--------------- QuickDiag | g3n-h@ckm@n | V3_05.05.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 08/05/2017 08:08:16 Updated 05/05/2017 | 19.20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [widen-finalis (Administrator)] - [YOUCAM8WAIT] (S-1-5-21-4183021106-2149456055-877251859-1000) System: Microsoft Windows 7 Édition Starter - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Starter |C:\Windows|\Device\Harddisk0\Partition3 Boot : Normal boot PC: AOD255 - Acer - IdNumber: LUSDG0D0170426EC0E1601 - UUID: 364EE69C-9C82-9CB1-2111-1C750822B622 Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N450 @ 1.66GHz InsydeH2O Version V3.08(DDR2) - - Acer - S/N: LUSDG0D0170426EC0E1601 - V3.08(DDR2) - ACRSYS - 1 CoreTemp : 52 Celsius ----------| Extended ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&350CB3CC&0&0001 ---------- | Video Intel(R) Graphics Media Accelerator 3150 - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&33FD14CA&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456 Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&33FD14CA&0&11 - AdapterCompatibility: Intel Corporation - RAM: Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 - DriverVersion: 8.14.10.2117 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\sirenacm.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48464 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\huffyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Disappearing Inc. - Status: OK c:\windows\system32\lagarith.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 216064 - Manufacturer: - Status: OK c:\windows\system32\x264vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 3613696 - Manufacturer: x264vfw project - Status: OK c:\windows\system32\xvidvfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 282112 - Manufacturer: - Status: OK c:\windows\system32\ff_vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 112128 - Manufacturer: - Status: OK c:\windows\system32\ac3acm.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 122880 - Manufacturer: fccHandler - Status: OK c:\windows\system32\lameacm.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 473088 - Manufacturer: http://www.mp3dev.org/ - Status: OK c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 220672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:100 % CPU #2 value:100 % Total Overall CPU Usage value:100 % ---------- | Network Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.20] : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] WiFi Link 1000 BGN : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:100 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) - Ethernet 802.3 - Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 RAS Async Adapter - - - Status: - PnPID : Intel(R) WiFi Link 1000 BGN - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&6FF3C1D&0&00E1 Microsoft Teredo Tunneling Adapter - - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 ---------- | Memory RAM = Total (MB) : 1037 | Free (MB) : 197 Pagefile = Total (MB) : 2215 | Free (MB) : 393 Virtual = Total (MB) : 2097 | Free (MB) : 1946 Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: AD00000000000000 - PartNumber: 48594D503131325336344350362D53362020 - S/N: 53733B47 ---------- | SID Users Acronis Agent User : [S-1-5-21-4183021106-2149456055-877251859-1002] Administrateur : [S-1-5-21-4183021106-2149456055-877251859-500] Invité : [S-1-5-21-4183021106-2149456055-877251859-501] widen-finalis : [S-1-5-21-4183021106-2149456055-877251859-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] Acronis Remote Users : [S-1-5-21-4183021106-2149456055-877251859-1001] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives A:\ -> [Fixed] | [youcam 8 setup] | Total : 1.96 Go | Free : 1.88 Go -> NTFS [ATA] C:\ -> [Fixed] | [Acer] | Total : 211.06 Go | Free : 165.01 Go -> NTFS [ATA] D:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0 Go -> FAT32 [USB] F:\ -> [Removable] | [LOUVRE] | Total : 59.5 Go | Free : 22.33 Go -> exFAT [USB] G:\ -> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB] I:\ -> [Removable] | [CARBIDE] | Total : 30.84 Go | Free : 30.46 Go -> FAT32 [USB] J:\ -> [Removable] | [VAULT PRIVA] | Total : 3.48 Go | Free : 0 Go -> FAT32 [USB] X:\ -> [Fixed] | [SYSTEM & ANDROID] | Total : 4.1 Go | Free : 1.64 Go -> NTFS [ATA] Y:\ -> [Network] | [] | Total : 30.02 Go | Free : 0.06 Go -> Z:\ -> [Fixed] | [youcam 8 programfiles] | Total : 2.77 Go | Free : 2.7 Go -> NTFS [ATA] Disk Usage Information [5 total Physical Disks] Physical Drive #0 [X:, C:, A:, Z:] : Read:472,070 bytes/sec, Written:0 bytes/sec Max Read:472,070 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:472,070 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : IDE\DISKHITACHI_HTS545025B9A300_________________PB2OC60F\4&1BE3E953&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0815\000000000004&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\7&368B17D4&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_ISTORAGE&PROD_DATASHUR&REV_1.00\20095032145150130849&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DTVAULTPRIVACY30&REV_CLVX\000FFEC697CDB0A0B000DF8F&0 ---------- | Windows updates Last detection : 2016-12-20 00:55:28 Downloaded last ones : 2016-12-21 15:45:07 Installed last ones : 2017-02-04 12:34:33 Next search : 2017-05-07 23:00:28 Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.9600.17840 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 10.1.82.76 ---------- | Security AV : COMODO Antivirus Enabled AS : Windows Defender Disabled FW : COMODO Firewall Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 468 | [Owner : Système | Parent : 4(System) | 0.06 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.19135) = C:\Windows\System32\smss.exe [17/12/2016 07:02:51] CPU Usage:0 % 752 | [Owner : Système | Parent : 744() | 1.38 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 % 796 | [Owner : Système | Parent : 784() | 5.74 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 % 804 | [Owner : Système | Parent : 744() | 0.06 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:36:49] CPU Usage:0 % 852 | [Owner : Système | Parent : 784() | 0.43 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [17/12/2016 06:53:40] CPU Usage:0 % 920 | [Owner : Système | Parent : 804(wininit.exe) | 3.74 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [17/12/2016 07:01:23] CPU Usage:0 % 928 | [Owner : Système | Parent : 804(wininit.exe) | 5.04 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.19135) = C:\Windows\System32\lsass.exe [17/12/2016 07:02:51] CPU Usage:0 % 936 | [Owner : Système | Parent : 804(wininit.exe) | 1.32 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [14/12/2016 19:48:33] CPU Usage:0 % 1068 | [Owner : Système | Parent : 920(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:16 % 1152 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 3.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1304 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 5.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1344 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1388 | [Owner : Système | Parent : 920(services.exe) | 24.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1440 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 4.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1472 | [Owner : Système | Parent : 920(services.exe) | 35.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:25 % 1824 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 3.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 2028 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 0.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 616 | [Owner : Système | Parent : 920(services.exe) | 7.86 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.415) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [05/02/2017 13:49:13] CPU Usage:0 % 3148 | [Owner : Système | Parent : 920(services.exe) | 12.58 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [17/12/2016 07:07:00] CPU Usage:11 % 3292 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 0.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 3256 | [Owner : widen-finalis | Parent : 1388(svchost.exe) | 2.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:24:23] CPU Usage:0 % 2456 | [Owner : widen-finalis | Parent : 852(winlogon.exe) | 7.51 Mo] - (.Microsoft Corporation - Gestionnaire des tâches de Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskmgr.exe [14/12/2016 19:46:40] CPU Usage:0 % 3600 | [Owner : widen-finalis | Parent : 3340() | 7.14 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.912) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [05/02/2017 13:48:52] CPU Usage:0 % 2988 | [Owner : Système | Parent : 920(services.exe) | 0.67 Mo] - (.SUPERAntiSpyware.com - Core Service.) - (6.0.0.1082) = C:\Program Files\SUPERAntiSpyware\SASCore.exe [31/01/2017 01:47:30] CPU Usage:0 % 3452 | [Owner : SERVICE LOCAL | Parent : 1388(svchost.exe) | 1.21 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe [18/12/2016 07:25:09] CPU Usage:0 % 2484 | [Owner : Système | Parent : 920(services.exe) | 21.28 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [28/12/2016 01:20:16] CPU Usage:0 % 2024 | [Owner : widen-finalis | Parent : 1068(svchost.exe) | 0.94 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [14/07/2009 01:41:43] CPU Usage:0 % 2672 | [Owner : Système | Parent : 920(services.exe) | 2.91 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [14/12/2016 19:48:02] CPU Usage:0 % 3792 | [Owner : Système | Parent : 1068(svchost.exe) | 81.14 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe [28/12/2016 01:10:34] CPU Usage:0 % 1612 | [Owner : widen-finalis | Parent : 3984() | 57.33 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe [06/05/2017 21:16:17] CPU Usage:8 % 1796 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 1.77 Mo] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe [04/05/2017 13:41:47] CPU Usage:3 % 3772 | [Owner : widen-finalis | Parent : 2520() | 3.22 Mo] - (. - DTVaultPrivacy MFC Application.) - (3.0.0.6) = C:\Users\WIDEN-~1\AppData\Local\Temp\DTVaultPrivacy30-0256-G\DTVP30_Launcher.exe [25/09/2014 23:56:44] CPU Usage:0 % 