\install_clap
[27/04/2017 14:47:10] - |D| - [36490] - C:\ProgramData\IObit
[28/04/2017 14:41:21] - |D| - [3238710] - C:\ProgramData\iSkysoft
[28/04/2017 14:43:54] - |D| - [4759] - C:\ProgramData\iSkysoft iMedia Converter Deluxe
[12/11/2016 10:21:23] - |D| - [341572965] - C:\ProgramData\Lavasoft
[30/04/2017 18:05:58] - |D| - [153] - C:\ProgramData\Licenses
[14/11/2016 19:55:53] - |D| - [289] - C:\ProgramData\LogiShrd
[14/11/2016 10:31:20] - |D| - [16567] - C:\ProgramData\Macrium
[25/04/2017 15:41:36] - |D| - [114156040] - C:\ProgramData\Malwarebytes
[12/11/2016 10:06:06] - |SHD| - [1531211] - C:\ProgramData\Menu Démarrer
[18/03/2017 23:03:29] - |SD| - [1103938781] - C:\ProgramData\Microsoft
[12/11/2016 17:25:09] - |D| - [0] - C:\ProgramData\Microsoft DNX
[26/04/2017 20:50:32] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[12/11/2016 10:06:06] - |SHD| - [0] - C:\ProgramData\Modèles
[25/04/2017 09:06:25] - |D| - [540341] - C:\ProgramData\NETC
[12/05/2017 11:29:18] - |D| - [0] - C:\ProgramData\Nico Mak Computing
[15/11/2016 22:22:13] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[12/11/2016 15:44:11] - |D| - [468] - C:\ProgramData\NuGet
[12/05/2017 05:56:10] - |D| - [127] - C:\ProgramData\Oracle
[26/04/2017 18:51:16] - |D| - [6382171293] - C:\ProgramData\Package Cache
[15/11/2016 12:03:44] - |D| - [36] - C:\ProgramData\PDVD
[12/11/2016 17:59:51] - |D| - [3906573] - C:\ProgramData\PreEmptive Solutions
[29/04/2017 18:19:32] - |D| - [66867784] - C:\ProgramData\proDAD
[05/05/2017 13:02:50] - |D| - [524] - C:\ProgramData\ProductData
[15/11/2016 22:52:53] - |D| - [112760081] - C:\ProgramData\Rebit
[15/11/2016 23:03:25] - |D| - [8681] - C:\ProgramData\Rebit 5
[18/03/2017 23:03:29] - |D| - [2078] - C:\ProgramData\regid.1991-06.com.microsoft
[27/04/2017 15:39:31] - |D| - [1666] - C:\ProgramData\regid.2003-04.com.caphyon
[25/04/2017 15:13:30] - |D| - [38822188] - C:\ProgramData\RogueKiller
[28/04/2017 13:48:49] - |D| - [1800] - C:\ProgramData\RogueKillerPE
[28/04/2017 13:36:20] - |D| - [145161337] - C:\ProgramData\Simply Super Software
[18/03/2017 23:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[13/11/2016 19:35:40] - |D| - [645] - C:\ProgramData\Sony Corporation
[02/05/2017 13:13:40] - |D| - [16193] - C:\ProgramData\StartMenuX
[12/11/2016 10:23:59] - |D| - [21622932] - C:\ProgramData\SUPPORTDIR
[14/11/2016 08:20:03] - |D| - [247648] - C:\ProgramData\Temp
[05/05/2017 13:19:35] - |D| - [751203] - C:\ProgramData\Teorex
[03/05/2017 11:25:48] - |D| - [235223474] - C:\ProgramData\UCheck
[13/11/2016 19:36:35] - |D| - [4680] - C:\ProgramData\UDL
[12/11/2016 12:06:19] - |D| - [294] - C:\ProgramData\UniqueId
[18/03/2017 23:03:29] - |D| - [6967] - C:\ProgramData\USOPrivate
[26/04/2017 18:58:41] - |D| - [1359872] - C:\ProgramData\USOShared
[25/04/2017 09:06:21] - |D| - [9342] - C:\ProgramData\UTILILAB
[20/03/2017 07:11:49] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[12/11/2016 12:05:13] - |AD| - [411] - C:\ProgramData\WinZip
[28/04/2017 13:06:30] - |D| - [1609] - C:\ProgramData\Wondershare
[28/04/2017 13:08:55] - |D| - [131828867] - C:\ProgramData\Wondershare Video Editor
[29/04/2017 09:31:18] - |D| - [16384] - C:\ProgramData\Xilisoft
[27/04/2017 15:01:58] - |D| - [0] - C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[29/04/2017 10:48:19] - |A| - [1451] - C:\ProgramData\Microsoft\Windows\Start Menu\AdvancedWinServiceManager.lnk
[29/04/2017 10:43:24] - |A| - [1332] - C:\ProgramData\Microsoft\Windows\Start Menu\Autorun File Remover.lnk
[18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[29/04/2017 10:51:59] - |A| - [1296] - C:\ProgramData\Microsoft\Windows\Start Menu\Google Ad Blocker.lnk
[12/11/2016 12:05:45] - |A| - [2200] - C:\ProgramData\Microsoft\Windows\Start Menu\Notifications de Mises à jour.lnk
[12/11/2016 12:05:45] - |A| - [2161] - C:\ProgramData\Microsoft\Windows\Start Menu\Outils d’arrière-plan WinZip.lnk
[12/11/2016 10:06:06] - |SHD| - [752667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[18/03/2017 23:03:29] - |D| - [752667] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[29/04/2017 10:53:43] - |A| - [1272] - C:\ProgramData\Microsoft\Windows\Start Menu\Spy BHO Remover.lnk
[29/04/2017 10:58:22] - |A| - [1945] - C:\ProgramData\Microsoft\Windows\Start Menu\SX Antivirus Kit.lnk
[29/04/2017 11:00:39] - |A| - [1955] - C:\ProgramData\Microsoft\Windows\Start Menu\SX Blocker Suite.lnk
[29/04/2017 11:04:00] - |A| - [1945] - C:\ProgramData\Microsoft\Windows\Start Menu\SX Network Suite.lnk
[29/04/2017 11:08:41] - |A| - [1938] - C:\ProgramData\Microsoft\Windows\Start Menu\SX System Suite.lnk
[29/04/2017 11:11:52] - |A| - [1963] - C:\ProgramData\Microsoft\Windows\Start Menu\SX WiFi Security Suite.lnk
[23/04/2017 10:40:33] - |A| - [1727] - C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
[25/04/2017 19:43:00] - |A| - [1313] - C:\ProgramData\Microsoft\Windows\Start Menu\VirusTotal Scanner.lnk
[25/04/2017 16:22:17] - |A| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
[12/11/2016 12:05:45] - |A| - [2133] - C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[28/04/2017 13:59:52] - |D| - [4037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[18/03/2017 23:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[18/03/2017 23:03:29] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[12/05/2017 04:38:52] - |D| - [20696] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[12/05/2017 04:38:52] - |A| - [1288] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image WD Edition.lnk
[27/04/2017 10:53:13] - |D| - [2600] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
[18/03/2017 23:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[27/04/2017 15:39:31] - |D| - [9720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Installer 13.8.1
[30/04/2017 18:45:56] - |D| - [3041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[30/04/2017 18:45:57] - |A| - [1604] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 12.lnk
[29/04/2017 10:48:13] - |D| - [1463] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Windows Service Manager
[28/04/2017 12:22:59] - |D| - [5415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
[29/04/2017 11:25:29] - |D| - [4095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazing
[24/04/2017 15:30:12] - |D| - [2863] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazing-Share
[26/04/2017 18:52:32] - |D| - [4373] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[28/04/2017 13:34:34] - |D| - [2439] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Locky
[29/04/2017 21:43:42] - |D| - [2424] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMedia Player
[24/04/2017 10:29:16] - |D| - [6595] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 4
[24/04/2017 09:40:57] - |D| - [8927] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft VideoImpression 1.6
[14/11/2016 08:11:06] - |D| - [9149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[12/11/2016 16:30:11] - |D| - [14835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[29/04/2017 10:43:20] - |D| - [1344] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun File Remover
[27/04/2017 11:08:03] - |D| - [3593] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batch Picture Resizer
[12/11/2016 13:55:14] - |D| - [1608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Bureau
[12/11/2016 15:06:45] - |A| - [1500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
[29/04/2017 09:26:49] - |D| - [1866] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[23/04/2017 11:39:12] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[12/05/2017 13:52:49] - |D| - [4499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CintaNotes
[25/04/2017 10:21:16] - |D| - [2276] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clipdiary
[29/04/2017 09:46:57] - |D| - [2814] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Copy Handler
[23/04/2017 11:14:37] - |D| - [2690] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
[14/11/2016 10:52:18] - |D| - [2143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Advisor
[14/11/2016 08:54:07] - |RD| - [1637] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Application Manager
[29/04/2017 14:03:44] - |A| - [2126] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 7 (64-bit).lnk
[29/04/2017 11:58:08] - |A| - [2122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink ColorDirector 5 (64-bit).lnk
[15/11/2016 11:34:51] - |RD| - [23398] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
[02/05/2017 11:28:40] - |A| - [2280] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 11.lnk
[29/04/2017 18:15:08] - |A| - [2067] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 15 (64-bit).lnk
[29/04/2017 11:13:38] - |A| - [2375] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 17.lnk
[14/11/2016 11:02:28] - |A| - [2490] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PresenterLink+.lnk
[29/04/2017 18:15:14] - |A| - [2150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Screen Recorder 15.lnk
[14/11/2016 11:16:18] - |A| - [2418] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink VideoMeeting+.lnk
[29/04/2017 18:41:36] - |RD| - [2404] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[30/04/2017 19:22:30] - |D| - [946] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[02/05/2017 17:24:20] - |D| - [1910] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[23/04/2017 11:40:32] - |D| - [1869] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[18/03/2017 23:03:33] - |ASH| - [2432] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[15/11/2016 11:53:05] - |D| - [4903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[28/04/2017 13:34:10] - |D| - [8256] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIY DataRecovery CHK-Mate
[27/04/2017 15:06:02] - |D| - [2835] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
[28/04/2017 14:01:19] - |D| - [4082] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[29/04/2017 10:30:21] - |D| - [4132] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue Caisse d'Epargne
[12/11/2016 11:53:43] - |D| - [4003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue LCL
[23/04/2017 14:03:50] - |D| - [2838] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS EverySync 3.0
[14/11/2016 09:36:46] - |D| - [2694] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.6
[12/05/2017 07:10:42] - |D| - [3609] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encrypt4all Software
[13/11/2016 19:26:51] - |D| - [3212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[13/11/2016 18:59:18] - |D| - [7080] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[28/04/2017 15:36:50] - |D| - [2324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyes Relaxing And Focusing
[29/04/2017 09:45:39] - |D| - [2556] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast File Copy by Daanav.com
[28/04/2017 14:21:43] - |AD| - [2753] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FF Copy
[12/05/2017 07:09:06] - |D| - [2310] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileVoyager
[12/05/2017 07:21:40] - |D| - [3913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip HTML5
[29/04/2017 11:38:10] - |D| - [4204] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip PDF Professional
[28/04/2017 13:49:52] - |D| - [2257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folderico
[12/05/2017 07:16:36] - |D| - [7717] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FolderViewer
[04/05/2017 19:37:08] - |D| - [4210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
[04/05/2017 18:07:45] - |D| - [2875] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[29/04/2017 11:20:42] - |D| - [2598] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Any Data Encryption
[29/04/2017 11:20:57] - |D| - [2780] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Screen Recorder
[23/04/2017 11:27:46] - |D| - [2390] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Tube To Mp3
[29/04/2017 09:42:13] - |D| - [3314] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free-video-splitter
[24/04/2017 20:30:59] - |A| - [1001] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[23/04/2017 11:50:51] - |A| - [1312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Undelete.lnk
[23/04/2017 11:52:58] - |D| - [1224] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[23/04/2017 11:52:58] - |A| - [1167] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[23/04/2017 11:50:50] - |D| - [4142] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
[12/05/2017 07:09:24] - |D| - [3931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glorylogic
[29/04/2017 10:51:54] - |D| - [1308] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Ad Blocker
[23/04/2017 11:39:59] - |A| - [2272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[02/05/2017 10:09:47] - |D| - [3591] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
[28/04/2017 13:41:21] - |D| - [975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Ransomware
[12/05/2017 12:33:05] - |D| - [1136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
[18/03/2017 22:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[02/05/2017 13:23:50] - |D| - [4587] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InPixio
[29/04/2017 09:43:18] - |D| - [2529] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
[28/04/2017 14:55:21] - |D| - [1215] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[15/11/2016 18:24:12] - |D| - [2273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
[01/05/2017 17:03:42] - |D| - [51445] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[29/04/2017 11:31:11] - |D| - [2496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Video Converter
[23/04/2017 11:29:58] - |D| - [2580] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader
[23/04/2017 11:27:18] - |D| - [2471] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Stream Recorder
[30/04/2017 18:28:04] - |D| - [2363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotobee Author
[23/04/2017 12:06:44] - |D| - [2420] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotobee Publisher
[23/04/2017 10:37:41] - |D| - [2363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kotobee Reader
[12/11/2016 13:52:46] - |D| - [4391] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laplink PCmover Professional
[14/11/2016 19:26:01] - |D| - [1733] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[27/04/2017 15:42:08] - |D| - [2028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LopeSoft
[01/05/2017 13:52:55] - |D| - [2032] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
[18/03/2017 23:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/05/2017 21:57:50] - |D| - [10149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Majorgeeks.com
[01/05/2017 21:53:41] - |A| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Hunter.lnk
[25/04/2017 15:42:19] - |D| - [4042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[12/11/2016 15:24:14] - |D| - [1775] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[28/04/2017 14:09:02] - |D| - [5013] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
[15/11/2016 10:47:33] - |D| - [2340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[12/11/2016 13:23:20] - |D| - [1475] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[12/11/2016 13:19:26] - |D| - [4007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
[02/05/2017 17:38:46] - |D| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniCopier
[18/03/2017 22:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[28/04/2017 14:14:11] - |D| - [5716] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander
[28/04/2017 14:10:25] - |D| - [2790] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSetup Updater
[29/04/2017 18:17:24] - |D| - [9643] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[12/05/2017 12:33:53] - |D| - [1214] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[28/04/2017 14:09:05] - |A| - [2395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[29/04/2017 21:40:51] - |D| - [1361] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Video Recorder
[28/04/2017 13:51:58] - |D| - [2636] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSToto Software Box
[12/11/2016 13:59:03] - |A| - [968] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
[28/04/2017 14:09:27] - |D| - [2326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[05/05/2017 13:28:41] - |D| - [2184] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDQ Deploy
[05/05/2017 13:33:15] - |D| - [2220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDQ Inventory
[28/04/2017 13:42:51] - |D| - [1895] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStitcher
[18/03/2017 22:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[05/05/2017 12:29:54] - |D| - [1277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
[30/04/2017 18:13:06] - |D| - [2567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[24/04/2017 18:17:49] - |A| - [1293] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Search.lnk
[24/04/2017 20:30:59] - |A| - [971] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
[15/11/2016 22:58:31] - |D| - [1153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit Pro
[23/04/2017 11:38:12] - |D| - [3384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[28/04/2017 13:31:29] - |D| - [3862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
[27/04/2017 15:50:09] - |D| - [3888] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Convert OST to PST
[27/04/2017 16:06:27] - |D| - [4672] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Drive Defrag
[27/04/2017 15:55:24] - |D| - [4626] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Drive Wipe
[05/05/2017 13:24:32] - |D| - [4794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo File Eraser 2.0
[27/04/2017 15:55:32] - |D| - [5070] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Outlook Backup & Migrate
[05/05/2017 13:26:13] - |D| - [4766] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Privacy Cleaner
[27/04/2017 15:58:07] - |D| - [3848] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair MOV
[27/04/2017 16:13:49] - |D| - [4952] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair PowerPoint
[27/04/2017 16:13:51] - |D| - [3557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair RAR
[27/04/2017 16:11:43] - |D| - [3918] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair Registry
[27/04/2017 16:12:56] - |D| - [3537] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair ZIP
[28/04/2017 14:08:41] - |D| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net
[25/04/2017 15:12:48] - |D| - [919] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[28/04/2017 14:00:21] - |D| - [943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKillerPE
[28/04/2017 14:09:05] - |D| - [3640] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
[28/04/2017 14:16:20] - |D| - [10678] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanwhole
[28/04/2017 13:42:17] - |D| - [991] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Securely File Shredder
[29/04/2017 08:06:28] - |A| - [1015] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seed4.Me.lnk
[29/04/2017 09:20:57] - |D| - [3302] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender
[28/04/2017 13:35:29] - |D| - [2101] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[27/04/2017 14:43:59] - |D| - [1009] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Install Builder 5
[12/05/2017 13:02:23] - |D| - [2114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkinPack
[12/05/2017 11:30:22] - |D| - [6465] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soci2Sear Browser Enhancer
[01/05/2017 22:24:53] - |D| - [1872] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
[27/04/2017 15:52:34] - |D| - [2611] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speed Install
[29/04/2017 10:53:37] - |D| - [1284] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy BHO Remover
[28/04/2017 13:59:14] - |D| - [1190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
[02/05/2017 13:19:22] - |D| - [2790] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
[18/03/2017 23:03:29] - |RD| - [974] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[29/04/2017 10:57:35] - |D| - [1957] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SX Antivirus Kit
[29/04/2017 11:00:13] - |D| - [1967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SX Blocker Suite
[29/04/2017 11:03:33] - |D| - [1957] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SX Network Suite
[29/04/2017 11:07:51] - |D| - [1950] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SX System Suite
[29/04/2017 11:11:12] - |D| - [1975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SX WiFi Security Suite
[12/05/2017 12:33:19] - |D| - [1201] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
[18/03/2017 23:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[02/05/2017 09:26:01] - |A| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[29/04/2017 09:28:54] - |D| - [2647] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[28/04/2017 14:01:09] - |D| - [4095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[25/04/2017 11:18:48] - |D| - [12138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize
[25/04/2017 11:18:07] - |D| - [3972] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
[28/04/2017 13:38:41] - |D| - [3684] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[03/05/2017 11:25:26] - |D| - [857] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck
[12/05/2017 06:12:02] - |D| - [734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Commander
[28/04/2017 14:35:05] - |D| - [2599] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Key Vaccine 2016
[25/04/2017 09:06:21] - |D| - [2899] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UTILILAB
[25/04/2017 19:43:40] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent AD Remover
[29/04/2017 10:45:45] - |D| - [1794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VDownloader
[25/04/2017 19:42:59] - |D| - [1325] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Scanner
[12/11/2016 14:26:25] - |D| - [7395] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
[12/11/2016 11:44:52] - |A| - [1509] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
[27/04/2017 15:53:39] - |D| - [2389] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VivPDF Editor
[12/11/2016 12:51:10] - |D| - [23993] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[26/04/2017 19:53:38] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[27/04/2017 15:56:07] - |D| - [1066] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winja
[02/05/2017 17:37:27] - |D| - [3180] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMend
[25/04/2017 09:06:06] - |D| - [4329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[28/04/2017 14:43:49] - |D| - [1890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinToHDD
[12/11/2016 12:05:01] - |D| - [2145] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 21.0
[28/04/2017 14:42:57] - |D| - [1349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Duplicate Finder
[28/04/2017 14:41:19] - |D| - [1329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider Pro
[28/04/2017 14:44:53] - |D| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Hotkey
[24/04/2017 18:01:48] - |D| - [1270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch
[14/11/2016 09:05:44] - |D| - [1344] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Memory Optimizer
[14/11/2016 09:05:17] - |D| - [1324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Video Downloader
[28/04/2017 13:07:11] - |D| - [14673] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[29/04/2017 09:36:50] - |D| - [10517] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[26/04/2017 15:08:40] - |D| - [6720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 lite
[26/04/2017 14:50:15] - |D| - [5317] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xplorer2 ult x64
[01/05/2017 22:10:37] - |D| - [3460] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XYplorerFree
[25/04/2017 19:42:02] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Video Ad Blocker
[22/04/2017 17:57:27] - |D| - [1170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[12/05/2017 13:02:24] - |A| - [800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk

---------- | C:\Program Files (x86)

[28/04/2017 13:54:51] - |D| - [112248079] - C:\Program Files (x86)\2BrightSparks
[12/05/2017 04:38:34] - |D| - [280025586] - C:\Program Files (x86)\Acronis
[05/05/2017 13:28:37] - |D| - [50551896] - C:\Program Files (x86)\Admin Arsenal
[28/04/2017 12:22:17] - |D| - [114965879] - C:\Program Files (x86)\Aiseesoft Studio
[29/04/2017 11:25:01] - |D| - [22624684] - C:\Program Files (x86)\Amazing
[24/04/2017 15:30:06] - |D| - [31439931] - C:\Program Files (x86)\Amazing-Share
[05/05/2017 12:41:19] - |D| - [227104879] - C:\Program Files (x86)\Anvsoft
[29/04/2017 21:43:06] - |AD| - [38039993] - C:\Program Files (x86)\AnyMedia Player
[12/11/2016 20:50:18] - |D| - [6219076] - C:\Program Files (x86)\AppInsights
[24/04/2017 09:23:20] - |D| - [302926347] - C:\Program Files (x86)\ArcSoft
[14/11/2016 08:08:16] - |D| - [410309274] - C:\Program Files (x86)\Ashampoo
[26/04/2017 18:51:45] - |AD| - [106367882] - C:\Program Files (x86)\ATI Technologies
[12/11/2016 16:28:00] - |D| - [30538491] - C:\Program Files (x86)\AutoIt3
[28/04/2017 13:34:26] - |D| - [4226065] - C:\Program Files (x86)\AxBx
[27/04/2017 11:07:18] - |AD| - [25914225] - C:\Program Files (x86)\Batch Picture Resizer
[27/04/2017 15:39:30] - |D| - [214674695] - C:\Program Files (x86)\Caphyon
[12/05/2017 13:52:46] - |D| - [8843654] - C:\Program Files (x86)\CintaNotes
[25/04/2017 10:18:30] - |D| - [16458889] - C:\Program Files (x86)\Clipdiary
[26/04/2017 11:58:35] - |D| - [2922805] - C:\Program Files (x86)\Codyssey
[18/03/2017 23:03:28] - |D| - [618485810] - C:\Program Files (x86)\Common Files
[12/11/2016 11:24:24] - |AD| - [3391921766] - C:\Program Files (x86)\CyberLink
[29/04/2017 09:23:45] - |D| - [9889635] - C:\Program Files (x86)\DebugMode
[18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[15/11/2016 11:52:10] - |D| - [8932831] - C:\Program Files (x86)\DivX
[28/04/2017 13:33:39] - |AD| - [2334545] - C:\Program Files (x86)\DIY DataRecovery CHK-Mate
[12/11/2016 11:53:42] - |D| - [667352] - C:\Program Files (x86)\e-Carte Bleue
[14/11/2016 09:09:31] - |D| - [511720187] - C:\Program Files (x86)\EaseUS
[13/11/2016 19:23:46] - |D| - [17239263] - C:\Program Files (x86)\EPSON
[13/11/2016 18:59:13] - |AD| - [224517519] - C:\Program Files (x86)\EPSON Software
[28/04/2017 15:36:47] - |AD| - [2398128] - C:\Program Files (x86)\Eyes Relaxing And Focusing 3.0
[29/04/2017 09:45:37] - |AD| - [5333935] - C:\Program Files (x86)\Fast File Copy by Daanav.com
[28/04/2017 14:21:40] - |AD| - [195006] - C:\Program Files (x86)\FF Copy
[30/04/2017 19:13:52] - |D| - [10955385] - C:\Program Files (x86)\FileHippo.com
[12/05/2017 07:08:39] - |D| - [118053460] - C:\Program Files (x86)\FileVoyager
[12/05/2017 07:17:09] - |D| - [319852949] - C:\Program Files (x86)\Flip HTML5
[29/04/2017 11:24:41] - |AD| - [256140708] - C:\Program Files (x86)\Flip PDF Professional
[28/04/2017 13:49:40] - |D| - [2045655] - C:\Program Files (x86)\Folderico
[12/05/2017 07:16:25] - |D| - [66508465] - C:\Program Files (x86)\FolderViewer
[04/05/2017 18:05:51] - |D| - [938781689] - C:\Program Files (x86)\Foxit Software
[29/04/2017 11:20:17] - |AD| - [5024997] - C:\Program Files (x86)\Free Any Data Encryption
[29/04/2017 09:42:10] - |D| - [23870839] - C:\Program Files (x86)\free-video-splitter
[23/04/2017 10:51:49] - |D| - [20641460] - C:\Program Files (x86)\FreeCodecPack
[23/04/2017 11:47:42] - |D| - [45274682] - C:\Program Files (x86)\Glary Utilities 5
[23/04/2017 11:50:24] - |D| - [279720920] - C:\Program Files (x86)\Glarysoft
[12/05/2017 07:09:22] - |D| - [9090356] - C:\Program Files (x86)\Glorylogic
[23/04/2017 11:35:30] - |D| - [423606767] - C:\Program Files (x86)\Google
[30/04/2017 18:15:33] - |D| - [3272674] - C:\Program Files (x86)\GPU-Z
[24/04/2017 17:01:48] - |D| - [32148397] - C:\Program Files (x86)\Gridinsoft
[28/04/2017 13:44:53] - |D| - [9253044] - C:\Program Files (x86)\Hard Disk Shield
[12/05/2017 12:33:04] - |D| - [8655629] - C:\Program Files (x86)\HDWallPaper
[04/05/2017 11:07:35] - |D| - [160193397] - C:\Program Files (x86)\HissenITMasterdata
[27/04/2017 15:52:13] - |D| - [95068938] - C:\Program Files (x86)\iGetting Audio
[12/11/2016 15:38:32] - |D| - [1182443] - C:\Program Files (x86)\IIS
[12/11/2016 16:12:48] - |AD| - [18253524] - C:\Program Files (x86)\IIS Express
[28/04/2017 14:00:14] - |D| - [80685432] - C:\Program Files (x86)\Innovative Solutions
[02/05/2017 13:22:02] - |D| - [142475515] - C:\Program Files (x86)\InPixio
[12/11/2016 11:38:25] - |HD| - [206177418] - C:\Program Files (x86)\InstallShield Installation Information
[18/03/2017 23:03:28] - |D| - [2018419] - C:\Program Files (x86)\Internet Explorer
[27/04/2017 14:47:37] - |D| - [88713627] - C:\Program Files (x86)\IObit
[28/04/2017 14:41:21] - |D| - [187845814] - C:\Program Files (x86)\iSkysoft
[15/11/2016 18:24:06] - |AD| - [5538852] - C:\Program Files (x86)\ISO to USB
[25/04/2017 11:17:30] - |D| - [7618959] - C:\Program Files (x86)\JAM Software
[01/05/2017 17:03:11] - |AD| - [49459832] - C:\Program Files (x86)\K-Lite Codec Pack
[29/04/2017 11:31:00] - |AD| - [19875712] - C:\Program Files (x86)\Kastor Free Video Converter
[23/04/2017 11:29:55] - |AD| - [11210079] - C:\Program Files (x86)\Kastor Free Vimeo Downloader
[23/04/2017 11:27:09] - |AD| - [35219250] - C:\Program Files (x86)\Kastor Stream Recorder
[23/04/2017 11:27:37] - |AD| - [36760478] - C:\Program Files (x86)\Kastor Tube To Mp3
[14/11/2016 10:05:26] - |D| - [197494] - C:\Program Files (x86)\KeyCryptSDK
[24/04/2017 18:45:07] - |D| - [1104403] - C:\Program Files (x86)\KillSoft
[30/04/2017 18:26:02] - |AD| - [127448263] - C:\Program Files (x86)\Kotobee Author
[23/04/2017 12:05:00] - |AD| - [106802982] - C:\Program Files (x86)\Kotobee Publisher
[23/04/2017 10:37:15] - |AD| - [78151430] - C:\Program Files (x86)\Kotobee Reader
[12/11/2016 13:52:46] - |D| - [63221631] - C:\Program Files (x86)\Laplink
[14/11/2016 19:25:20] - |D| - [38884251] - C:\Program Files (x86)\Logitech
[01/05/2017 21:57:45] - |D| - [4763746] - C:\Program Files (x86)\Majorgeeks.com
[12/11/2016 13:54:51] - |D| - [28320854] - C:\Program Files (x86)\Microsoft
[12/11/2016 17:48:11] - |D| - [389907090] - C:\Program Files (x86)\Microsoft ASP.NET
[12/11/2016 14:22:52] - |D| - [12587472] - C:\Program Files (x86)\Microsoft Help Viewer
[12/11/2016 16:01:02] - |D| - [19600882] - C:\Program Files (x86)\Microsoft Office365 Tools
[12/11/2016 11:03:13] - |AD| - [776131163] - C:\Program Files (x86)\Microsoft SDKs
[15/11/2016 10:40:56] - |AD| - [55976982] - C:\Program Files (x86)\Microsoft Silverlight
[12/11/2016 11:45:14] - |AD| - [1620193686] - C:\Program Files (x86)\Microsoft SQL Server
[12/11/2016 18:16:31] - |D| - [9475628] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[12/11/2016 13:25:14] - |D| - [4850] - C:\Program Files (x86)\Microsoft Visual Studio 10.0
[12/11/2016 19:27:28] - |D| - [78646] - C:\Program Files (x86)\Microsoft Visual Studio 11.0
[12/11/2016 14:55:08] - |D| - [1067854] - C:\Program Files (x86)\Microsoft Visual Studio 12.0
[12/11/2016 11:10:02] - |AD| - [1910277730] - C:\Program Files (x86)\Microsoft Visual Studio 14.0
[12/11/2016 15:42:56] - |D| - [46749807] - C:\Program Files (x86)\Microsoft WCF Data Services
[12/11/2016 16:42:48] - |AD| - [924999892] - C:\Program Files (x86)\Microsoft Web Tools
[18/03/2017 23:03:28] - |D| - [40073467] - C:\Program Files (x86)\Microsoft.NET
[02/05/2017 17:37:54] - |AD| - [91566481] - C:\Program Files (x86)\MiniCopier
[26/04/2017 19:18:50] - |AD| - [82582292] - C:\Program Files (x86)\MSBuild
[05/05/2017 13:27:52] - |D| - [11412989] - C:\Program Files (x86)\muCommander
[28/04/2017 13:23:34] - |D| - [5773515] - C:\Program Files (x86)\Multi Install 2.4.5
[12/05/2017 11:37:15] - |D| - [6742376] - C:\Program Files (x86)\mvJ8xTlUNS
[29/04/2017 18:16:06] - |D| - [421501100] - C:\Program Files (x86)\NewBlue
[12/11/2016 11:38:23] - |D| - [60581586] - C:\Program Files (x86)\NSIS Uninstall Information
[12/11/2016 15:44:12] - |D| - [6746308] - C:\Program Files (x86)\NuGet
[12/05/2017 12:33:46] - |D| - [9506146] - C:\Program Files (x86)\OneSystemCare
[29/04/2017 21:38:53] - |AD| - [86700665] - C:\Program Files (x86)\Online Video Recorder
[28/04/2017 13:50:55] - |D| - [15416253] - C:\Program Files (x86)\OSTotoSoft
[28/04/2017 14:08:46] - |AD| - [2159865] - C:\Program Files (x86)\Panda USB Vaccine
[29/04/2017 21:26:39] - |D| - [807476] - C:\Program Files (x86)\PDF-to-Word
[05/05/2017 12:29:50] - |D| - [24456071] - C:\Program Files (x86)\proDAD
[26/04/2017 19:18:50] - |D| - [1070586837] - C:\Program Files (x86)\Reference Assemblies
[28/04/2017 13:29:14] - |AD| - [35098700] - C:\Program Files (x86)\Reg Organizer
[14/11/2016 08:54:57] - |D| - [959392] - C:\Program Files (x86)\RegSeeker
[27/04/2017 16:06:02] - |AD| - [22524617] - C:\Program Files (x86)\Remo Drive Defrag
[27/04/2017 15:54:59] - |AD| - [30719217] - C:\Program Files (x86)\Remo Drive Wipe
[05/05/2017 13:23:46] - |D| - [42321338] - C:\Program Files (x86)\Remo File Eraser 2.0
[27/04/2017 15:55:05] - |AD| - [31269591] - C:\Program Files (x86)\Remo Outlook Backup & Migrate
[05/05/2017 13:23:34] - |D| - [28697938] - C:\Program Files (x86)\Remo Privacy Cleaner
[27/04/2017 16:13:28] - |AD| - [21449922] - C:\Program Files (x86)\Remo Repair PowerPoint 2.0
[27/04/2017 16:13:34] - |AD| - [20989540] - C:\Program Files (x86)\Remo Repair RAR 2.0
[27/04/2017 16:12:45] - |AD| - [21088682] - C:\Program Files (x86)\Remo Repair ZIP 2.0
[12/05/2017 11:30:49] - |D| - [8603829] - C:\Program Files (x86)\RGyIkQB2O4
[28/04/2017 14:08:36] - |AD| - [845978] - C:\Program Files (x86)\Roadkil.Net
[28/04/2017 14:08:19] - |D| - [6862539] - C:\Program Files (x86)\Runtime Software
[28/04/2017 14:16:10] - |D| - [137091695] - C:\Program Files (x86)\Sanwhole
[12/05/2017 12:51:30] - |D| - [505707] - C:\Program Files (x86)\SEAF
[25/04/2017 19:42:02] - |D| - [204265054] - C:\Program Files (x86)\SecurityXploded
[12/05/2017 12:35:37] - |D| - [8603829] - C:\Program Files (x86)\SeJjmGy6xJ
[28/04/2017 13:35:02] - |AD| - [2249596] - C:\Program Files (x86)\ShadowExplorer
[12/11/2016 17:58:51] - |D| - [180542] - C:\Program Files (x86)\ShellDir
[27/04/2017 14:43:59] - |AD| - [23467386] - C:\Program Files (x86)\Silent Install Builder 5
[28/04/2017 13:57:28] - |AD| - [6235212] - C:\Program Files (x86)\Spybot Anti-Beacon
[28/04/2017 14:05:30] - |AD| - [4266790] - C:\Program Files (x86)\StartIsBack
[28/04/2017 13:53:44] - |D| - [23697267] - C:\Program Files (x86)\Supercopier
[12/05/2017 12:33:19] - |D| - [7746616] - C:\Program Files (x86)\SystemHealer
[24/04/2017 09:45:49] - |AD| - [89384545] - C:\Program Files (x86)\TeamViewer
[29/04/2017 09:28:52] - |D| - [11373214] - C:\Program Files (x86)\TechSmith
[28/04/2017 13:36:20] - |AD| - [20968214] - C:\Program Files (x86)\Trojan Remover
[05/05/2017 13:26:49] - |D| - [36830654] - C:\Program Files (x86)\trolCommander
[25/04/2017 09:06:21] - |D| - [0] - C:\Program Files (x86)\UTILILAB
[27/04/2017 15:53:18] - |AD| - [32296088] - C:\Program Files (x86)\VivPDF Editor
[18/03/2017 23:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender
[12/11/2016 11:03:18] - |D| - [4089801557] - C:\Program Files (x86)\Windows Kits
[18/03/2017 23:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail
[20/03/2017 07:10:55] - |D| - [3364265] - C:\Program Files (x86)\Windows Media Player
[18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[18/03/2017 23:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT
[18/03/2017 23:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer
[18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[18/03/2017 23:03:28] - |D| - [2184102] - C:\Program Files (x86)\WindowsPowerShell
[02/05/2017 17:37:09] - |D| - [14769381] - C:\Program Files (x86)\WinMend
[14/11/2016 09:01:25] - |D| - [29731502] - C:\Program Files (x86)\Wise
[28/04/2017 13:06:30] - |D| - [28780986] - C:\Program Files (x86)\Wondershare
[29/04/2017 09:31:18] - |D| - [170521686] - C:\Program Files (x86)\Xilisoft
[01/05/2017 22:10:23] - |AD| - [8547622] - C:\Program Files (x86)\XYplorerFree
[26/04/2017 15:08:18] - |D| - [2811950] - C:\Program Files (x86)\zabkat
[14/11/2016 10:05:20] - |AD| - [17338136] - C:\Program Files (x86)\Zemana AntiLogger