1488 | [Owner : widen-finalis | Parent : 1068(svchost.exe) | 7.72 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [14/07/2009 01:43:52] CPU Usage:0 % 3968 | [Owner : Système | Parent : 1068(svchost.exe) | 1.02 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe [28/12/2016 01:10:34] CPU Usage:0 % 2132 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 8.45 Mo] - (.PortableApps.com - Mozilla Firefox, Portable Edition.) - (2.0.4.1) = J:\PortableApps\FirefoxPortable\FirefoxPortable.exe [27/01/2017 06:26:20] CPU Usage:0 % 2308 | [Owner : widen-finalis | Parent : 2132(FirefoxPortable.exe) | 160.19 Mo] - (.Mozilla Corporation - Firefox.) - (51.0.1.6234) = J:\PortableApps\FirefoxPortable\App\Firefox\firefox.exe [25/01/2017 20:13:04] CPU Usage:0 % 2800 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 8.05 Mo] - (.Farbar - Aut2Exe.) - (3.3.12.0) = F:\Methode prélim mai 2017 usb réseau 2 pc forums\ListParts.exe [07/05/2017 20:32:40] CPU Usage:0 % 3644 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 28.68 Mo] - (.SosVirus - QuickDiag.) - (5.5.17.1) = F:\Methode prélim mai 2017 usb réseau 2 pc forums\quickdiag_3_05.05.17.1.exe [07/05/2017 20:32:40] CPU Usage:0 % 572 | [Owner : widen-finalis | Parent : 3364() | 16.54 Mo] - (. - .) - (1.0.1.0) = C:\Program Files\SEAF\SEAF.exe [17/10/2010 12:41:08] CPU Usage:0 % 1888 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 5.87 Mo] - (.Microsoft Corporation - Bloc-notes.) - (6.1.7600.16385) = C:\Windows\System32\notepad.exe [14/07/2009 01:41:04] CPU Usage:0 % 2680 | [Owner : SERVICE RÉSEAU | Parent : 1068(svchost.exe) | 9.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [14/12/2016 19:48:33] CPU Usage:0 % ---------- | MD5 [MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [14/12/2016 19:48:25] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 01:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 01:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.2362B7281A39807F1AA3550333A194BC] - [17/12/2016 07:02:56] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.19135) : C:\Windows\System32\Kernel32.dll [MD5.7884C1EDF5BD21749C206E8C4B5DB409] - [17/12/2016 07:02:51] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\lsass.exe [MD5.7660F01D3B38ACA1747E397D21D790AF] - [14/12/2016 19:48:26] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 01:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [17/12/2016 07:01:23] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 01:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.F1DD3ACAEE5E6B4BBC69BC6DF75CEF66] - [14/12/2016 19:48:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [14/12/2016 19:46:38] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.52449FD429D6053B78AE564DEF303870] - [17/12/2016 06:53:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - [18/12/2016 04:35:53] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.18264) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [17/12/2016 06:55:05] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [14/12/2016 19:43:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.F024449C97EC1E464AAFFDA18593DB88] - [14/12/2016 19:43:21] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [14/12/2016 19:42:58] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 01:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.D80AA0907748D7CC8EFAB3773F32629B] - [17/09/2010 09:03:52] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x86.) - [425.52 Ko] - (9.6.4.1002) : C:\Windows\System32\Drivers\iastor.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 01:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.E900BD16B9EE8F09609D7FBE2027B376] - [17/12/2016 07:02:53] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.E7C54812A2AAF43316EB6930C1FFA108] - [14/12/2016 19:48:19] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ndis.sys [MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [17/12/2016 06:50:50] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [17/12/2016 05:56:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 01:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 01:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 01:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.C7E41209132B9CF084CCEA8593F61328] - [17/12/2016 07:04:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys [MD5.B459575348C20E8121D6039DA063C704] - [14/12/2016 19:45:19] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [14/12/2016 19:48:20] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll (.TODO: .-.TODO: .) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll (.Egis Technology Inc..-.PSD DragDrop Protection.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll (.Egis Technology Inc..-.WinLocker System Environment Library.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll (.Bad Ass Apps.-.Theme Resource Changer.) - (1.0.0.1) -- C:\SkinPack\ThemeResourceChanger.dll (..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\chext.dll (..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\libchcore32u.dll (.SQLite.-.SQLite.) - (3.11.1.0) -- C:\Program Files\Copy Handler\sqlite3_32.dll (..-..) - (0.0.0.0) -- C:\Program Files\NiceCopier\NCHookDll.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll (..-..) - (0.0.0.0) -- C:\Program Files\TeraCopy\TeraCopy.dll (.Perigee Software.-.PerigeeCopy shell extension DLL.) - (1.6.0.0) -- C:\Program Files\PerigeeCopy\PerigeeCopy.dll (.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files\KillSoft\KillCopy\killcopy.dll (.Catchcopy.-.CatchCopy Shell Extension.) - (0.0.0.9) -- C:\Program Files\Ultracopier\PluginLoader\catchcopy-v0002\catchcopy32.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (16.4.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.Paramount Software UK Ltd.-.Reflect Shell Extension Context Menu.) - (6.1.865.0) -- C:\Program Files\Macrium\Reflect\RContextMenu.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU EaseUS EverySync - (EaseUS EverySync.lnk [Startup]) - User: youcam8wait\widen-finalis DriverMax_RESTART - ( [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis SUPERAntiSpyware - (C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis USBListener - (C:\Users\WIDEN-~1\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis LManager - (C:\Program Files\Launch Manager\LManager.exe [HKLM\SOFTWARE\...\Run]) - User: Public IAStorIcon - (C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [HKLM\SOFTWARE\...\Run]) - User: Public PLFSetI - (C:\Windows\PLFSetI.exe [HKLM\SOFTWARE\...\Run]) - User: Public UnlockerAssistant - ("C:\Program Files\Unlocker\UnlockerAssistant.exe" [HKLM\SOFTWARE\...\Run]) - User: Public vdcss - ("C:\Program Files\COMODO\COMODO Secure Shopping\vdcss.exe" -tray [HKLM\SOFTWARE\...\Run]) - User: Public IseUI - (C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [HKLM\SOFTWARE\...\Run]) - User: Public COMODO Internet Security - (C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [HKLM\SOFTWARE\...\Run]) - User: Public KeyScrambler - (C:\Program Files\KeyScrambler\keyscrambler.exe /a [HKLM\SOFTWARE\...\Run]) - User: Public Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Run] "DriverMax_RESTART"= "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [04/04/2017 21:01:59] "USBListener"=C:\Users\WIDEN-~1\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"="F:\cyberlink youcam 8 essentials\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\processclose_1.0.0.3(5).exe"\1 "MRUList"=lkjbihgfedca "b"=wordpad\1 "c"=C:\Users\widen-finalis\Desktop\rkill.exe\1 "d"=C:\Users\widen-finalis\Downloads\JRT.exe\1 "e"="F:\barrow 2 & widen 100% sécurisé\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\processclose_1.0.0.3 (1).exe"\1 "f"="F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - skinpack zune caus bug sp paper w7\SkinPacks_3140587355.exe"\1 "g"="F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - skinpack zune caus bug sp paper w7\SkinPack zune.exe"\1 "h"="F:\anti-faux positif pre_scan - exe installers\advanced-systemcare-free_10-2-0-721_fr_403234.exe"\1 "i"="F:\Windows 10 Transformation Pack 7.0\Windows 10 Transformation Pack 7.0.exe"\1 "j"=notepad\1 "k"=C:\UsbFix\UsbFix.exe\1 "l"=C:\Users\widen-finalis\Downloads\processclose_2_08.01.17.1.exe\1 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "Device"=VivPDF Printer,winspool,Ne05: "UserSelectedDefault"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "LManager"=C:\Program Files\Launch Manager\LManager.exe [17/09/2010 09:18:29] "IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [17/09/2010 09:04:17] "PLFSetI"=C:\Windows\PLFSetI.exe [12/12/2016 15:19:42] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" "vdcss"="C:\Program Files\COMODO\COMODO Secure Shopping\vdcss.exe" -tray "IseUI"=C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [04/05/2017 08:30:42] "COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [28/12/2016 01:11:10] "KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe /a "Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [05/02/2017 13:48:52] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"=Theme Resource Changer [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List ASC10_SkipUac_widen-finalis AupAvUpdate Health-Check Health-Check-deep Moo0 System Monitor 1.76 MORE_ChatAppDailyScheduleTask MORE_SIE1 PandaUSBVaccine ReasonSecurityScheduledScan ReasonSecurityStart RunAsStdUser Task SoftwareInformerService UninstallMonitor ---------- | Startings up registry ? Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=2b0d19ad-3c70-4812-9760-21d83bc "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * NaBootMir "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= "AutoChkTimeout"=5 [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=AcrSch2Svc wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=928 "SecureBoot"=1 "ProductType"=11 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK with Arguments c:\program files\acer accessory store\acer boutique accessoire.lnk - Encrypted: False - Target: C:\Program Files\Acer Accessory Store\StartUrl.exe - Args: (hxxp://store.acer-euro.com/fr?