---------- | C:\Program Files

[12/05/2017 11:29:43] - |D| - [13884643] - C:\Program Files\199767f5a03b16be44dfc63b1c84963b
[27/04/2017 10:38:51] - |D| - [1085766708] - C:\Program Files\adaware
[26/04/2017 18:50:11] - |D| - [96636696] - C:\Program Files\AMD
[26/04/2017 18:52:23] - |AD| - [5595872] - C:\Program Files\ATI Technologies
[29/04/2017 09:26:36] - |AD| - [41623061] - C:\Program Files\CamStudio 2.7
[23/04/2017 11:38:43] - |AD| - [20844096] - C:\Program Files\CCleaner
[18/03/2017 23:03:28] - |D| - [378216433] - C:\Program Files\Common Files
[29/04/2017 09:46:48] - |AD| - [19889964] - C:\Program Files\Copy Handler
[23/04/2017 11:11:14] - |AD| - [65042094] - C:\Program Files\CyberGhost 6
[14/11/2016 19:36:58] - |D| - [1534744585] - C:\Program Files\CyberLink
[30/04/2017 19:21:41] - |D| - [38069855] - C:\Program Files\DAEMON Tools Lite
[02/05/2017 17:23:49] - |D| - [57201477] - C:\Program Files\DAEMON Tools Pro
[23/04/2017 11:40:27] - |AD| - [13481280] - C:\Program Files\Defraggler
[18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini
[15/11/2016 11:52:45] - |D| - [2858724] - C:\Program Files\DivX
[05/05/2017 13:17:31] - |D| - [812116] - C:\Program Files\Easy File Locker
[12/05/2017 07:10:42] - |D| - [2275127] - C:\Program Files\Encrypt4all Software
[12/05/2017 07:14:09] - |D| - [26862192] - C:\Program Files\Fast HTML Checker
[28/04/2017 13:44:10] - |D| - [0] - C:\Program Files\FastCopy
[12/11/2016 10:06:06] - |SHD| - [378216433] - C:\Program Files\Fichiers communs
[05/05/2017 13:19:30] - |D| - [13713757] - C:\Program Files\FolderIco
[24/04/2017 20:30:41] - |AD| - [48392481] - C:\Program Files\FreeFileSync
[02/05/2017 10:09:31] - |AD| - [5045802] - C:\Program Files\Greenshot
[28/04/2017 13:38:58] - |AD| - [9290598] - C:\Program Files\GridinSoft Anti-Ransomware
[12/11/2016 15:38:34] - |AD| - [5477059] - C:\Program Files\IIS
[12/11/2016 16:12:48] - |AD| - [18839453] - C:\Program Files\IIS Express
[18/03/2017 23:03:28] - |D| - [2645598] - C:\Program Files\Internet Explorer
[25/04/2017 11:18:38] - |D| - [46934160] - C:\Program Files\JAM Software
[12/11/2016 10:23:11] - |D| - [655137658] - C:\Program Files\Lavasoft
[27/04/2017 15:42:03] - |D| - [30712845] - C:\Program Files\LopeSoft
[01/05/2017 13:52:51] - |AD| - [92552380] - C:\Program Files\Macrium
[29/04/2017 11:15:56] - |D| - [13930443] - C:\Program Files\Macrorit
[25/04/2017 15:41:36] - |D| - [134016540] - C:\Program Files\Malwarebytes
[12/11/2016 17:25:09] - |D| - [80313] - C:\Program Files\Microsoft DNX
[28/04/2017 13:49:03] - |AD| - [1144783923] - C:\Program Files\Microsoft Office
[28/04/2017 13:48:23] - |D| - [8494464] - C:\Program Files\Microsoft Office 15
[15/11/2016 10:40:56] - |AD| - [69800470] - C:\Program Files\Microsoft Silverlight
[12/11/2016 11:45:13] - |AD| - [269490383] - C:\Program Files\Microsoft SQL Server
[12/11/2016 18:16:56] - |AD| - [10086444] - C:\Program Files\Microsoft SQL Server Compact Edition
[12/11/2016 14:55:19] - |D| - [1125536] - C:\Program Files\Microsoft Visual Studio 12.0
[12/11/2016 11:11:15] - |D| - [64760] - C:\Program Files\Microsoft Visual Studio 14.0
[26/04/2017 19:18:50] - |D| - [25757] - C:\Program Files\MSBuild
[28/04/2017 14:13:46] - |D| - [19744894] - C:\Program Files\MultiCommander (x64)
[29/04/2017 18:17:24] - |D| - [521722715] - C:\Program Files\NewBlue
[12/11/2016 13:58:46] - |AD| - [93628830] - C:\Program Files\Pale Moon
[29/04/2017 09:44:53] - |AD| - [1286657] - C:\Program Files\PerigeeCopy
[28/04/2017 13:42:38] - |AD| - [36837519] - C:\Program Files\PhotoStitcher
[29/04/2017 18:19:26] - |AD| - [4540643] - C:\Program Files\proDAD
[28/04/2017 14:25:56] - |D| - [416136727] - C:\Program Files\qemu
[26/04/2017 18:50:34] - |D| - [35377120] - C:\Program Files\Realtek
[15/11/2016 22:58:17] - |D| - [67605555] - C:\Program Files\Rebit
[23/04/2017 11:38:03] - |AD| - [10928904] - C:\Program Files\Recuva
[26/04/2017 19:18:50] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[27/04/2017 15:49:21] - |AD| - [82165781] - C:\Program Files\Remo Convert OST to PST
[27/04/2017 15:57:52] - |AD| - [21847920] - C:\Program Files\Remo Repair MOV 2.0
[27/04/2017 16:11:18] - |AD| - [56369340] - C:\Program Files\Remo Repair Registry
[25/04/2017 15:12:15] - |AD| - [82902285] - C:\Program Files\RogueKiller
[28/04/2017 13:58:52] - |AD| - [64780814] - C:\Program Files\RogueKillerPE
[28/04/2017 13:42:08] - |D| - [721401] - C:\Program Files\Securely File Shredder
[29/04/2017 08:06:06] - |D| - [27288589] - C:\Program Files\Seed4.Me VPN
[29/04/2017 09:20:52] - |D| - [5209559] - C:\Program Files\Shadow Defender
[02/05/2017 13:18:01] - |AD| - [19619829] - C:\Program Files\Start Menu X
[23/04/2017 11:16:04] - |D| - [272409] - C:\Program Files\TAP-Windows
[23/04/2017 10:40:21] - |AD| - [16326860] - C:\Program Files\TeraCopy
[03/05/2017 11:25:14] - |AD| - [62141708] - C:\Program Files\UCheck
[23/04/2017 10:38:37] - |D| - [22473689] - C:\Program Files\Ultracopier
[12/11/2016 09:47:56] - |HD| - [0] - C:\Program Files\Uninstall Information
[23/04/2017 10:45:03] - |D| - [266699] - C:\Program Files\Unlocker
[29/04/2017 10:44:46] - |AD| - [102142294] - C:\Program Files\VDownloader
[18/03/2017 23:03:28] - |RD| - [16329674] - C:\Program Files\Windows Defender
[18/03/2017 23:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail
[20/03/2017 07:10:55] - |D| - [4781757] - C:\Program Files\Windows Media Player
[18/03/2017 23:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform
[18/03/2017 23:03:28] - |D| - [7835330] - C:\Program Files\Windows NT
[18/03/2017 23:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer
[18/03/2017 23:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices
[18/03/2017 23:03:28] - |D| - [95352] - C:\Program Files\Windows Security
[18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[18/03/2017 23:03:28] - |HD| - [2542333197] - C:\Program Files\WindowsApps
[18/03/2017 23:03:28] - |D| - [2433872] - C:\Program Files\WindowsPowerShell
[29/04/2017 21:41:26] - |D| - [189003] - C:\Program Files\WinPcap
[25/04/2017 09:05:44] - |AD| - [6299885] - C:\Program Files\WinRAR
[28/04/2017 14:43:02] - |AD| - [34446262] - C:\Program Files\WinToHDD
[12/11/2016 12:05:01] - |AD| - [293425904] - C:\Program Files\WinZip
[28/04/2017 14:44:24] - |D| - [9519035] - C:\Program Files\Wise
[28/04/2017 13:08:53] - |D| - [552895383] - C:\Program Files\Wondershare
[26/04/2017 14:50:09] - |D| - [4184607] - C:\Program Files\zabkat

---------- | C:\Program Files (x86)\Common Files

[12/05/2017 04:38:34] - |D| - [335744293] - C:\Program Files (x86)\Common Files\Acronis
[01/05/2017 23:16:22] - |D| - [0] - C:\Program Files (x86)\Common Files\AV
[12/05/2017 07:08:02] - |D| - [70] - C:\Program Files (x86)\Common Files\Clover
[12/11/2016 11:38:08] - |D| - [34529296] - C:\Program Files (x86)\Common Files\CyberLink
[12/11/2016 14:23:11] - |AD| - [25256] - C:\Program Files (x86)\Common Files\Designer
[15/11/2016 11:52:29] - |D| - [37301248] - C:\Program Files (x86)\Common Files\DivX Shared
[14/11/2016 10:50:40] - |D| - [1150965] - C:\Program Files (x86)\Common Files\InstallShield
[27/04/2017 14:55:18] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit
[28/04/2017 14:56:36] - |D| - [6927597] - C:\Program Files (x86)\Common Files\iSkysoft
[26/04/2017 18:51:35] - |AD| - [90449906] - C:\Program Files (x86)\Common Files\logishrd
[12/11/2016 11:42:30] - |D| - [0] - C:\Program Files (x86)\Common Files\Merge Modules
[18/03/2017 23:03:28] - |AD| - [95543038] - C:\Program Files (x86)\Common Files\Microsoft Shared
[29/04/2017 18:17:20] - |D| - [286720] - C:\Program Files (x86)\Common Files\NewBlue
[18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/03/2017 23:03:28] - |D| - [9596811] - C:\Program Files (x86)\Common Files\System
[28/04/2017 13:18:04] - |D| - [6927908] - C:\Program Files (x86)\Common Files\Wondershare

---------- | C:\Program Files\Common files

[23/04/2017 20:10:56] - |D| - [188282884] - C:\Program Files\Common files\adaware
[01/05/2017 23:16:22] - |D| - [0] - C:\Program Files\Common files\AV
[26/04/2017 18:51:25] - |D| - [152640] - C:\Program Files\Common files\EPSON
[26/04/2017 18:51:31] - |D| - [22858487] - C:\Program Files\Common files\logishrd
[18/03/2017 23:03:28] - |AD| - [150137546] - C:\Program Files\Common files\microsoft shared
[29/04/2017 18:18:17] - |D| - [352768] - C:\Program Files\Common files\NewBlue
[18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files\Common files\Services
[18/03/2017 23:03:28] - |D| - [10317707] - C:\Program Files\Common files\System
[28/04/2017 13:08:03] - |D| - [6111699] - C:\Program Files\Common files\Wondershare

---------- | Tasks

[MD5.4BE218BEEE81F2BCDE2B2AABCBAE5B77] - [05/05/2017 12:16:27] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.EFD5509BC95157F0CF6F1DD7FE9A9E16] - [12/05/2017 12:34:24] - |AH| - [486] - C:\WINDOWS\Tasks\C__Users_Jean-Marie_AppData_Local_Temp_9f3d653746e141159e1077112bd3c1a5_NetAdapterUpdate_setup.exe.job
[MD5.9825F9CACB4C88D29EC13533F6E23532] - [12/11/2016 10:02:14] - |A| - [763] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}.job
[MD5.919B72D35F92534504C2CA1C33147687] - [12/11/2016 09:51:55] - |A| - [763] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {69791235-D3B3-45B7-A134-218554EE5C76}.job
[MD5.9AC58A48DDFC87CC86423D9DDF383B1E] - [26/04/2017 19:59:48] - |A| - [763] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {AE5780A0-0AF2-4E57-8021-42C010C39E40}.job
[MD5.845036415BB68F444D73F6B7748C3A8C] - [26/04/2017 18:51:26] - |A| - [763] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {FC6094E7-B8B4-44EE-9D76-76624B51979F}.job
[MD5.C719B70C7B9E51C104719EA63DB0CCA7] - [12/11/2016 10:02:13] - |A| - [949] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}.job
[MD5.DCCE293F9177CBC8ACA9C3FD3372BF48] - [12/11/2016 09:51:55] - |A| - [949] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {69791235-D3B3-45B7-A134-218554EE5C76}.job
[MD5.FDCDC7C7EE0492AB3EE765ADC787AD65] - [26/04/2017 19:59:48] - |A| - [949] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {AE5780A0-0AF2-4E57-8021-42C010C39E40}.job
[MD5.21537D58831A31A2551244454285F7EB] - [26/04/2017 18:51:26] - |A| - [949] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {FC6094E7-B8B4-44EE-9D76-76624B51979F}.job
[MD5.661802D822D393E5315CCA0D33BF58F3] - [30/04/2017 18:46:07] - |A| - [384] - C:\WINDOWS\Tasks\Health-Check-deep.job
[MD5.DA2F9DE3FCAB6AC7ED2B3EA109C29428] - [30/04/2017 18:46:07] - |A| - [376] - C:\WINDOWS\Tasks\Health-Check.job
[MD5.00000000000000000000000000000000] - [27/04/2017 14:55:19] - |D| - [0] - C:\WINDOWS\Tasks\ImCleanDisabled
[MD5.708EA029F398E51E2AEBBD0AD5E5CA73] - [26/04/2017 20:06:59] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.98D65F7D0790019A0FDF9D34A3FF61D4] - [02/05/2017 08:37:05] - |A| - [3674] - C:\WINDOWS\System32\Tasks\Application Starter - f1375f225883e83d52e8db9690775c3c         :   C:\Program Files (x86)\Innovative Solutions\DriverMax\innostp.exe
[MD5.3076E1E43D47F64A6BD31A58FDFE3815] - [27/04/2017 15:00:26] - |A| - [2434] - C:\WINDOWS\System32\Tasks\ASC10_SkipUac_Jean-Marie         :   "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"
[MD5.23165EF2A6E92ECB96FF58DADF4D8C12] - [30/04/2017 18:46:11] - |A| - [3234] - C:\WINDOWS\System32\Tasks\AupAvUpdate         :   C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\updAvTask.exe
[MD5.97473F9C852EF60583DD23F683F9454A] - [26/04/2017 20:06:56] - |A| - [2280] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.04042C072592CE7B83EC6CFE2350FDB6] - [03/05/2017 19:22:36] - |A| - [3664] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask         :   C:\WINDOWS\explorer.exe
[MD5.71CAD15F48D8F01AD8FD578D1ECF605C] - [12/05/2017 12:34:29] - |A| - [2910] - C:\WINDOWS\System32\Tasks\C__Users_Jean-Marie_AppData_Local_Temp_9f3d653746e141159e1077112bd3c1a5_NetAdapterUpdate_setup.exe         :   C:\Users\Jean-Marie\AppData\Local\Temp\9f3d653746e141159e1077112bd3c1a5\NetAdapterUpdate_setup.exe
[MD5.B1D52EBE2AC8CC9262CEDBF947C50259] - [26/04/2017 20:06:56] - |A| - [2548] - C:\WINDOWS\System32\Tasks\DeviceDetector7.5         :   C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
[MD5.6158F2A1BF6F1330090D3C3DDF79707D] - [26/04/2017 20:06:56] - |A| - [3382] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.EA6F97DD84F6FB92022801755ED2C3B2] - [26/04/2017 20:06:56] - |A| - [3382] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {69791235-D3B3-45B7-A134-218554EE5C76}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.70F8482DE74EDAB7E556006E135CD168] - [26/04/2017 20:06:56] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {68953606-62A7-4B6A-87A7-1CF73FEC7E9A}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.EE2AA2F24F166AB7E539516593DAC09C] - [26/04/2017 20:06:56] - |A| - [3560] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {69791235-D3B3-45B7-A134-218554EE5C76}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.CF9ED368C6F2725FBDF43740AF30FE1B] - [01/05/2017 21:50:45] - |A| - [2578] - C:\WINDOWS\System32\Tasks\GlaryInitialize 5         :   C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
[MD5.A0A76DD409029CC6FAAAB722C1E629B9] - [01/05/2017 21:53:38] - |A| - [2306] - C:\WINDOWS\System32\Tasks\GMHSkipUAC         :   C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe
[MD5.041C041E864647FA56F8E07A21E12B4E] - [26/04/2017 20:06:56] - |A| - [3350] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.011C25E8CB3FEDD93D724AB700D8A216] - [26/04/2017 20:06:56] - |A| - [3574] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.467CD9434776B676D167C1F9CBF3E683] - [02/05/2017 17:26:03] - |A| - [3302] - C:\WINDOWS\System32\Tasks\GridinSoft Anti-Ransomware         :   "C:\Program Files\GridinSoft Anti-Ransomware\gsar.exe"
[MD5.75FB1BB49BB281AFFAAE2DBB1F37E0D2] - [01/05/2017 21:50:45] - |A| - [2286] - C:\WINDOWS\System32\Tasks\GU5SkipUAC         :   C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
[MD5.0540480A9FC4792534B341B5AF41D8EA] - [12/05/2017 12:33:07] - |A| - [3288] - C:\WINDOWS\System32\Tasks\HDWallPaper         :   C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe
[MD5.2DD61AA09233098C8FCFE1109CD9AA0F] - [30/04/2017 18:46:07] - |A| - [2706] - C:\WINDOWS\System32\Tasks\Health-Check         :   C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
[MD5.E86455668903CC470E6AF4F10A4AFC01] - [30/04/2017 18:46:07] - |A| - [2724] - C:\WINDOWS\System32\Tasks\Health-Check-deep         :   C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\healthcheck.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [520062] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.CBA9352CC28A24204495C7FBDE89C1EF] - [12/05/2017 12:33:56] - |A| - [3388] - C:\WINDOWS\System32\Tasks\One System Care Monitor         :   "C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe"
[MD5.84D409A8CE2A03B09F983C89F012ED94] - [12/05/2017 12:33:59] - |A| - [3458] - C:\WINDOWS\System32\Tasks\One System Care Run Delay         :   "C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe"
[MD5.0049EEDF973AE5AD7D7403315EB96D2E] - [12/05/2017 12:36:07] - |A| - [3696] - C:\WINDOWS\System32\Tasks\One System Care Task         :   C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE
[MD5.540CD5AC4BA9F136DC0F39E3D3393EC8] - [28/04/2017 14:09:34] - |A| - [3294] - C:\WINDOWS\System32\Tasks\PandaUSBVaccine         :   "C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe"
[MD5.00000000000000000000000000000000] - [28/04/2017 13:59:50] - |D| - [3640] - C:\WINDOWS\System32\Tasks\Safer-Networking
[MD5.19FFBB738785BE36A44BD7C09E27388D] - [12/05/2017 12:35:52] - |A| - [3692] - C:\WINDOWS\System32\Tasks\System Healer Task         :   C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
[MD5.9BB0190ACBFBACC050B2ED3385F3A464] - [12/05/2017 12:33:20] - |A| - [3378] - C:\WINDOWS\System32\Tasks\SystemHealer Monitor         :   "C:\Program Files (x86)\SystemHealer\HealerConsole.exe"
[MD5.C798761E5D104A7CD39360A15257B244] - [12/05/2017 12:33:20] - |A| - [3448] - C:\WINDOWS\System32\Tasks\SystemHealer Run Delay         :   "C:\Program Files (x86)\SystemHealer\SystemHealer.exe"
[MD5.CF9C4769F5E2D4774706FA7C8360AA5B] - [30/04/2017 18:46:10] - |A| - [3878] - C:\WINDOWS\System32\Tasks\UninstallMonitor         :   C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe
[MD5.AE10CF2E282AC91A695E496E546917C3] - [12/05/2017 12:35:51] - |A| - [24444] - C:\WINDOWS\System32\Tasks\{78790B47-0B0D-0979-7D11-0B7A0B79110A}         :   C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list]
"C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe"=C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe:*:Enabled:adsfix_4_29.04.17.1

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\domainprofile\authorizedapplications\list]
"C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe"=C:\Users\Jean-Marie\Desktop\adsfix_4_29.04.17.1.exe:*:Enabled:adsfix_4_29.04.17.1



---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{76F9ABD8-2CB5-4D55-B2DD-1082752E0D32}] : (uxstyle) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem22.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[18/03/2017 22:56:23] - (7.13.65.105) - (QLogic Corporation - QLogic 10 GigE VBD) - C:\WINDOWS\System32\drivers\evbda.sys
[18/03/2017 22:56:25] - (10.6.0.23) - (NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver) - C:\WINDOWS\System32\drivers\nvraid.sys
[18/03/2017 22:56:23] - (7.12.31.105) - (QLogic Corporation - QLogic Gigabit Ethernet VBD) - C:\WINDOWS\System32\drivers\bxvbda.sys
[29/04/2017 09:20:53] - (1.4.0.665) - (SHADOWDEFENDER.COM - Shadow Defender Filter Driver) - C:\WINDOWS\SYSTEM32\drivers\diskpt.sys
[18/03/2017 22:56:25] - (5.1.0.51) - (LSI - LSI 3ware SCSI Storport Driver) - C:\WINDOWS\System32\drivers\3ware.sys
[18/03/2017 22:56:25] - (3.7.1540.43) - (AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform) - C:\WINDOWS\System32\drivers\amdsbs.sys
[18/03/2017 22:56:25] - (7.5.0.32048) - (PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver) - C:\WINDOWS\System32\drivers\arcsas.sys
[18/03/2017 22:56:25] - (1.34.3.83) - (LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas.sys
[18/03/2017 22:56:25] - (2.0.79.81) - (LSI Corporation - LSI SAS Gen2 Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas2i.sys
[18/03/2017 22:56:25] - (2.51.12.81) - (Avago Technologies - Avago SAS Gen3 Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas3i.sys
[18/03/2017 22:56:25] - (2.10.61.81) - (LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sss.sys
[18/03/2017 22:56:25] - (6.706.6.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\megasas.sys
[18/03/2017 22:56:25] - (6.711.10.11) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\MegaSas2i.sys
[18/03/2017 22:56:25] - (15.2.2013.129) - (LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver) - C:\WINDOWS\System32\drivers\megasr.sys
[18/03/2017 22:56:25] - (1.0.5.1016) - (Marvell Semiconductor, Inc. - Marvell Flash Controller Driver) - C:\WINDOWS\System32\drivers\mvumis.sys
[18/03/2017 22:56:25] - (10.6.0.23) - (NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver) - C:\WINDOWS\System32\drivers\nvstor.sys
[18/03/2017 22:56:25] - (6.805.3.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\percsas2i.sys
[18/03/2017 22:56:25] - (6.603.6.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\percsas3i.sys
[18/03/2017 22:56:25] - (5.1.1039.2600) - (Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver) - C:\WINDOWS\System32\drivers\SiSRaid2.sys
[18/03/2017 22:56:25] - (5.1.1039.3600) - (Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver) - C:\WINDOWS\System32\drivers\sisraid4.sys
[18/03/2017 22:56:25] - (5.1.0.10) - (Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64) - C:\WINDOWS\System32\drivers\stexstor.sys
[18/03/2017 22:56:25] - (7.0.9600.6352) - (VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64) - C:\WINDOWS\System32\drivers\vsmraid.sys
[18/03/2017 22:56:25] - (8.0.9200.8110) - (VIA Corporation - VIA StorX RAID Controller Driver) - C:\WINDOWS\System32\drivers\vstxraid.sys
[18/03/2017 22:56:25] - (1.3.0.10769) - (PMC-Sierra - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller) - C:\WINDOWS\System32\drivers\ADP80XX.SYS
[18/03/2017 22:56:25] - (8.0.4.0) - (Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver) - C:\WINDOWS\System32\drivers\HpSAMD.sys
[12/05/2017 04:39:39] - (1.1.0.2305) - (Acronis International GmbH - File tracker minifilter driver) - C:\WINDOWS\system32\DRIVERS\file_tracker.sys
[12/05/2017 04:39:14] - (1.3.0.2227) - (Acronis International GmbH - Acronis Storage Filter Management Driver) - C:\WINDOWS\system32\DRIVERS\fltsrv.sys
[12/05/2017 04:39:21] - (1.0.0.1132) - (Acronis International GmbH - Acronis Backup Archive Explorer) - C:\WINDOWS\system32\DRIVERS\tib.sys
[14/11/2016 09:36:55] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys
[14/11/2016 09:37:07] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys
[15/11/2016 11:34:26] - (5.0.0.10524) - (Cyberlink Co.,Ltd. - Cyberlink Storage Helper Driver (WindowsNT5.x)) - C:\WINDOWS\system32\DRIVERS\CLBStor.sys
[12/05/2017 12:33:11] - (1.0.40.4) - ( -) - C:\WINDOWS\system32\drivers\NetUtils2016.sys
[21/04/2016 11:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\tap0901.sys
[24/04/2017 09:48:03] - (9.0.0.3) - (TeamViewer GmbH - TeamViewerVPN Network Adapter) - C:\WINDOWS\System32\drivers\teamviewervpn.sys
[18/03/2017 22:56:25] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[28/04/2017 14:08:47] - (3.4.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual USB Bus Driver) - C:\WINDOWS\System32\drivers\dtliteusbbus.sys
[05/01/2016 14:45:28] - (3.11.12293.6311) - (BitDefender - BitDefender AntiVirus Active Virus Control Hypervisor driver) - C:\WINDOWS\system32\DRIVERS\avchv.sys
[10/11/2016 19:52:59] - (2.0.0.3505) - (CyberLink - CyberLink Virtual CDROM Bus Enumerator) - C:\WINDOWS\System32\drivers\CLVirtualBus01.sys
[14/11/2016 10:27:16] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Pro Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtproscsibus.sys
[28/04/2017 14:05:39] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Lite Virtual SCSI Bus Driver) - C:\WINDOWS\System32\drivers\dtlitescsibus.sys
[14/11/2016 10:05:31] - (1.8.2.328) - (Zemana Ltd. - Zemana AntiLogger Free) - C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys
[16/02/2016 17:52:38] - (7.0.0.12) - (BitDefender LLC - BitDefender Firewall NDIS6 Filter Driver) - C:\WINDOWS\system32\DRIVERS\bdfndisf6.sys
[16/02/2016 17:52:38] - (7.0.0.8) - (BitDefender LLC - BitDefender Firewall WFP Filter Driver) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys
[05/05/2017 16:11:30] - (1.5.2.333) - (Lace514 -) - C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys
[01/05/2017 22:58:44] - (1.5.2.1) - (Windows (R) Win 7 DDK provider - NetFilter SDK WFP Driver (WPP)) - C:\WINDOWS\system32\drivers\cgnetfilter1521.sys
[10/05/2017 16:09:24] - (11.14.1.38) - (E5MQKJ -) - C:\WINDOWS\system32\drivers\b82d7dae78bbc7cbe3b8b9c71e3430cd.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: extendedbase - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: GSARS Anti-Virus - DriverEnabled: False - GroupOrder: 74 - Status: OK
Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 75 - Status: OK
Name: NetworkService - DriverEnabled: False - GroupOrder: 76 - Status: OK
Name: _Early-Launch - DriverEnabled: False - GroupOrder: 77 - Status: OK
Name: LocalService - DriverEnabled: False - GroupOrder: 78 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="TDI" - Service.Name="DusmSvc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="TDI" - Service.Name="icssvc"
LoadOrderGroup.Name="TDI" - Service.Name="irmon"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="PlugPlay" - Service.Name="RtkAudioService"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="System Reserved" - Service.Name="TeraCopyService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="AudioGroup" - Service.Name="UnsignedThemes"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="TDI" - Service.Name="wlpasvc"
LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avc3"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="avchv"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avckf"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="b82d7dae78bbc7cbe3b8b9c71e3430cd"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="BdfNdisf"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="bdfwfpf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="cgnetfilter1521"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLBStor"
LoadOrderGroup.Name="File System" - SystemDriver.Name="CLBUDF"
LoadOrderGroup.Name="FSFilter HSM" - SystemDriver.Name="CldFlt"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="base" - SystemDriver.Name="clreg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CLVirtualBus01"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist"
LoadOrderGroup.Name="extendedbase" - SystemDriver.Name="CompFilter64"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="diskpt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="dtlitescsibus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="dtliteusbbus"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="dtproscsibus"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Continuous Backup" - SystemDriver.Name="file_tracker"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="fltsrv"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="GSARS Anti-Virus" - SystemDriver.Name="GridinSoftAntiRansomwareDriver"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="gzflt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2_BXT_P"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C_BXT_P"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ignis"
LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="irda"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="keycrypt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Lace514"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbhost"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbip"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="MBAMSwissArmy"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="netcontroller"
LoadOrderGroup.Name="Base" - SystemDriver.Name="NetUtils2016"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="netvsc"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="PfFilter"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFS"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="SensorsSimulatorDriver"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="SpatialGraphFilter"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tap0901"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="teamviewervpn"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="tib"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="tnd"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Trufos"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea"
LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbscan"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="File System" - SystemDriver.Name="uxstyle"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="virtual_file"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs"
LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice"
LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip"
LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid"
LoadOrderGroup.Name="FSFilter Content Screener" - SystemDriver.Name="xlkfs"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - diskpt () -> SYSTEM32\drivers\diskpt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBAKUP (EUBAKUP) -> system32\drivers\eubakup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBKMON (EUBKMON) -> system32\drivers\EUBKMON.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - file_tracker (file_tracker) -> system32\DRIVERS\file_tracker.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fltsrv (Acronis Storage Filter Management) -> system32\DRIVERS\fltsrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ignis (ignis Service) -> system32\drivers\ignis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - snapman (Acronis Snapshots Manager) -> system32\DRIVERS\snapman.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - tib (Acronis TIB Manager) -> system32\DRIVERS\tib.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - b82d7dae78bbc7cbe3b8b9c71e3430cd (b82d7dae78bbc7cbe3b8b9c71e3430cd) -> \??\C:\WINDOWS\system32\drivers\b82d7dae78bbc7cbe3b8b9c71e3430cd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BdfNdisf (@oem4.inf,%BdfNdisf_Desc%;BitDefender Firewall NDIS 6 Filter Driver) -> \SystemRoot\system32\DRIVERS\bdfndisf6.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bdfwfpf (bdfwfpf) -> \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.1.0\Drivers\bdfwfpf.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cgnetfilter1521 (cgnetfilter1521) -> system32\drivers\cgnetfilter1521.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CLBStor (InstantBurn Storage Helper Driver) -> system32\DRIVERS\CLBStor.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - ElRawDisk (ElRawDisk) -> \??\C:\WINDOWS\system32\drivers\rsdrvx64.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - EUDSKACS (EUDSKACS) -> \??\C:\WINDOWS\system32\drivers\eudskacs.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - EUFDDISK (EUFDDISK) -> \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys - AcceptPause: False - AcceptStop: False
S1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - GUBootStartup (GUBootStartup) -> \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - GUSBootStartup (GUSBootStartup) -> \??\C:\WINDOWS\System32\drivers\GUSBootStartup.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - Lace514 (Lace514) -> \SystemRoot\System32\drivers\Lace_wpf_x64.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetUtils2016 (NetUtils2016) -> \??\C:\WINDOWS\system32\drivers\NetUtils2016.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
S1 - [File System Driver] - xlkfs (xlkfs) -> system32\DRIVERS\xlkfs.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - CLBUDF (CyberLink InstantBurn UDF Filesystem) -> (?) - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: False
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - npf (NetGroup Packet Filter Driver) -> system32\drivers\npf.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - PfFilter (PfFilter) -> \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tib_mounter (Acronis TIB Mounter) -> \SystemRoot\system32\DRIVERS\tib_mounter.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - uxstyle (uxstyle) -> \??\C:\WINDOWS\system32\Drivers\elytsxu.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - virtual_file (Acronis Virtual File Driver) -> system32\DRIVERS\virtual_file.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - {41E8078B-96D9-42DC-8789-A1CF102CD880} (Power Control [2016/11/15 11:05:37]) -> \??\C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - {A14A8EF6-B11D-4356-9ECC-4B937E6CC626} (Power Control [2017/04/29 11:35:52]) -> \??\C:\Program Files (x86)\CyberLink\PowerDVD17\Common\NavFilter\000.fcl - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - avc3 (avc3) -> system32\DRIVERS\avc3.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - avchv (@oem0.inf,%ServiceDesc%;avchv Function Driver) -> \SystemRoot\system32\DRIVERS\avchv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - avckf (avckf) -> system32\DRIVERS\avckf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CAD (@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver) -> \SystemRoot\System32\drivers\CAD.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - clvad () -> \SystemRoot\system32\drivers\clvad.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CLVirtualBus01 (@oem1.inf,%CLVirtualBus01.SVCDESC%;CyberLink Virtual CDROM Bus Enumerator) -> \SystemRoot\System32\drivers\CLVirtualBus01.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - clwvdVM (@oem13.inf,%clwvd.DeviceDesc% Service;Camera for VideoMeeting+/PresenterLink+ Service) -> \SystemRoot\system32\DRIVERS\clwvdVM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CompFilter64 (UVCCompositeFilter) -> \SystemRoot\System32\drivers\lvbflt64.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Pilotes audio approuvés par Microsoft) -> \SystemRoot\system32\DRIVERS\drmkaud.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - dtlitescsibus (@oem14.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus) -> \SystemRoot\System32\drivers\dtlitescsibus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - dtliteusbbus (@oem76.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus) -> \SystemRoot\System32\drivers\dtliteusbbus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - dtproscsibus (@oem3.inf,%DTPROSCSIBUS.DeviceDesc%;DAEMON Tools Pro Virtual SCSI Bus) -> \SystemRoot\System32\drivers\dtproscsibus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - GridinSoftAntiRansomwareDriver (GridinSoft AntiRansomware) -> system32\DRIVERS\gsars.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GridinSoftTrafficInspectDriver (GridinSoftTrafficInspectDriver) -> \SystemRoot\system32\DRIVERS\gsinspect.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - GUMHFilters (GUMHFilters) -> \??\C:\Program Files (x86)\Glarysoft\Malware Hunter\Native\winxp_x64\GUMHFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - gzflt (gzflt) -> system32\DRIVERS\gzflt.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_GPIO2_BXT_P (@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_I2C_BXT_P (@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C_BXT_P.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - keycrypt (keycrypt) -> system32\DRIVERS\KeyCrypt64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - lvrs64 (@oem21.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - LVUVC64 (@oem20.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mausbhost (@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver) -> \SystemRoot\System32\drivers\mausbhost.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mausbip (@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver) -> \SystemRoot\System32\drivers\mausbip.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MMPDrv (MMPDrv) -> \??\C:\WINDOWS\System32\drivers\MMPDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Proxy de service de répartition Microsoft) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Proxy d’horloge de répartition Microsoft) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Proxy de gestion de qualité de répartition Microsoft) -> \SystemRoot\system32\DRIVERS\MSPQM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Convertisseur en T/site-à-site de répartition Microsoft) -> \SystemRoot\system32\DRIVERS\MSTEE.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - netvsc () -> \SystemRoot\System32\drivers\netvsc.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - NTFS () -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - nvdimmn (@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver) -> \SystemRoot\System32\drivers\nvdimmn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - pmem (@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver) -> \SystemRoot\System32\drivers\pmem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - ReFS () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - ReFSv1 () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - SDFRd (@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector) -> \SystemRoot\System32\drivers\SDFRd.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - SensorsSimulatorDriver (@oem19.inf,%WudfSensorsSimulatorDriverDisplayName%;UMDF Reflector service for SensorsSimulatorDriver) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpatialGraphFilter (Holographic Spatial Graph Filter) -> System32\drivers\SpatialGraphFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - tap0901 (@oem7.inf,%DeviceDescription%;TAP-Windows Adapter V9) -> \SystemRoot\System32\drivers\tap0901.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - teamviewervpn (@oem9.inf,%DeviceDescription%;TeamViewer VPN Adapter) -> \SystemRoot\System32\drivers\teamviewervpn.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - tnd (Acronis Try&Decide filter) -> \SystemRoot\system32\DRIVERS\tnd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Trufos (Trufos) -> system32\DRIVERS\Trufos.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbFlt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> system32\drivers\tsusbflt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;Pilote USB audio (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Pilote parent générique USB Microsoft) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - usbscan (@sti.inf,%usbscan.SvcDesc%;Pilote de scanneur USB) -> \SystemRoot\system32\DRIVERS\usbscan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WDC_SAM (@oem22.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinNat (@%SystemRoot%\system32\drivers\winnat.sys,-10001) -> system32\drivers\winnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;Prise en charge de la numérisation WSD) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys - AcceptPause: False - AcceptStop: False
R4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: True
S4 - [Kernel Driver] - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys - AcceptPause: False - AcceptStop: False
S4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: False
S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.EF558A02D734A1403583E95CCEEC2487] - [27/04/2017 15:06:30] - (.Copyright (c)1999-2015 Martin Malík - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\WINDOWS\Syswow64\Drivers\HWiNFO64A.SYS