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "ScreenSaveTimeOut"=600 "Wallpaper"=%windir%\web\wallpaper\windows\img0.jpg "ScreenSaverIsSecure"=0 "WaitToKillAppTimeout"=200 "ForegroundLockTimeout"=0 "MenuShowDelay"=0 "AutoEndTasks"=1 "HungAppTimeout"=4000 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "HideSCAPower"=0 "NoSimpleNetIDList"=1 "NoDriveTypeAutoRun"=221 "NolowDiskSpaceChecks"=1 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "Browse For Folder Width"=347 "Browse For Folder Height"=288 "link"=0x00000000 "DesktopProcess"=1 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewShadow"=1 "StartMenuInit"=4 "TaskbarSizeMove"=0 "nonetcrawling"=1 "Start_TrackProgs"=1 "TaskbarSmallIcons"=0 "DesktopLivePreviewHoverTime"=0 "ExtendedUIHoverTime"=0 "ListviewAlphaSelect"=0 "TaskbarAnimations"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableLinkedConnections"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=139 "Max Cached Icons"=2000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "AutoRestartShell"=1 "ParseAutoexec"=1 "Shell"=expstart.exe [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=7 "AutoAdminLogon"=0 "DefaultUserName"=widen-finalis "allocatecdroms"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command] ""="C:\Program Files\Comodo\Dragon\dragon.exe" [HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo] "ReinstallCommand"="C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [18/12/2016 04:39:45] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\widen-finalis\Downloads\resizer-free\resizer-free.exe"=1 "F:\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\VivaldiPortable\VivaldiPortable.exe"=1 "F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora_setup_full1084.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\KCinst.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-resource-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\army.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\location filesync for 1 task of youcam 8 file-folder sync\everysync_trial.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-fashion-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-holiday-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-80s-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-romantic-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\supercopier-windows-x86-1.2.1.0-setup.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\teracopy.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-summer-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\ultracopier-windows-x86_64-1.2.1.0-setup.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-spring-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\Unlocker1.9.2.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\chsetup-1.40.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-halloween-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\unlocker-setup.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\wood.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\xpsolive.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer_0.exe"=1 "C:\ProgramData\VideoDownloaderUltimateWinApp\tools\installhelper.exe"=1 "C:\ProgramData\VideoDownloaderUltimateWinApp\uninstall.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\SteganosPrivacySuite18.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\WebsiteX5Start13.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\PCmoverExpress.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\OODefragProfessional20ENU.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\Nero_TuneItUp_2.4.6.177_SN_FULL.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\musicrecorder-stub-xx-18001.exe"=1 "F:\Ad-Aware Personal Security\Adaware_Installer.exe"=1 "F:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\sosvirus SIMPLE\Drive D\UsbFix_Standard\UsbFix_Standard.exe"=1 "F:\anti-faux positif pre_scan - exe installers\DAEMONToolsUltra500-0540.exe"=1 "\\Livebox\CARBIDE\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "SIGN.MEDIA=924A210 Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1 "F:\Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1 "C:\Users\widen-finalis\Downloads\Macrium\v6.3.1665_reflect_setup_free_x86.exe"=1 "D:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1 "D:\barrow 3, widen 2 & 100% sécurisé finalis\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=1 "C:\Users\WIDEN-~1\AppData\Local\Temp\vdu_uninstall_181bd9.exe"=1 "C:\Users\widen-finalis\Downloads\mb3-setup-35891.35891-3.0.6.1469.exe"=1 "F:\barrow 3, widen 2 & 100% sécurisé finalis\lfs ultra & 100% sécurisé finalis part 20 ultimate ultra finale\cadeau rec lfsu100%sf alias 1er gotd après lfsu100%sf\Scardalia112-db39ma\Setup.exe"=1 "C:\Users\widen-finalis\Downloads\reason-core-security-setup.exe"=1 "F:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "F:\anti-faux positif pre_scan - exe installers\advanced-systemcare-free_10-2-0-721_fr_403234.exe"=1 "C:\Program Files\WinRAR\uninstall.exe"=1 "F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 16 - free explorers\uncomsetup3.57(build1215).exe"=1 "F:\Photodirector 9 & Youcam 8\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\jing.exe"=1 "F:\Photodirector 9 & Youcam 8\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\wink20-1060\wink20.exe"=1 "SIGN.MEDIA=39879F dixmlsetup.exe"=1 "F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitSpellC_2.1.1.618.msi"=1 "C:\Users\WIDEN-~1\AppData\Local\Temp\is-5KO2P.tmp\CountInstallation.exe"=1 "C:\Windows\System32\msiexec.exe"=1 "F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitPhantomPDF83_L10N_Setup_S.exe"=1 "F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 17 ~ EASE FILE LOCKER\EFL2.2_Setup.exe"=1 "F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitReader83_L10N_Setup_Prom.exe"=1 "F:\Photodirector 9 & Youcam 8\cameyo & thinapp forportabilise youcam 8 & photodir. 