---------- | Uninstall

[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC1] : (.-.) -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DownloadFileOpener] : (DownloadFileOpener.-.DownloadFileOpener.com) -> C:\Users\Jean-Marie\AppData\Local\DownloadFileOpener\uninstall.exe
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\fdd5afeb1c26219962a43ddc726e1dbe] : (.-.) -> 
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Pale Moon 27.3.0 (x64 en-US)] : (Pale Moon 27.3.0 (x64 en-US).-.Moonchild Productions) -> "C:\Program Files\Pale Moon\uninstall\helper.exe"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Vision Technology Vision] : (Vision - Software for the Color Blinded.-."Vision Technology") -> "C:\Users\Jean-Marie\AppData\Local\Vision\uninstall.exe"
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{20573C69-4A68-4BEF-A23D-365CB66924CE}] : (Avanquest Message.-.Avanquest Software) -> "C:\Users\Jean-Marie\AppData\Roaming\Avanquest Software\SetupAQ\{20573C69-4A68-4BEF-A23D-365CB66924CE}\Setup.exe" /UNINST
[HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1] : (Apowersoft Online Launcher version 1.4.5.-.APOWERSOFT LIMITED) -> "C:\Users\Jean-Marie\AppData\Local\Apowersoft\Apowersoft Online Launcher\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\199767f5a03b16be44dfc63b1c84963b] : (Social2Search.-.Social2Search) -> C:\WINDOWS\aead19358f7df24ddb2ea25477c1ac3c.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.10.7.0.-.Adlice Software) -> "C:\Program Files\RogueKiller\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\anti-malware-setup] : (anti-malware-setup.-.Jean-Marie) -> "C:\Users\Jean-Marie\AppData\Local\anti-malware-setup\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BEC55C5D-D6D0-4A41-B82C-264EC5EE8052_is1] : (RogueKillerPE version 1.32.0.0.-.Adlice Software) -> "C:\Program Files\RogueKillerPE\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\C4E7EE54-826F-41C4-BE3C-375CC70DC1D8_is1] : (UCheck version 2.0.0.0.-.Adlice Software) -> "C:\Program Files\UCheck\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC0] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CyberGhost 6_is1] : (CyberGhost 6.-.CyberGhost S.R.L.) -> "C:\Program Files\CyberGhost 6\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) -> C:\Program Files\DAEMON Tools Lite\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Pro] : (DAEMON Tools Pro.-.Disc Soft Ltd) -> C:\Program Files\DAEMON Tools Pro\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Defraggler] : (Defraggler.-.Piriform) -> "C:\Program Files\Defraggler\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON XP-710 Series] : (EPSON XP-710 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IINSLPE.EXE /R /APD /P:"EPSON XP-710 Series"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FileMenu Tools_is1] : (FileMenu Tools.-.LopeSoft) -> "C:\Program Files\LopeSoft\FileMenu Tools\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Greenshot_is1] : (Greenshot 1.2.9.129.-.Greenshot) -> "C:\Program Files\Greenshot\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MacriumReflect] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> C:\Program Files\Macrium\Reflect\xReflect.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MultiCommander x64] : (MultiCommander (x64).-.Mathias Svensson) -> C:\Program Files\MultiCommander (x64)\Uninstall MultiCommander.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Pale Moon 26.5.0 (x64 en-US)] : (Pale Moon 26.5.0 (x64 en-US).-.Moonchild Productions) -> "C:\Program Files\Pale Moon\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PerigeeCopy] : (PerigeeCopy 1.7.-.Jeremy Stanley) -> C:\Program Files\PerigeeCopy\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\proDAD-Adorage-3.0] : (proDAD Adorage 3.0 (64bit).-.proDAD GmbH) -> "C:\Program Files\proDAD\Adorage-3.0\uninstall.exe" uninstall spcp PATHVERSION "3.0" MAINNAME "Adorage"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\QEMU] : (QEMU.-.) -> "C:\Program Files\qemu\qemu-uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Recuva] : (Recuva.-.Piriform) -> "C:\Program Files\Recuva\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Seed4.Me VPN] : (Seed4.Me VPN 1.0.9.-.Seed4.me) -> C:\Program Files\Seed4.Me VPN\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Software Informer_is1] : (Software Informer 1.5.1324.0.-.Informer Technologies, Inc.) -> "C:\Program Files\Software Informer\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TAP-Windows] : (TAP-Windows 9.21.2.-.) -> C:\Program Files\TAP-Windows\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeraCopy_is1] : (TeraCopy version 3.0.8.-.Code Sector) -> "C:\Program Files\TeraCopy\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TreeSize_is1] : (TreeSize V6.3.6 (64 bit).-.JAM Software) -> "C:\Program Files\JAM Software\TreeSize\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Unlocker] : (Unlocker 1.9.2.-.Cedrick Collomb) -> C:\Program Files\Unlocker\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinToHDD_is1] : (WinToHDD version 2.3 Beta.-.The EasyUEFI Development Team.) -> "C:\Program Files\WinToHDD\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Wise Hotkey_is1] : (Wise Hotkey 1.14.-.WiseCleaner.com, Inc.) -> "C:\Program Files\Wise\Wise Hotkey\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Wondershare Filmora_is1] : (Wondershare Filmora(Build 8.2.2).-.Wondershare Software) -> "C:\Program Files\Wondershare\Filmora\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\xplorer2p64_u] : (xplorer² Ultimate 64 bit.-.Zabkat) -> "C:\Program Files\zabkat\xplorer2_ult\Uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{04B83666-3A62-452B-85D3-70F8117F2329}_is1] : (CamStudio 2.7.4.-.CamStudio Open Source) -> "C:\Program Files\CamStudio 2.7\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E}] : (AntimalwareEngine.-.adaware) -> MsiExec.exe /I{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{17520B79-9D56-4107-891F-5207F2B5B4D8}_is1] : (Remo Convert OST to PST.-.Remo Software) -> "C:\Program Files\Remo Convert OST to PST\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{22C37D82-6137-40BF-8625-7A846ED65F3A}_is1] : (FolderIco 5.1.-.teorex) -> "C:\Program Files\FolderIco\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26F31E12-3722-45FD-903B-49012286BB4C}] : (OnlineThreatsEngine.-.adaware) -> MsiExec.exe /I{26F31E12-3722-45FD-903B-49012286BB4C}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{28A17CCB-77BB-49C9-847B-60E076DC43D1}] : (UxStyle.-.The Within Network, LLC) -> MsiExec.exe /I{28A17CCB-77BB-49C9-847B-60E076DC43D1}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{299EB32D-0525-4482-A8B5-1F30725AB6F1}_is1] : (PhotoStitcher 2.0.-.Teorex) -> "C:\Program Files\PhotoStitcher\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2B75557A-B66B-4C26-8AFD-F1B752C1D4CB}] : (Fast HTML Checker.-.WebTweakTools.com) -> MsiExec.exe /I{2B75557A-B66B-4C26-8AFD-F1B752C1D4CB}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.6.1469.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3BAE1213-33F0-4482-A6F5-7360F9CD73E1}_is1] : (Encrypt4all Professional Edition version 6.0.0.183.-.Encrypt4all Software) -> "C:\Program Files\Encrypt4all Software\Encrypt4all Professional\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1] : (Start Menu X version 6.02.-.OrdinarySoft) -> "C:\Program Files\Start Menu X\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3E5BEF30-3962-4B47-AECA-937B6CBB0A68}] : (AvcEngine.-.adaware) -> MsiExec.exe /I{3E5BEF30-3962-4B47-AECA-937B6CBB0A68}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> MsiExec.exe /I{595B8A7B-253D-4A4E-95C2-A823EDDD5496}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{76C8F882-DBFC-43FB-9483-E5DE5D7D5FFA}_is1] : (Remo Privacy Cleaner.-.Remo Software) -> "C:\Program Files (x86)\Remo Privacy Cleaner\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}] : (Rebit Pro (64-bit).-.Rebit, Inc.) -> MsiExec.exe /I{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7DE129E5-BB4A-4517-A6CD-C69EEB346781}] : (AntispamEngine.-.adaware) -> MsiExec.exe /I{7DE129E5-BB4A-4517-A6CD-C69EEB346781}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}] : (AdAwareProxyEngine.-.adaware) -> MsiExec.exe /I{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8DD5B1BF-E1BB-43DB-965C-DC6180A19518}_is1] : (Remo Repair MOV.-.Remo Software) -> "C:\Program Files\Remo Repair MOV 2.0\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}] : (Shadow Defender.-.ShadowDefender.com) -> C:\Program Files\Shadow Defender\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1] : (Copy Handler 1.44.-.Józef Starosczyk) -> "C:\Program Files\Copy Handler\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1] : (VDownloader 4.5.2737.-.Vitzo Limited) -> "C:\Program Files\VDownloader\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3}] : (FirewallEngine.-.adaware) -> MsiExec.exe /I{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B8D1E97B-3C79-47A4-ADB7-09625917A2FB}_is1] : (Remo Repair Registry.-.Remo Software) -> "C:\Program Files\Remo Repair Registry\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BECD7155-DC57-4F89-B1A8-A90B033C6209}] : (AdAwareUpdater.-.adaware) -> MsiExec.exe /I{BECD7155-DC57-4F89-B1A8-A90B033C6209}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BECD7155-DC57-4F89-B1A8-A90B033C6209}_AdAwareUpdater] : (adaware antivirus.-.adaware) -> "C:\Program Files\Common Files\adaware\adaware antivirus\updater\12.0.649.11190\AdAwareUpdater.exe" --uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}] : (WinZip 21.0.-.WinZip Computing, S.L.) -> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C2410B}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D78E5094-F665-4F98-A552-43AE08C6C105}_is1] : (Remo File Eraser 2.0.-.Remo Software) -> "C:\Program Files (x86)\Remo File Eraser 2.0\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}] : (AdAwareInstaller.-.adaware) -> MsiExec.exe /I{D7BF2029-EB2D-4523-AFA0-95CE605E696E}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F008F551-A58D-4257-9FB6-2F750860A0DE}_is1] : (GridinSoft Anti-Ransomware 0.9.1.-.GridinSoft, LLC.) -> "C:\Program Files\GridinSoft Anti-Ransomware\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\11598763487076930564] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\2a2f52d72f79860f] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\6ffac89fe18e187b] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced Windows Service Manager 6.0] : (Advanced Windows Service Manager.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}\Setup_AdvancedWinServiceManager.exe /i {E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Anti-Locky_is1] : (Anti-Locky.-.AxBx) -> "C:\Program Files (x86)\AxBx\Anti-Locky\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AppTrailers] : (AppTrailers - AppTrailers for Desktop.-.AppTrailers) -> "C:\Users\Jean-Marie\AppData\Roaming\AppTrailers\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ashampoo StartUp Tuner 2_is1] : (Ashampoo StartUp Tuner 2.00.-.ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo StartUp Tuner 2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AU11_is1] : (Advanced Uninstaller PRO - Version 12.-.Innovative Solutions) -> "C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AutoItv3] : (AutoIt v3.3.14.2.-.AutoIt Team) -> C:\Program Files (x86)\AutoIt3\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Autorun File Remover 5.0] : (Autorun File Remover.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}\Setup_AutorunFileRemover.exe /i {8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Batch Picture Resizer_is1] : (Batch Picture Resizer 7.3.-.SoftOrbits) -> "C:\Program Files (x86)\Batch Picture Resizer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CHK-Mate_is1] : (DIY DataRecovery CHK-Mate.-.DIY DataRecovery.nl) -> "C:\Program Files (x86)\DIY DataRecovery CHK-Mate\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CHM Editor] : (CHM Editor.-.) -> C:\Program Files (x86)\Gridinsoft\CHMEditor\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CintaNotes_is1] : (CintaNotes 3.7.-.Cinta Software) -> "C:\Program Files (x86)\CintaNotes\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Clipdiary] : (Clipdiary 5.0.-.Tiushkov Nikolay) -> C:\Program Files (x86)\Clipdiary\uninst.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DailymotionVideoAdBlocker] : (DailymotionVideoAdBlocker v1.5.-.SecurityXploded) -> "C:\Program Files (x86)\SecurityXploded\DailymotionVideoAdBlocker\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DebugMode Wink] : (DebugMode Wink.-.) -> "C:\Program Files (x86)\DebugMode\Wink\uninst.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DivX Setup] : (Configuration DivX.-.DivX, LLC) -> C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DMX5_is1] : (DriverMax 9.-.Innovative Solutions) -> "C:\Program Files (x86)\Innovative Solutions\DriverMax\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Driver Booster_is1] : (Driver Booster 4.3.-.IObit) -> "C:\Program Files (x86)\IObit\Driver Booster\4.3.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS EverySync_is1] : (EaseUS EverySync 3.0.-.EaseUS) -> "C:\Program Files (x86)\EaseUS\EaseUS EverySync\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EaseUS Todo Backup_is1] : (EaseUS Todo Backup Free 8.6 .-.CHENGDU YIWO Tech Development Co., Ltd) -> "C:\Program Files (x86)\EaseUS\Todo Backup\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Easy File Locker] : (Easy File Locker 2.2.-.XOSLAB.COM) -> C:\Program Files\Easy File Locker\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EPSON Scanner] : (EPSON Scan.-.Seiko Epson Corporation) -> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileHippo.com] : (FileHippo App Manager.-.FileHippo.com) -> "C:\Program Files (x86)\FileHippo.com\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Flip HTML5_is1] : (Flip HTML5.-.eflippdfforipad Solution) -> "C:\Program Files (x86)\Flip HTML5\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Flip PDF Professional_is1] : (Flip PDF Professional.-.FlipBuilder Solution) -> "C:\Program Files (x86)\Flip PDF Professional\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Folderico] : (Folderico 4.0 RC12.-.Shedko ( www.softq.org)) -> C:\Program Files (x86)\Folderico\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FolderViewer] : (FolderViewer.-.MatirSoft) -> "C:\Program Files (x86)\FolderViewer\Uninstall\Uninstall.exe" /u:"FolderViewer"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Foxit Reader_is1] : (Foxit Reader.-.Foxit Software Inc.) -> "C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free Studio_is1] : (Free Studio.-.Digital Wave Ltd) -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe /app FreeStudio
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free Video Converter_is1] : (Free Video Converter V 2.3.-.Kastor Soft) -> "C:\Program Files (x86)\Kastor Free Video Converter\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free Video Splitter] : (Free Video Splitter 4.0.1.-.Free Video Splitter Team) -> C:\Program Files (x86)\free-video-splitter\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free Video to GIF Converter_is1] : (Free Video to GIF Converter (1.6.0.0).-.Amazing Studio) -> "C:\Program Files (x86)\Amazing\Free Video to GIF Converter\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free YouTube Download_is1] : (Free YouTube Download.-.Digital Wave Ltd) -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe /app FreeYTVDownloader
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeFileSync_is1] : (FreeFileSync 9.0.-.www.FreeFileSync.org) -> "C:\Program Files\FreeFileSync\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Freeraser] : (Freeraser.-.Codyssey.com) -> C:\Program Files (x86)\Codyssey\Freeraser\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Glary Undelete] : (Glary Undelete 5.0.1.19.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Glary Undelete 5\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Glary Utilities 5] : (Glary Utilities 5.74.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glary Utilities 5\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Ad Blocker 6.5] : (Google Ad Blocker.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\Setup_GoogleAdBlocker.exe /i {DD3D64A7-3165-458D-96D4-06FBC609C22A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Hard Disk Shield] : (Hard Disk Shield.-.LabPixels) -> C:\Program Files (x86)\Hard Disk Shield\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HDWallPaper_is1] : (HDWallPaper 1.0.-.HDWallPaper) -> "C:\Program Files (x86)\HDWallPaper\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HissenITMasterdata] : (HissenIT Masterdata.-.HissenIT) -> "C:\Program Files (x86)\HissenITMasterdata\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iGetting Audio] : (iGetting Audio .-.Tenorshare, Inc.) -> C:\Program Files (x86)\iGetting Audio\driver_signed\win7_64\driver_signed\win7_64\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}] : (CyberLink Media Suite 14.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}] : (CyberLink Application Manager.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}\setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Unlocker_is1] : (IObit Unlocker.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Unlocker\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iSkysoft iMedia Converter Deluxe_is1] : (iSkysoft iMedia Converter Deluxe(Build 9.0.0.1).-.iSkysoft Software) -> "C:\Program Files (x86)\iSkysoft\VCU\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ISO Workshop_is1] : (ISO Workshop 7.5.-.Glorylogic) -> "C:\Program Files (x86)\Glorylogic\ISO Workshop\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Kastor Free Vimeo Downloader_is1] : (Kastor Free Vimeo Downloader V 2.0.-.KastorSoft) -> "C:\Program Files (x86)\Kastor Free Vimeo Downloader\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KLiteCodecPack_is1] : (K-Lite Mega Codec Pack 7.0.0.-.) -> "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Macrorit_extender] : (Macrorit Partition  Extender Free 2017.-.Macrorit Inc.) -> C:\Program Files\Macrorit\Partition Extender\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Majorgeeks.com Software Updates and News] : (Majorgeeks.com Software Updates and News.-.Majorgeeks.com) -> "C:\Program Files (x86)\Majorgeeks.com\Software Updates and News\uninstall.exe" "/U:C:\Program Files (x86)\Majorgeeks.com\Software Updates and News\Uninstall\uninstall.xml"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malware Hunter] : (Malware Hunter 1.34.0.59.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Malware Hunter\uninst.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft SQL Server 11] : (Microsoft SQL Server 2012.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\muCommander] : (muCommander (remove only).-.) -> "C:\Program Files (x86)\muCommander\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Multi Install 2.4.5] : (Multi Install 2.4.5.-.) -> C:\Program Files (x86)\Multi Install 2.4.5\Uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyEpson Portal] : (MyEpson Portal.-.SEIKO EPSON Corporation) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Paint Effects for Windows] : (NewBlue Paint Effects for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Paint Effects for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Titler Pro for Windows] : (NewBlue Titler Pro for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Titler Pro for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Video Essentials for Windows] : (NewBlue Video Essentials for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Video Essentials for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Video Essentials V for Windows] : (NewBlue Video Essentials V for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Video Essentials V for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Video Essentials VI for Windows] : (NewBlue Video Essentials VI for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Video Essentials VI for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Video Essentials VII for Windows] : (NewBlue Video Essentials VII for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Video Essentials VII for Windows\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OneSystemCare] : (One System Care.-.OneSystemCare) -> C:\Program Files (x86)\OneSystemCare\Uninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OSToto Software Box] : (OSToto Software Box - 3.0.2.16.-.OSToto Co., Ltd.) -> C:\Program Files (x86)\OSTotoSoft\Software Box\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDF-to-Word 3.1 Demo] : (PDF-to-Word 3.1 Demo.-.) -> C:\PROGRA~2\PDF-TO~1\demos\UNWISE.EXE /U C:\PROGRA~2\PDF-TO~1\demos\pdf2word.log
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\proDAD-MercalliEasy-2.0] : (proDAD Mercalli Easy Video Stabilizer 2.0.-.proDAD GmbH) -> "C:\Program Files (x86)\proDAD\MercalliEasy-2.0\uninstall.exe" uninstall spcp PATHVERSION "2.0" MAINNAME "MercalliEasy"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Protected Folder_is1] : (Protected Folder.-.IObit) -> "C:\Program Files (x86)\IObit\Protected Folder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Quick Search] : (Quick Search 5.28.1.91.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Quick Search 5\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Reg Organizer_is1] : (Reg Organizer version 7.70.-.ChemTable Software) -> "C:\Program Files (x86)\Reg Organizer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RegSeeker] : (RegSeeker.-.HoverDesk) -> C:\Program Files (x86)\RegSeeker\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Reload Icons Cache 1.00] : (Reload Icons Cache 1.00.-.Mr Blade Design's) -> C:\Program Files (x86)\Mr Blade Design's\Reload Icons Cache\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RPD_is1] : (NeoSetup Updater.-.Innovative Solutions) -> "C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SEAF] : (SEAF By C_XX.-.C_XX) -> "C:\Program Files (x86)\SEAF\Un-SEAF.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Securely File Shredder] : (Securely File Shredder.-.Reason Company Software Inc.) -> "C:\Program Files\Securely File Shredder\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ShadowExplorer_is1] : (ShadowExplorer 0.9.-.ShadowExplorer.com) -> "C:\Program Files (x86)\ShadowExplorer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SkinPack] : (SkinPack Mint.-.SkinPack) -> C:\SkinPack\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SoundCloud Download_is1] : (SoundCloud Download.-.Digital Wave Ltd) -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe /app SoundCloudDownload
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Speed Install_is1] : (Speed Install 2.0.2.1738.-.Almeza Company) -> "C:\Users\Jean-Marie\Documents\Speed Install\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Spy BHO Remover 7.0] : (Spy BHO Remover.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{5DD7489B-EC46-47AF-BB68-22F47253228B}\Setup_SpyBHORemover.exe /i {5DD7489B-EC46-47AF-BB68-22F47253228B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\StartIsBack] : (StartIsBack++.-.startisback.com) -> C:\Program Files (x86)\StartIsBack\StartIsBackCfg.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Supercopier] : (Supercopier 1.2.3.5.-.Supercopier) -> C:\Program Files (x86)\Supercopier\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SX Antivirus Kit 4.0] : (SX Antivirus Kit.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{BBD54A11-C598-4789-8F12-AA189B3374C2}\Setup_SXAntivirusKit.exe /i {BBD54A11-C598-4789-8F12-AA189B3374C2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SX Blocker Suite 3.0] : (SX Blocker Suite.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{35AB7D6C-C217-4470-B2D7-021291708FF4}\Setup_SXBlockerSuite.exe /i {35AB7D6C-C217-4470-B2D7-021291708FF4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SX Network Suite 5.0] : (SX Network Suite.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}\Setup_SXNetworkSuite.exe /i {9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SX System Suite 3.0] : (SX System Suite.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}\Setup_SXSystemSuite.exe /i {D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SX WiFi Security Suite 6.0] : (SX WiFi Security Suite.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}\Setup_SXWiFiSecuritySuite.exe /i {F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SyncBackFree_is1] : (SyncBackFree.-.2BrightSparks) -> "C:\Program Files (x86)\2BrightSparks\SyncBackFree\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SyncBackPro_is1] : (SyncBackPro.-.2BrightSparks) -> "C:\Program Files (x86)\2BrightSparks\SyncBackPro\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SyncBackTouch_is1] : (SyncBackTouch.-.2BrightSparks) -> "C:\Program Files (x86)\2BrightSparks\SyncBackTouch\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Syncios] : (Syncios 6.1.2.-.Anvsoft) -> C:\Program Files (x86)\Anvsoft\Syncios\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SystemHealer] : (System Healer.-.SystemHealer) -> C:\Program Files (x86)\SystemHealer\Uninstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) -> "C:\Program Files (x86)\TeamViewer\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TechPowerUp GPU-Z] : (TechPowerUp GPU-Z.-.TechPowerUp) -> "C:\Program Files (x86)\GPU-Z\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TreeSize Free_is1] : (TreeSize Free V4.0.1.-.JAM Software) -> "C:\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Trojan Remover_is1] : (Trojan Remover.-.Simply Super Software) -> "C:\Program Files (x86)\Trojan Remover\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\trolCommander] : (trolCommander (remove only).-.) -> "C:\Program Files (x86)\trolCommander\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Tuxboot] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Ultracopier] : (Ultracopier 1.2.3.5.-.Ultracopier) -> C:\Program Files\Ultracopier\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\UnrealCommander_is1] : (Unreal Commander v3.57.-.Max Diesel) -> "c:\Unreal Commander\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\USB Key Vaccine 2016_is1] : (USB Key Vaccine 2016.-.AxBx) -> "C:\Program Files (x86)\AxBx\USB Key Vaccine 2016\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix Premium 2016.-.SOSVirus (SOSVirus.Net)) -> C:\Users\Jean-Marie\AppData\Roaming\UsbFix\Un-UsbFix.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uTorrent AD Remover 2.0] : (uTorrent AD Remover.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{22CAD597-F1DB-4045-9CEC-0256478424C3}\Setup_uTorrentADRemover.exe /i {22CAD597-F1DB-4045-9CEC-0256478424C3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Vimeo Download_is1] : (Vimeo Download.-.Digital Wave Ltd) -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe /app VimeoDownload
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VirusTotal Scanner 6.5] : (VirusTotal Scanner.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}\Setup_VirusTotalScanner.exe /i {43C5B500-38EB-456F-8C71-CE7B1F7F9976}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VisualInstaller] : (SkinPack extras.-.) -> C:\Program Files (x86)\2C238515-1493144630-7984-51F0-370493363EDB\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VivPDFEditor_is1] : (VivPDF Editor.-.) -> "C:\Program Files (x86)\VivPDF Editor\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Winja_is1] : (Winja version 3.0.3.-.Phrozen SAS) -> "C:\Users\Jean-Marie\AppData\Roaming\PhrozenWinja\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinMend File Copy_is1] : (WinMend File Copy 2.3.0.-.WinMend.com) -> "C:\Program Files (x86)\WinMend\File Copy\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinPcapInst] : (WinPcap 4.1.2.-.CACE Technologies) -> "C:\Program Files\WinPcap\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Duplicate Finder_is1] : (Wise Duplicate Finder 1.15.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Duplicate Finder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Folder Hider Pro_is1] : (Wise Folder Hider Pro.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Folder Hider Pro\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise JetSearch_is1] : (Wise JetSearch 2.31.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise JetSearch\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Memory Optimizer_is1] : (Wise Memory Optimizer 3.51.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Memory Optimizer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Video Downloader_is1] : (Wise Video Downloader 2.53.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Video Downloader\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wondershare TidyMyMusic_is1] : (Wondershare TidyMyMusic(Build 1.5.0.1).-.Wondershare Software) -> "C:\Program Files (x86)\Wondershare\TidyMyMusic\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xilisoft Video Editor 2] : (Xilisoft Éditeur Vidéo 2.-.Xilisoft) -> C:\Program Files (x86)\Xilisoft\Video Editor 2\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xilisoft Video Splitter 2] : (Xilisoft Découpeur Vidéo 2.-.Xilisoft) -> C:\Program Files (x86)\Xilisoft\Video Splitter 2\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\xplorer2l] : (xplorer² lite 32 bit.-.Zabkat) -> "C:\Program Files (x86)\zabkat\xplorer2_lite\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\XYplorerFree] : (XYplorerFree 17.40.-.Donald Lessau, Cologne Code Company) -> C:\Program Files (x86)\XYplorerFree\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\YouTube Video Ad Blocker 3.0] : (YouTube Video Ad Blocker.-.SecurityXploded) -> C:\ProgramData\Caphyon\Advanced Installer\{07CF5846-FAEA-4A01-8B70-9014216AA707}\Setup_YouTubeVideoAdBlocker.exe /i {07CF5846-FAEA-4A01-8B70-9014216AA707}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}] : (Epson Easy Photo Print 2.-.SEIKO EPSON CORPORATION) -> "C:\Program Files (x86)\InstallShield Installation Information\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}\setup.exe" -runfromtemp -l0x040c  UNINST -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07CF5846-FAEA-4A01-8B70-9014216AA707}] : (YouTube Video Ad Blocker.-.SecurityXploded) -> MsiExec.exe /I{07CF5846-FAEA-4A01-8B70-9014216AA707}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08C03D14-B619-4CD6-938F-C2BB569364E0}] : (FF Copy.-.FF Projects) -> MsiExec.exe /I{08C03D14-B619-4CD6-938F-C2BB569364E0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0A11EA01-7909-E272-BFA6-BC39E55F240A}_is1] : (Ashampoo Snap 10.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0B11329E-1DDE-448A-95E6-AA003C63A6A7}_is1] : (MiniCopier.-.Adrian Courreges) -> "C:\Program Files (x86)\MiniCopier\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F8A1CB4-7F19-4fe9-A724-5F3DE1CB4513}_is1] : (Aiseesoft Video Enhancer 9.2.10.-.Aiseesoft Studio) -> "C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Video Enhancer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10AC3DD9-90D5-4560-930A-FFB939849175}] : (CyberLink VideoMeeting+.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{10AC3DD9-90D5-4560-930A-FFB939849175}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{10AC3DD9-90D5-4560-930A-FFB939849175}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{117CE366-3EED-48C5-BF6A-E0F47A0E68A4}] : (ShadowCopy.-.Runtime Software) -> "C:\Program Files (x86)\Runtime Software\ShadowCopy\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\ShadowCopy\install.log" -u
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11FC9C17-17FF-4F2B-9D5A-4DE097629F00}}_is1] : (Kotobee Reader version 1.1.1.-.Vijua, Inc.) -> "C:\Program Files (x86)\Kotobee Reader\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11FC9C17-17FF-4F2B-9D5A-4DE097629F21}}_is1] : (Kotobee Author version 1.3.2.-.Vijua, Inc.) -> "C:\Program Files (x86)\Kotobee Author\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18C5824A-FD59-453D-9DC1-5D86FA034357}] : (CyberLink AudioDirector 7.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{18C5824A-FD59-453D-9DC1-5D86FA034357}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{18C5824A-FD59-453D-9DC1-5D86FA034357}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1] : (AnyMedia Player 3.4.4.-.cyan soft ltd) -> "C:\Program Files (x86)\AnyMedia Player\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -uninstall -l0x40c
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}] : (CyberLink Media Suite 14.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{22CAD597-F1DB-4045-9CEC-0256478424C3}] : (uTorrent AD Remover.-.SecurityXploded) -> MsiExec.exe /I{22CAD597-F1DB-4045-9CEC-0256478424C3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2450591F-9CC5-4E4D-B650-F3FCD6D3F16F}] : (FoxitSpellCheck.-.Foxit Software Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2452C59D-5040-4A9A-A97F-B925390619E1}] : (Silent Install Builder 5.-.Aprel Tech, LLC) -> MsiExec.exe /X{2452C59D-5040-4A9A-A97F-B925390619E1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{293B15F9-91A8-44D4-ACBB-E13E8E2EC97D}] : (CyberLink ColorDirector 5.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{293B15F9-91A8-44D4-ACBB-E13E8E2EC97D}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{293B15F9-91A8-44D4-ACBB-E13E8E2EC97D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}] : (BD_3D Advisor.-.CyberLink Corp.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}] : (CyberLink WaveEditor 2.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3361D415-BA35-4143-B301-661991BA6219}] : (MyEpson Portal.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35AB7D6C-C217-4470-B2D7-021291708FF4}] : (SX Blocker Suite.-.SecurityXploded) -> MsiExec.exe /I{35AB7D6C-C217-4470-B2D7-021291708FF4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}] : (ArcSoft PhotoImpression.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{38FFFD17-81AD-49EE-80F0-12DF92162DD2}_is1] : (EyesRelaxingAndFocusing 3.0.-.Aledensoft, Inc.) -> "C:\Program Files (x86)\Eyes Relaxing And Focusing 3.0\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1] : (Spybot Anti-Beacon.-.Safer-Networking Ltd.) -> "C:\Program Files (x86)\Spybot Anti-Beacon\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}] : (PreEmptive Analytics Visual Studio Components.-.PreEmptive Solutions) -> MsiExec.exe /X{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}] : (VirusTotal Scanner.-.SecurityXploded) -> MsiExec.exe /I{43C5B500-38EB-456F-8C71-CE7B1F7F9976}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46E9BE31-70DC-4797-A24B-CB7FF0BB68BB}] : (FileOpen.-.Foxit Software Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1] : (Wondershare Helper Compact 2.5.2.-.Wondershare) -> "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1] : (Panda USB Vaccine 1.0.1.4.-.Panda Security) -> "C:\Program Files (x86)\Panda USB Vaccine\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{581697C8-33DC-44BA-A7C3-992B5D29C011}] : (Advanced Installer 13.8.1.-.Caphyon) -> MsiExec.exe /I{581697C8-33DC-44BA-A7C3-992B5D29C011}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}] : (InstaCards.-.InPixio) -> "C:\Program Files (x86)\InstallShield Installation Information\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}\ISAdmin.exe" -runfromtemp -l0x040c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}] : (PDQ Deploy.-.Admin Arsenal) -> MsiExec.exe /X{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DD7489B-EC46-47AF-BB68-22F47253228B}] : (Spy BHO Remover.-.SecurityXploded) -> MsiExec.exe /I{5DD7489B-EC46-47AF-BB68-22F47253228B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60018889-9E0F-43E8-9B89-29E8C828B40A}] : (Dotfuscator and Analytics Community Edition 5.22.0.-.PreEmptive Solutions) -> MsiExec.exe /X{60018889-9E0F-43E8-9B89-29E8C828B40A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{600C936B-7684-42F0-9FBF-04726F3D45E2}] : (Vole Edutainment.-.Sanwhole) -> MsiExec.exe /I{600C936B-7684-42F0-9FBF-04726F3D45E2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64AB8FE0-0627-4FE2-A136-2DAB4B0AF087}_is1] : (Kotobee Publisher version 2.14.-.Vijua, Inc.) -> "C:\Program Files (x86)\Kotobee Publisher\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{665680CE-EABF-4678-94AA-F3253AD70B0A}_is1] : (Remo Repair RAR.-.Remo Software) -> "C:\Program Files (x86)\Remo Repair RAR 2.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}] : (UxStyle.-.The Within Network, LLC) -> "C:\ProgramData\Package Cache\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}\UxStyle_Bundle.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6C4F538B-A66F-444E-9615-A2EBC202EFC5}_is1] : (Remo Drive Defrag.-.Remo Software) -> "C:\Program Files (x86)\Remo Drive Defrag\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D74EB04-2E10-4266-A435-C5012FC68A36}_is1] : (Remo Outlook Backup & Migrate 1.0.0.-.Remo Software) -> "C:\Program Files (x86)\Remo Outlook Backup & Migrate\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{789E7816-C3DD-4392-B486-7C913C26FEDA}_is1] : (Remo Repair PowerPoint.-.Remo Software) -> "C:\Program Files (x86)\Remo Repair PowerPoint 2.0\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}] : (CyberLink Power2Go 11.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{7A3F32E0-D8E1-40C1-8E1B-1F5693F2ADE0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7A3F3715-7953-4247-8B5C-5D03050B9EA9}] : (CyberLink PresenterLink+.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{7A3F3715-7953-4247-8B5C-5D03050B9EA9}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{7A3F3715-7953-4247-8B5C-5D03050B9EA9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7ABAD880-D14E-48D4-9EFD-C0B531AA566E}] : (Module linguistique de Dotfuscator and Analytics Community Edition 5.22.0 fr-FR.-.PreEmptive Solutions) -> MsiExec.exe /X{7ABAD880-D14E-48D4-9EFD-C0B531AA566E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BA87AB0-2055-11E7-8E16-000C2992F709}] : (Foxit PhantomPDF.-.Foxit Software Inc.) -> MsiExec.exe /I{7BA87AB0-2055-11E7-8E16-000C2992F709}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BAA8C5C-160C-4258-AEC0-729E43638F9B}_is1] : (Remo Drive Wipe 2.0.0.-.Remo Software) -> "C:\Program Files (x86)\Remo Drive Wipe\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BAC3F7A-B963-468E-982E-B5608A87408D}] : (Epson Software Updater.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{7BAC3F7A-B963-468E-982E-B5608A87408D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}] : (CyberLink PowerDVD 16.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{7CD1ACC0-3DD0-4894-90C7-BF2A136C074D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.SEIKO EPSON CORPORATION) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{87C334CF-063A-4AEA-B523-1DE04014BA19}_is1] : (Kastor - Tube To Mp3 V 2.99.-.KastorSoft) -> "C:\Program Files (x86)\Kastor Tube To Mp3\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8C784F8B-89D0-4A59-A000-7EEF129E1574}] : (Jing.-.TechSmith Corporation) -> MsiExec.exe /I{8C784F8B-89D0-4A59-A000-7EEF129E1574}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D149BE2-6542-4F6A-AEC4-7D61E6DCAEFB}] : (CyberLink MediaEspresso 7.5.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{8D149BE2-6542-4F6A-AEC4-7D61E6DCAEFB}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{8D149BE2-6542-4F6A-AEC4-7D61E6DCAEFB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiLogger.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiLogger\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}] : (Autorun File Remover.-.SecurityXploded) -> MsiExec.exe /I{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}] : (CyberLink MediaShow 6.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-87C8-5585-2940-1AE1120D4DCC}_is1] : (Ashampoo Privacy Protector.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Privacy Protector\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1] : (Ashampoo Burning Studio 2017.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2017\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{925B61EB-DB5A-482E-9620-F1B67BC88393}] : (Vole Magic Note.-.Sanwhole) -> MsiExec.exe /I{925B61EB-DB5A-482E-9620-F1B67BC88393}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{933B4015-4618-4716-A828-5289FC03165F}] : (VC80CRTRedist - 8.0.50727.6195.-.DivX, Inc) -> MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{983FEDDC-AD2E-48D5-8593-331D3B93407C}_is1] : (Online Video Recorder 3.4.4.-.cyan soft ltd) -> "C:\Program Files (x86)\Online Video Recorder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1] : (iSkysoft Helper Compact 2.5.2.-.iSkysoft) -> "C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}] : (SX Network Suite.-.SecurityXploded) -> MsiExec.exe /I{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F205E94-9E42-4486-A92A-DF3F6CB85444}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{9F205E94-9E42-4486-A92A-DF3F6CB85444}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1] : (Roadkil's Unstoppable Copier Version 5.2.-.Roadkil.Net) -> "C:\Program Files (x86)\Roadkil.Net\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A49D20B8-A2E7-485D-A4A4-29C475D486F3}_is1] : (Online Video Recorder Extras 3.0.2.-.Avanquest Software) -> "C:\Program Files (x86)\Online Video Recorder\unins001.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADD5DB49-72CF-11D8-9D75-000129760D75}] : (CyberLink PowerBackup 2.6.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" /z-uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AmazingDataEncryption}_is1] : (Free Any Data Encryption version 5.1.1.8.-.www.Amazing-Share.com) -> "C:\Program Files (x86)\Free Any Data Encryption\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AmazingPartitionManager}_is1] : (Free Partition Manager version 5.1.1.8.-.www.Amazing-Share.com) -> "C:\Program Files (x86)\Amazing-Share\Free Partition Manager\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AmazingScreenRecorder}_is1] : (Free Screen Recorder version 5.1.1.8.-.www.Amazing-Share.com) -> "C:\Program Files (x86)\Amazing-Share\Free Screen Recorder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B398F6FE-E797-4764-B6F2-C4AE0121A71B}] : (PDQ Inventory.-.Admin Arsenal) -> MsiExec.exe /X{B398F6FE-E797-4764-B6F2-C4AE0121A71B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B7B58EF9-6307-4DCF-8276-2F17D1E6DE69}] : (PreEmptive Analytics Client French Language Pack.-.PreEmptive Solutions) -> MsiExec.exe /I{B7B58EF9-6307-4DCF-8276-2F17D1E6DE69}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BBD54A11-C598-4789-8F12-AA189B3374C2}] : (SX Antivirus Kit.-.SecurityXploded) -> MsiExec.exe /I{BBD54A11-C598-4789-8F12-AA189B3374C2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2E9BCE3-56A8-4A85-9944-6FF3DDCCE816}_is1] : (Remo Repair ZIP.-.Remo Software) -> "C:\Program Files (x86)\Remo Repair ZIP 2.0\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3E8DEF8-0993-4828-9C95-4FB450AE45C1}_is1] : (Fast File Copy version 1.0.-.Daanav Softwares) -> "C:\Program Files (x86)\Fast File Copy by Daanav.com\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}] : (CyberLink LabelPrint 2.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C9292B61-7F3A-44B3-8C38-5662F0AE749D}_is1] : (FileVoyager version 17.4.7.0.-.FileVoyager) -> "C:\Program Files (x86)\FileVoyager\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CB84FEF6-C573-4328-B9A4-B29568A4E10E}_is1] : (Kastor - Stream Recorder V 1.0.-.KastorSoft) -> "C:\Program Files (x86)\Kastor Stream Recorder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}] : (Acronis True Image WD Edition.-.Acronis) -> MsiExec.exe /X{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1] : (ISO to USB.-.isotousb.com) -> "C:\Program Files (x86)\ISO to USB\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D15BFD7F-6BBA-49A7-A6B1-14C00DCA6842}] : (CyberLink PowerDVD 17.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{D15BFD7F-6BBA-49A7-A6B1-14C00DCA6842}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{D15BFD7F-6BBA-49A7-A6B1-14C00DCA6842}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D16A31F9-276D-4968-A753-FFEAC56995D0}] : (Epson Print CD.-.Seiko Epson Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\setup.exe" -runfromtemp -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}] : (CyberLink Application Manager.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}\setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D40EB009-0499-459c-A8AF-C9C110766215}] : (Logitech Webcam Software.-.Logitech Inc.) -> "C:\Program Files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=FRA /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}] : (SX System Suite.-.SecurityXploded) -> MsiExec.exe /I{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D881F038-D767-45AA-90C1-1E5411A9670A}] : (e-Carte Bleue Caisse d'Epargne.-.e-Carte Bleue Caisse d'Epargne) -> MsiExec.exe /I{D881F038-D767-45AA-90C1-1E5411A9670A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DB981AC8-910B-4C0E-8250-829243E85934}] : (e-Carte Bleue LCL.-.e-Carte Bleue LCL) -> MsiExec.exe /I{DB981AC8-910B-4C0E-8250-829243E85934}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD3D64A7-3165-458D-96D4-06FBC609C22A}] : (Google Ad Blocker.-.SecurityXploded) -> MsiExec.exe /I{DD3D64A7-3165-458D-96D4-06FBC609C22A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DEF2E5A3-0317-4822-B930-8B721EB483E4}] : (ArcSoft VideoImpression 1.6.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x40c -uninst 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E3D04529-6EDB-11D8-A372-0050BAE317E1}] : (CyberLink PowerDVD Copy 1.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe" /z-uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E51C8DC9-BFE1-433F-8339-EA2321EF9F12}] : (InPixio Photo Editor.-.InPixio) -> "C:\Program Files (x86)\InstallShield Installation Information\{E51C8DC9-BFE1-433F-8339-EA2321EF9F12}\ISAdmin.exe" -runfromtemp -l0x040c -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}] : (Advanced Windows Service Manager.-.SecurityXploded) -> MsiExec.exe /I{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F7E1CA14-B39D-452A-960B-39423DDDD933}] : (DriveImage XML (Private Edition).-.Runtime Software) -> "C:\Program Files (x86)\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files (x86)\Runtime Software\DriveImage XML\install.log" -u
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}] : (SX WiFi Security Suite.-.SecurityXploded) -> MsiExec.exe /I{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8C774EE-B937-4694-9BE4-D20167FCF20F}] : (Laplink PCmover Professional.-.Laplink Software, Inc.) -> MsiExec.exe /X{F8C774EE-B937-4694-9BE4-D20167FCF20F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA285575-B543-4E6E-A573-A4F534AC9965}] : (CyberLink PowerDirector 15.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{FA285575-B543-4E6E-A573-A4F534AC9965}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{FA285575-B543-4E6E-A573-A4F534AC9965}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{{91D821C9-ED4D-ED57-E224-CEF877967911}}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{{CA916A4C-52F7-5055-975F-9B4AD4204007}}] : (.-.) -> 