9 on youcam 8photod. 9 utilities\ThinAppPortable-5.2.2-4435715\ThinAppPortable\setup_capture.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\FileMenu Tools(1).exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-wipe.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-more_Y0MKRT988cAMK41.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-defrag.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-convert-ost-to-pst.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-powerpoint.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-zip.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-mov.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-rar.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-outlook-backup-migrate.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-registry.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-android.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-privacy-cleaner-windows.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\tenorshare-igetting-audio-trial.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SyncBackTouch_Setup.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-shredder.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-word.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-outlook-express-demo.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-windows-free.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\winja_3_6248_52517.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\trolcommander-0_9_7-setup.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\VivPDF Editor.exe"=1 "C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SkinPack Tango!.exe"=1 "SIGN.MEDIA=21E379EE Windows 10 Transformation Pack 7.0\Windows 10 Transformation Pack 7.0.exe"=1 "SIGN.MEDIA=188CA202 Windows 10 UX Pack 7.0\Windows 10 UX Pack 7.0.exe"=1 "SIGN.MEDIA=1947942 FastHTMLChecker30-db72so\Setup.exe"=1 "K:\wondershare-time-freeze-5131-jetelecharge.exe"=1 "SIGN.MEDIA=1654F3B1 wondershare-time-freeze-5131-jetelecharge.exe"=1 "C:\Users\widen-finalis\Downloads\windows.7.codec.pack.v4.1.7.setup.exe"=1 "C:\Users\widen-finalis\Downloads\klcp_update_1314_20170430.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0_VideoToAudio_v1.12_Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0_MultiDesktop_v1.17_Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 WindowMenuPlus v1.20 Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 TransparentMenu v1.20 Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 RightClicker v1.53 Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 ImageSizer v1.22 Installer.exe"=1 "SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0.VideoCutter.v1.07-Installer.exe"=1 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\D] : D:\DTVP30_Launcher.exe (AutoRun) [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\G] : G:\DTVP30_Launcher.exe (AutoRun) [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{71a3e526-3099-11e7-a762-1c750822b622}] : D:\DTVP30_Launcher.exe (AutoRun) [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{71a3e5c8-3099-11e7-a762-1c750822b622}] : D:\DTVP30_Launcher.exe (AutoRun) [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{bee88473-eaff-11e6-aa90-1c750822b622}] : G:\DTVP30_Launcher.exe (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x876E8EAE8054D201 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.110] avec 32 octets de donn?es?: R?ponse de 216.58.204.110?: octets=32 temps=102 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=43 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=43 ms TTL=55 R?ponse de 216.58.204.110?: octets=32 temps=44 ms TTL=55 Statistiques Ping pour 216.58.204.110: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 43ms, Maximum = 102ms, Moyenne = 58ms ---------- | @ [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "AlwaysShowMenus"=0 "StatusBarWeb"=0 "Start Page"=http://www.google.fr/ "Default_Page_URL"=http://acer.msn.com "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "DisableFirstRunCustomize"=1 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C00000002000000030000000083FFFF0083FFFFFFFFFFFFFFFFFFFF70000000040000009003000030020000 "NotifyDownloadComplete"=yes "DisableScriptDebuggerIE"=yes "OperationalData"=5 "ImageStoreRandomFolder"=mrqzngt "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "NoUpdateCheck"=1 "Use FormSuggest"=no "Default Download