---------- | Ports 


---------- | Microsoft Specifications

CheckID: FT_Mvc_VisualStudio140{44A100D0-C1AE-4BB7-A0CC-AA60B7566681} - NOT VS_INSTALL_DIR -> FT_Mvc_VisualStudio14
CheckID: FT_TestTemplates_VisualStudio140{44A100D0-C1AE-4BB7-A0CC-AA60B7566681} - NOT VS_INSTALL_DIR OR NOT VISUALSTUDIO_TEST_PROJECTS -> FT_TestTemplates_VisualStudio14
CheckID: FT_WebPages_VisualStudio140{C24A0C03-69ED-4AF8-9E79-52C1A72D2F7B} - NOT VS_INSTALL_DIR -> FT_WebPages_VisualStudio14
CheckID: FT_WebPages_VisualStudio140{65A12DD3-9992-47D2-8BA2-510CA59F893F} - NOT VS_INSTALL_DIR -> FT_WebPages_VisualStudio14
CheckID: FT_Mvc_VisualStudio140{240E3426-3B55-4AE9-BB63-742651900BC4} - NOT VS_INSTALL_DIR -> FT_Mvc_VisualStudio14
CheckID: FT_TestTemplates_VisualStudio140{240E3426-3B55-4AE9-BB63-742651900BC4} - NOT VS_INSTALL_DIR OR NOT VISUALSTUDIO_TEST_PROJECTS -> FT_TestTemplates_VisualStudio14
CheckID: ExtensionsFeature0{603DCF17-E958-3A31-AFED-919086709DB6} - NOT VISUALSTUDIO_INSTALLDIR -> ExtensionsFeature
CheckID: ExtensionsFeature0{349DE029-E451-3661-A181-F29CE6F94349} - NOT VISUALSTUDIO_INSTALLDIR -> ExtensionsFeature
CheckID: FT_VisualStudio14_WebFXTools0{91D821C9-ED4D-ED57-E224-CEF877967911} - NOT VS_INSTALL_DIR -> FT_VisualStudio14_WebFXTools
CheckID: fe1559e6e1022144a8b5b0ae14281475a31{97B6FAD9-6F14-CC46-3165-F1785ECCE255} - "AMD64" ~= %PROCESSOR_ARCHITECTURE -> fe1559e6e1022144a8b5b0ae14281475a3
CheckID: Dev14ToolsLP_FRA1{1914EF4B-70F3-47AA-90A2-B5FB0C45E45D} - DIR_VS14 <> "" -> Dev14ToolsLP_FRA
CheckID: CrossFeature1{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D} - CopyOfPlatformFiles = "yes" -> CrossFeature
CheckID: FT_VisualStudio14_WebFXTools0{CA916A4C-52F7-5055-975F-9B4AD4204007} - NOT VS_INSTALL_DIR -> FT_VisualStudio14_WebFXTools
CheckID: fe691cf2e12069492d90ac31389ed768161{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1} - ("AMD64" ~= %PROCESSOR_ARCHITECTURE) AND ("x64" ~= ProductArchitecture) -> fe691cf2e12069492d90ac31389ed76816

---------- | CLSID


---------- | Installer

[HKCR\Installer\Products\00058CD18F0BF523DA1072073D56715D] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\005B5C34BE83F654C817ECB7F1F79967] : VirusTotal Scanner -> C:\WINDOWS\Installer\{43C5B500-38EB-456F-8C71-CE7B1F7F9976}\GooglePasswordDecryptor.exe
[HKCR\Installer\Products\026F45BF555911A362BC0B724CDD2F06] : Imaging Designer
[HKCR\Installer\Products\03E7DF311F2DD894BA2C4A42D26B16E0] : IIS 10.0 Express -> C:\WINDOWS\Installer\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}\Icon_IisExpress
[HKCR\Installer\Products\03FEB5E3269374B4EAAC39B7C6BBA086] : AvcEngine -> C:\WINDOWS\Installer\{3E5BEF30-3962-4B47-AECA-937B6CBB0A68}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\04B0AFAF67FA8514D9AFD10225DC9036] : Composants requis pour SSDT -> C:\WINDOWS\Installer\{FAFA0B40-AF76-4158-9DFA-1D2052CD0963}\ARPIco
[HKCR\Installer\Products\04FE16E415A899D3AAC4232F30730038] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\060DED06B6B01CC39B550DDC04F1F0AB] : Visual C++ IDE x64 Package
[HKCR\Installer\Products\070DA1A8F96251A4AA5B67BA98E61F59] : Azure AD Authentication Connected Service
[HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\08735E734493A6A448F22717828E16E6] : Blend for Visual Studio SDK for .NET 4.5 -> C:\WINDOWS\Installer\{37E53780-3944-4A6A-842F-727128E8616E}\Application
[HKCR\Installer\Products\088DABA7E41D4D84E9DF0C5B13AA65E6] : Module linguistique de Dotfuscator and Analytics Community Edition 5.22.0 fr-FR -> C:\WINDOWS\Installer\{7ABAD880-D14E-48D4-9EFD-C0B531AA566E}\DfIcon.ico
[HKCR\Installer\Products\0A39224443547883CA4B78B6D3A55E41] : Visual C++ IDE Common Resource Package
[HKCR\Installer\Products\0BA78AB755027E11E86100C092297F90] : Foxit PhantomPDF -> C:\WINDOWS\Installer\{7BA87AB0-2055-11E7-8E16-000C2992F709}\IconName.exe
[HKCR\Installer\Products\0BE6E9B4DEE047E449979F283C52F417] : SQL Server Browser for SQL Server 2012 -> C:\WINDOWS\Installer\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}\ARPIco
[HKCR\Installer\Products\0CCA1DC70DD34984097CFBA231C670D4] : 
[HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0D7D1075525004A3E8DC53B1DEB04DDA] : Visual C++ IDE Base Resource Package
[HKCR\Installer\Products\0E23F3A71E8D1C04E8B1F165392FDA0E] : 
[HKCR\Installer\Products\0EA8C7F7B169DEA49BA99DEB920C2FC4] : AdAwareProxyEngine -> C:\WINDOWS\Installer\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0EF46B181CD54D535AE1DA1108C325C0] : Visual C++ IDE Core Package
[HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi
[HKCR\Installer\Products\10D8192B98D13D4378FE2A1812CBE67B] : VS Update core components
[HKCR\Installer\Products\11A45DBB895C9874F821AA81B933472C] : SX Antivirus Kit -> C:\WINDOWS\Installer\{BBD54A11-C598-4789-8F12-AA189B3374C2}\SXAntivirusKit.exe
[HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter
[HKCR\Installer\Products\13EB9E64CD0779742AB4BCF70FBB86BB] : FileOpen
[HKCR\Installer\Products\166F59DC4C5A5F446AAACEDD192C14B0] : WinZip 21.0
[HKCR\Installer\Products\1A15D4212C3FEA548B213DAC17420739] : SQL Server 2012 Common Files
[HKCR\Installer\Products\1C2B4FAA72E2FE64B9E9B212030F653F] : FirewallEngine -> C:\WINDOWS\Installer\{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1E6AF1658349876ED2A2AC998FDDBF0C] : Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU)
[HKCR\Installer\Products\1E7C0796D99FD8839830FDF8EC76F7DE] : Roslyn Language Services - x86
[HKCR\Installer\Products\21E13F622273DF5409B394102268BBC4] : OnlineThreatsEngine -> C:\WINDOWS\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\234989D47D950A67DD159B46226FFFF7] : Windows Phone Common Packaging and Test Tools (NT_x86_fre)
[HKCR\Installer\Products\239FD3BA099C4D43FB3479F067D03ADC] : vs_update3notification
[HKCR\Installer\Products\23B5E0C9FAB704E419F6C503AE7F2F9F] : SX Network Suite -> C:\WINDOWS\Installer\{9C0E5B32-7BAF-4E40-916F-5C30EAF7F2F9}\sxnetworksuite.exe
[HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\263AC5E16B930DB49B0C96FC510FEF2A] : AzureTools.Notifications
[HKCR\Installer\Products\26A859D1089C7BC3CA9504FED0F18AE0] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\2C31622C4A7C16749A6011E6DCE44777] : SQL Server 2012 Database Engine Services
[HKCR\Installer\Products\2E4D4D948E1264334A69A141511B5849] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\2EB941D82456A6F4EA4CD7166ECDEABF] : 
[HKCR\Installer\Products\2F12AC03A109BD444AF3CF13DCF04239] : Sql Server Customer Experience Improvement Program -> C:\WINDOWS\Installer\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}\ARPIco
[HKCR\Installer\Products\307BCCF8FBF37e944AF38AE1729D0BE7] : MediaShow -> C:\WINDOWS\Installer\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\317725EEA8EBA8438845ADBCEC35612F] : Visual C++ MSBuild X64 Package
[HKCR\Installer\Products\33305D78435EA394E889A094CB826FB4] : SQL Server 2012 Database Engine Services
[HKCR\Installer\Products\34DFCB3A6D8523137AFD61EC40763227] : Visual Studio 2012 Verification SDK
[HKCR\Installer\Products\36978F1ADBDFB4635892B513D2250944] : Visual C++ Compiler/Tools X86 Base Resource Package
[HKCR\Installer\Products\36DE92D79F487CE44BF999A4A313592B] : SQL Server 2012 Common Files
[HKCR\Installer\Products\37298633C4F0DA04EABF9585F38067D7] : Composants nécessaires pour SSDT -> C:\WINDOWS\Installer\{33689273-0F4C-40AD-AEFB-59583F08767D}\ARPIco
[HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\39753950C43A27243316A79FEAEE6594] : Imaging And Configuration Designer
[HKCR\Installer\Products\3978828F6B15FE74F2393D777666F35C] : Assessments on Client
[HKCR\Installer\Products\39B33D60854982E4DBAE5FCE2B3C3CE0] : AntimalwareEngine -> C:\WINDOWS\Installer\{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\39E186EDACC5EC638A4EA2FEED987F9E] : Visual C++ Compiler/Tools X86 Base Resource Package
[HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3D4250324BDACC96A287698D973E22B1] : Windows PE x86 x64
[HKCR\Installer\Products\3FD1021D439FA2435A68B252C58B2B51] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\4003DA6594B0F7696F280B65056BA187] : Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
[HKCR\Installer\Products\401EEA7469FB704E3DEF08BB4D72234F] : Windows PE x86 x64 wims
[HKCR\Installer\Products\40EF163FE9873F24BBBA7E3B08AAE560] : Windows XP Targeting with C++
[HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\41D30C80916B6DC439F82CBB6539460E] : FF Copy -> C:\WINDOWS\Installer\{08C03D14-B619-4CD6-938F-C2BB569364E0}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\42ACA5646D8BCEF44AD2E9CF9BC25D06] : TypeScript Power Tool -> C:\WINDOWS\Installer\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}\TypeScriptIcon.ico
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : 
[HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\43A8FD62E4CCB143280A16D21412FCC6] : Roslyn Language Services - x86
[HKCR\Installer\Products\4561C821E9B39594B8BFECF6900C0AD1] : MSBuild/NuGet Integration 14.0 (x86)
[HKCR\Installer\Products\4631232B829ED5239A4539D35332B95E] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software
[HKCR\Installer\Products\4751CE118CE368335BD1247C55A6490D] : Assemblys du Kit de développement logiciel (SDK) Windows Phone 8.0 pour Visual Studio 2015 - FRA
[HKCR\Installer\Products\47B800D0226053F770197C3624F79396] : Volume Activation Management Tool
[HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin
[HKCR\Installer\Products\495334533A58AEE369E3E0E568B0286D] : Visual C++ MSBuild Base Package
[HKCR\Installer\Products\496A34161EF56FDB7FE8F4B73F9E14B9] : Toolkit Documentation
[HKCR\Installer\Products\49E502F924E968449AA2FDF3C68B4544] : Epson Event Manager -> C:\WINDOWS\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe
[HKCR\Installer\Products\4E75276CC42F53C368BB9E7B5D4D9DBF] : Visual C++ IDE Professional Core Package
[HKCR\Installer\Products\5025450D2EDA3CB4CBC8D9921ACDECD2] : Active Directory Authentication Library pour SQL Server (x86) -> C:\WINDOWS\Installer\{D0545205-ADE2-4BC3-BC8C-9D29A1DCCE2D}\ARPIco
[HKCR\Installer\Products\50848F456110F764783198D9CF742253] : SQL Server 2012 Database Engine Shared
[HKCR\Installer\Products\5104B339816461748A822598CF3061F5] : VC80CRTRedist - 8.0.50727.6195
[HKCR\Installer\Products\5122AD3302FA12F31A17750F35A3C5FA] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\514D163353AB34143B10669119AB2691] : MyEpson Portal
[HKCR\Installer\Products\5173F3A735977424B8C5D53050B0E99A] : 
[HKCR\Installer\Products\51E3D52DDBACc0246BC2071C5CEE36DF] : Application Manager -> C:\WINDOWS\Installer\{D25D3E15-CABD-420c-B62C-70C1C5EE63FD}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\54D9CEFB4DABC7D36B7A88D7126E2CA5] : Visual C++ Compiler/Tools X86 Base Package
[HKCR\Installer\Products\5517DCEB75CD98F41B8A9AB030C32690] : AdAwareUpdater -> C:\WINDOWS\Installer\{BECD7155-DC57-4F89-B1A8-A90B033C6209}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\554590D7179DC4D4E9DFA96F6A85F4A3] : Bing Bureau -> C:\WINDOWS\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}\icon.ico
[HKCR\Installer\Products\575582AF345BE6E45A374A5F43CA9956] : 
[HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook
[HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5C894BC8B276C6F31934480BBB1CAE3B] : Visual C++ MSBuild X86 Package
[HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5E921ED7A4BB71546ADC6CE9BE437618] : AntispamEngine -> C:\WINDOWS\Installer\{7DE129E5-BB4A-4517-A6CD-C69EEB346781}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6485FC70AEAF10A4B807094112A67A70] : YouTube Video Ad Blocker -> C:\WINDOWS\Installer\{07CF5846-FAEA-4A01-8B70-9014216AA707}\VistaUACMaker.exe
[HKCR\Installer\Products\65EC0961132295E409600A78D649E98A] :  Tools for .Net 3.5
[HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\66F055D925D5AC92825BEEC0C2C0FDEB] : Windows Deployment Customizations
[HKCR\Installer\Products\67E362B767E5F7236AC59B176E43AD63] : Visual C++ IDE Base Resource Package
[HKCR\Installer\Products\6828BC1A3BFC589A7D9927A1F0A2723F] : Windows Software Development Kit DirectX x86 Remote
[HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6D32A5DBF9E1873398FC9E968070D835] : Visual C++ IDE Common Package
[HKCR\Installer\Products\6FE33D76AAA3D673DA3C90E8D6CA694E] : Visual C++ IDE Debugger Resource Package
[HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\73C44F0DB22A3374BB7A689C4F897852] : SQL Server 2012 Database Engine Shared
[HKCR\Installer\Products\74D7C1FA6AB55844890D97E3B649C45D] : Visual Studio 2015 Prerequisites - FRA Language Pack
[HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\795DAC22BD1F5404C9CE20657448423C] : uTorrent AD Remover -> C:\WINDOWS\Installer\{22CAD597-F1DB-4045-9CEC-0256478424C3}\VistaUACMaker.exe
[HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7A46D3DD5613D854694D60BF6C902CA2] : Google Ad Blocker -> C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\VistaUACMaker.exe
[HKCR\Installer\Products\815BF5C8C87E0F8FFBCEE8CA565F0130] : Windows Assessment Services - Client (Client SKU)
[HKCR\Installer\Products\830F188D767DAA54091CE145119A76A0] : e-Carte Bleue Caisse d'Epargne -> C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\849FBE4FE00FFE9298C41DA017F889D1] : Windows Assessment Toolkit
[HKCR\Installer\Products\881D49CF80E17073D9324F11874D6446] : Windows Espc Resource Package
[HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video
[HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8AF7AC5E39C51E5469A94175A1BF0F3A] : Advanced Windows Service Manager -> C:\WINDOWS\Installer\{E5CA7FA8-5C93-45E1-969A-14571AFBF0A3}\WinServiceManager.exe
[HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8C796185CD33AB447A3C99B2D5920C11] : Advanced Installer 13.8.1 -> C:\WINDOWS\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011}\AdvancedInstaller.exe
[HKCR\Installer\Products\8CA189BDB019E0C428052829348E9543] : e-Carte Bleue LCL -> C:\WINDOWS\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CDE6B8F91975ED42A5F3B0F97A893C7] : SX WiFi Security Suite -> C:\WINDOWS\Installer\{F8B6EDC8-7919-4DE5-A2F5-B3F0798A397C}\APPDIR_1.exe
[HKCR\Installer\Products\8E96EC9DA77D49C39A0146612297E44D] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\9202FB7DD2BE3254FA0A59EC06E596E6] : AdAwareInstaller -> C:\WINDOWS\Installer\{D7BF2029-EB2D-4523-AFA0-95CE605E696E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\92540D3EBDE68D113A270005AB3E711E] : PowerDVD Copy -> C:\WINDOWS\Installer\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\94BD5DDAFC278D11D95700109267D057] : PowerBackup -> C:\WINDOWS\Installer\{ADD5DB49-72CF-11D8-9D75-000129760D75}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9767203404DF6E239A0FB73BDCBE4E61] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\98881006F0E98E34B998928E8C824BA0] : Dotfuscator and Analytics Community Edition 5.22.0 -> C:\WINDOWS\Installer\{60018889-9E0F-43E8-9B89-29E8C828B40A}\DfIcon.ico
[HKCR\Installer\Products\9947451521A46CC3EAD3C3E5787D9290] : Visual C++ MSBuild ARM Package
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\9B5328D62EDA2503DACF553B3ECBEA00] : Visual F# 4.0 VS Language Pack - FRA
[HKCR\Installer\Products\9D3C8BF856DED0D4C91A264ADFAC899A] : Autorun File Remover -> C:\WINDOWS\Installer\{8FB8C3D9-ED65-4D0D-9CA1-62A4FDCA98A9}\GooglePasswordDecryptor.exe
[HKCR\Installer\Products\9DAF6B7941F664CC13561F87E5CC2E55] : WPTx64
[HKCR\Installer\Products\9DD3CA015D09065439A0FF9B93481957] : 
[HKCR\Installer\Products\9EE39CB71F443873DA676FDBC6F8B685] : Visual C++ Compiler/Tools X86 Base Package
[HKCR\Installer\Products\9EFB902DADE36063FAB6CDDA8AA72258] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\9F51B3928A194D44CABB1EE3E8E29CD7] : 
[HKCR\Installer\Products\9FE85B7B7036FCD42867F2711D6EED96] : PreEmptive Analytics Client French Language Pack -> C:\WINDOWS\Installer\{B7B58EF9-6307-4DCF-8276-2F17D1E6DE69}\icon.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A2B16319147F195E03B3E49F753FAB1F] : Windows Assessment Toolkit (AMD64 Architecture Specific)
[HKCR\Installer\Products\A4285C8195DFD354D91CD568AF303475] : 
[HKCR\Installer\Products\A5254F69D074C51F97E6859D89C8E3F5] : Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
[HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A78AB7755245E563F9F0BC884DE246B8] : Visual C++ MSBuild Base Resource Package
[HKCR\Installer\Products\A7F3CAB7369BE86489E25B06A87804D8] : Epson Software Updater -> C:\WINDOWS\Installer\{7BAC3F7A-B963-468E-982E-B5608A87408D}\icon.ico
[HKCR\Installer\Products\A927A03CAB9E8F73C38546DAF9D16449] : Imaging Tools Support
[HKCR\Installer\Products\AAE8AD66DC4DCD039B39E0FD27E81D6F] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\ADEDAA7FA3329701DC5130EA0B050F6C] : User State Migration Tool
[HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\WINDOWS\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO
[HKCR\Installer\Products\B54B166CA2D1C7FA720D4BFF6D074AEF] : Kits Configuration Installer
[HKCR\Installer\Products\B639C00648670F24F9FB4027F6D3542E] : Vole Edutainment
[HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin
[HKCR\Installer\Products\B7A8B595D352E4A4592C8A32DEDD4569] : Macrium Reflect Free Edition -> C:\WINDOWS\Installer\{595B8A7B-253D-4A4E-95C2-A823EDDD5496}\Reflect.ico
[HKCR\Installer\Products\B8F487C80D9895A40A00E7FE21E95147] : Jing
[HKCR\Installer\Products\B9847DD564CEFA74BB86224F273522B8] : Spy BHO Remover -> C:\WINDOWS\Installer\{5DD7489B-EC46-47AF-BB68-22F47253228B}\BHORemover.exe
[HKCR\Installer\Products\BCC71A82BB779C9448B7060E67CD341D] : UxStyle
[HKCR\Installer\Products\BE16B529A5BDE28469021F6BB78C3839] : Vole Magic Note
[HKCR\Installer\Products\C01965A28C96D594E88D09080F1AE485] : Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 -> C:\WINDOWS\Installer\{2A56910C-69C8-495D-8ED8-9080F0A14E58}\setup.ico
[HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C14E23FDDA4278A44BA33B58351B08E6] : Visual Studio 2015 Prerequisites
[HKCR\Installer\Products\C2F1EB77C255E834E8B6C48061DBCED5] : Rebit Pro (64-bit) -> C:\WINDOWS\Installer\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}\InstallerIcon
[HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher
[HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery
[HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C6D7BA53712C07442B7D20211907F84F] : SX Blocker Suite -> C:\WINDOWS\Installer\{35AB7D6C-C217-4470-B2D7-021291708FF4}\SXPasswordDumpSuite.exe
[HKCR\Installer\Products\C845D413FF068F84EBEA9C9464073694] : WCF Data Services 5.6.4 FRA Language Pack
[HKCR\Installer\Products\C8A2FA24BBE6E2D3B91F165373F9ABCB] : Windows Espc Package
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5A17A3B] : 
[HKCR\Installer\Products\CDD6F3998F36DCB4B9829D1479A1C9CA] : Windows XP Targeting with C++
[HKCR\Installer\Products\CE67D3639B5BB7D5F0951C39FFF630CF] : Windows System Image Manager on amd64
[HKCR\Installer\Products\D08BFDF01E191F635B32B00924F1DD1C] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\D1ACF320195E9FA3D9F2896736A915A1] : Visual C++ Library PGO X86 Package
[HKCR\Installer\Products\D21F22296DD948F3FBD87AB0B94BCEBA] : Applications hybrides multi-appareils en C# - Modèles - FRA
[HKCR\Installer\Products\D2DAD9455052C402CE859508F76E0E73] : WPT Redistributables
[HKCR\Installer\Products\D53DAE4D52D52594A9C0AA4ADA315C69] : SX System Suite -> C:\WINDOWS\Installer\{D4EAD35D-5D25-4952-9A0C-AAA4AD13C596}\sxsystemsuite.exe
[HKCR\Installer\Products\D8130315AEF76E5329D710639801DBCF] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\D95C25420405A9A49AF79B529360911E] : Silent Install Builder 5 -> C:\WINDOWS\Installer\{2452C59D-5040-4A9A-A97F-B925390619E1}\app_icon.ico
[HKCR\Installer\Products\DB7E58BDDD2B4D343B0C327D5B725B79] : WCF Data Services 5.6.4 Runtime
[HKCR\Installer\Products\DBE4EEF20BEC62E34950FCD018C2AFC3] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\DD81A634C2F5C3B489E5DAC3310BCC52] : PreEmptive Analytics Visual Studio Components -> C:\WINDOWS\Installer\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}\icon.ico
[HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E065AE25F05EF8CD41D6B1365184AB92] : Windows Deployment Tools
[HKCR\Installer\Products\E165DB015B21D3E49B28FD3478E9D7CA] : Active Directory Authentication Library pour SQL Server -> C:\WINDOWS\Installer\{10BD561E-12B5-4E3D-B982-DF43879E7DAC}\ARPIco
[HKCR\Installer\Products\E197C4E0E87BD774DBA5DC0D89B56ACE] : Application Insights Tools for Visual Studio 2015
[HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E4AF4541CB851FE2A99141B7E094E930] : UEV Tools on amd64
[HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main
[HKCR\Installer\Products\E61E74258FCBBA5961353B8FBF8F3B1F] : Windows Software Development Kit DirectX x64 Remote
[HKCR\Installer\Products\EA58071E856963AAEA36A29785D1B846] : MXAx64
[HKCR\Installer\Products\EAE32F3F716DF1A37871AFDC531ACEEE] : Visual C++ IDE Debugger Package
[HKCR\Installer\Products\EC9283ECB955AFB3AB7EF047F5FADC82] : Application Compatibility Toolkit
[HKCR\Installer\Products\EE26973C42EEF9E4A81415A4DC9771C7] :  Tools for .Net 3.5 - FRA Lang Pack
[HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EE477C8F739B4964B94E2D1076CF2FF0] : Laplink PCmover Professional -> C:\WINDOWS\Installer\{F8C774EE-B937-4694-9BE4-D20167FCF20F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EF311DB58D8BA7E4B91A716C9434B2E3] : PDQ Deploy -> C:\WINDOWS\Installer\{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}\MainIcon.ico
[HKCR\Installer\Products\EF6F893B797E46746B2F4CEA10127AB1] : PDQ Inventory -> C:\WINDOWS\Installer\{B398F6FE-E797-4764-B6F2-C4AE0121A71B}\MainIcon.ico
[HKCR\Installer\Products\EF7A7642EA3F8FD348E75C2949B34C17] : Visual F# 4.0 SDK Language Pack - FRA
[HKCR\Installer\Products\F19505425CC9D4E46B053FCF6D3D1FF6] : FoxitSpellCheck
[HKCR\Installer\Products\F28962C8543B78C3D871E588DAADFF6F] : Visual Studio Graphics Analyzer
[HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection
[HKCR\Installer\Products\F7150B0381E154D37AC82C3EB4A963D8] : Visual C++ IDE Base Package
[HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F7DFB51DABB67A946A1B410CD0AC8624] : 
[HKCR\Installer\Products\F9D6CAECA4497F04BAD57A14A29FEC9D] : Acronis True Image WD Edition -> C:\WINDOWS\Installer\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}\product.ico

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

---------- | MBR

Windows Version:		
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer:		AMI
System Manufacturer:		Hewlett-Packard
System Product Name:		CQ2904EF
Logical Drives Mask:		0x0077ffff

Analysis of file "C:\QuickDiag\MBR.bin":
Unknown MBR code

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xe40
Heure de début de l’application défaillante : 0x01d2cb12e005faba
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 85780123-8ce1-4966-87b1-2ab24c084beb
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xa50
Heure de début de l’application défaillante : 0x01d2cb11ac7a4e4e
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 4a2442be-9d41-4f51-8e0e-1f84f111964c
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0x740
Heure de début de l’application défaillante : 0x01d2cb110c37a966
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 8d7e789f-6594-4f06-b70a-c1ab659d9bc2
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xf58
Heure de début de l’application défaillante : 0x01d2cb0e79eb2f86
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : f666dcbd-f5d9-44b5-8ec7-31e2f36f9408
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Échec de la création d’un point de restauration (Processus = C:\WINDOWS\system32\wbem\wmiprvse.exe ; Description = SkinPack ; Erreur = 0x8007043c).
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xc3c
Heure de début de l’application défaillante : 0x01d2cb0dbb5da5da
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 284072e0-c3ad-41ed-830b-24e957a426a5
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0x3e8
Heure de début de l’application défaillante : 0x01d2cb0db32a2f3c
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 8fd91066-0804-4a70-b84d-9006693c5602
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xe6c
Heure de début de l’application défaillante : 0x01d2cb0daba2759b
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 857a434f-4a03-4d40-8b85-8a0a7d015cd5
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xf6c
Heure de début de l’application défaillante : 0x01d2cb0da2e1c118
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : c1fa0511-f052-4049-8d51-de5026d9a429
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Nom du module défaillant : DTShellHlp.exe, version : 8.1.1.666, horodatage : 0x589327a8
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00000000000083e3
ID du processus défaillant : 0xba4
Heure de début de l’application défaillante : 0x01d2cb0c7c596473
Chemin d’accès de l’application défaillante : C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
Chemin d’accès du module défaillant: C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
ID de rapport : 0b2dd80b-7a9a-4ee7-9549-632ad4c8f335
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.15063.250, horodatage : 0x58f6ff5f
Nom du module défaillant : EMODEL.dll, version : 11.0.15063.296, horodatage : 0xa50b1267
Code d’exception : 0xc0000409
Décalage d’erreur : 0x00000000000ea93c
ID du processus défaillant : 0x1568
Heure de début de l’application défaillante : 0x01d2cb0b8b114353
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ID de rapport : 0c277e72-9ed1-4b8a-b6b0-ac4f4e426dd8
Nom complet du package défaillant : Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID de l’application relative au package défaillant : MicrosoftEdge
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Nom du module défaillant : ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000011bc57
ID du processus défaillant : 0x1eec
Heure de début de l’application défaillante : 0x01d2cb0b54998a04
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
ID de rapport : 7fcde5b9-1b84-4449-8f4d-d6be4a4fa1d2
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.15063.296_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Nom du module défaillant : ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000011bc57
ID du processus défaillant : 0x1e54
Heure de début de l’application défaillante : 0x01d2cb0b241cd96e
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
ID de rapport : 7ec430a4-f22b-4b17-9b79-cd90850d1649
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.15063.296_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Nom du module défaillant : ShellExperienceHost.exe, version : 10.0.15063.0, horodatage : 0x58ccbd2e
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000011bc57
ID du processus défaillant : 0x1b2c
Heure de début de l’application défaillante : 0x01d2cb0b2248546c
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
ID de rapport : a096a292-cc96-458f-825c-c9314c2b1047
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.15063.296_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Nom du module défaillant : SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001af0a7
ID du processus défaillant : 0x1744
Heure de début de l’application défaillante : 0x01d2cb0b1e1befdd
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID de rapport : 7efb1126-b9dd-4bb0-a4f4-d1a80a4b7d01
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Nom du module défaillant : SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001af0a7
ID du processus défaillant : 0x1af0
Heure de début de l’application défaillante : 0x01d2cb0b1a5fe6ab
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID de rapport : 95e4a02c-ecfd-40c0-a61a-7316177fd131
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.15063.250, horodatage : 0x58f6ff5f
Nom du module défaillant : EMODEL.dll, version : 11.0.15063.296, horodatage : 0xa50b1267
Code d’exception : 0xc0000409
Décalage d’erreur : 0x00000000000ea93c
ID du processus défaillant : 0x9a4
Heure de début de l’application défaillante : 0x01d2cb0b193c7b35
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
ID de rapport : 8224d17d-8bfe-4f85-8ef1-38f3b2cbc08c
Nom complet du package défaillant : Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
ID de l’application relative au package défaillant : MicrosoftEdge
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Nom du module défaillant : SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001af0a7
ID du processus défaillant : 0x1e60
Heure de début de l’application défaillante : 0x01d2cb0b15cefcb5
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID de rapport : 66c6c5c6-a85a-4887-aa37-c2689d35d87a
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Nom du module défaillant : SearchUI.exe, version : 10.0.15063.0, horodatage : 0x58ccbc95
Code d’exception : 0xc000027b
Décalage d’erreur : 0x00000000001af0a7
ID du processus défaillant : 0x1e9c
Heure de début de l’application défaillante : 0x01d2cb0b0fb753ba
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID de rapport : 8725afba-80b3-4ab8-9669-9db8fc1fac74
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------


----------( EOF)---------- - 8806 | 14:28:20