Directory"=C:\Users\widen-finalis\Downloads [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "EnableNegotiate"=1 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xA77C8F729F5BD201 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 "MaxConnectionsPerServer"=10 "MaxConnectionsPer1_0Server"=10 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://www.google.fr/ "Default_Page_URL"=http://www.google.fr/ "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.google.fr/ "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://www.google.fr/?q={searchTerms} "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc] "ProgID"=SNAP.DOC ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\egisPSDP] - {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll [27/05/2010 04:40:28] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=0 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={96BBC430-9900-4299-9F5D-7951AB36EFDF} "DownloadRetries"=0 "DefaultPackCorrection"=1 "KnownProvidersUpgradeTime"=0x1AB6121BA35BD201 "Version"=4 "UpgradeTime"=0x1347E745A35BD201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{BFD9D8A8-57FF-488A-B919-065EC77CF82F}"=0x00 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : ---------- | ElevationPolicy [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}] - (C:\Users\widen-finalis\AppData\Roaming\Spotify) - Spotify.exe : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575}] - (C:\Program Files\Foxit Software\Foxit Reader\) - FoxitReader.exe : C:\Program Files\Foxit Software\Foxit Reader\plugins\FoxitReaderBrowserAx.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - Silverlight.Configuration.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : %SystemRoot%\system32\wucltux.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14A4F162-54C8-449c-8D0B-A8D92F949583}] - (C:\Program Files\Steganos Privacy Suite 18) - passwordmanageriebroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\System32) - msspellcheckingfacility.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - agcp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254363DC-CC0E-47D3-B9F2-C4531366D4D1}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - wincomserver.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3214A3DF-F8D9-4A27-BF4D-FBBDE52E2E68}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - fdm.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61}] - (C:\Windows\system32\Adobe\Shockwave 12) - SwHelper_1228198.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B477573-B0C2-4C66-AA40-2890F74B2408}] - (C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - NativeMessagingEXE.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files\Windows Live\Mail\) - wlmail.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0B7A7C-8ECF-422f-9448-0874C41D4532}] - (%ProgramFiles%\Common Files\Microsoft Shared\Windows Live) - WLLoginProxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68934FDE-CDB1-42CC-A38B-A44B43B0785C}] - (C:\Windows\system32\Adobe\Director) - SWDNLD.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B7FB824-0A43-4bc2-B58D-F6386FEEFD84}] - (Choice Guard) - CGuard.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] - (C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63) - OberonBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8E307D0-1522-495E-A8A7-BA1441ECF670}] - (C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - FXC_ProxyProcess.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC155DD0-14EE-4F26-86AA-F974045CFE55}] - (C:\Program Files\Foxit Software\Foxit Reader\plugins\Creator) - FXC_ProxyProcess.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - () - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files\Windows Live\Messenger\) - msnmsgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files\Windows Live\Writer\) - WindowsLiveWriter.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}] - (c:\Program Files\McAfee\SiteAdvisor) - saUI.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\system32\Macromed\Flash) - FlashUtil10i_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFD9D8A8-57FF-488A-B919-065EC77CF82F}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash10i.ocx ---------- | Ext\Stats [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\System32\mshtml.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] : : C:\Windows\System32\ieframe.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFD9D8A8-57FF-488A-B919-065EC77CF82F}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash10i.ocx [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [22/01/2009 16:41:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] -> (Foxit PhantomPDF Create PDF ToolBar Helper) : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [31/03/2017 16:40:26] ---------- | Chrome [HKLM\Software\Google\Chrome\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "{00F0643E-B367-4779-B45D-7046EBA37A88}"=C:\Program Files\Steganos Privacy Suite 18\spmplugin3 "FFExtnHTML2PDF@foxitsoftware.com"=C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\Windows\system32\Adobe\Director\np32dsw_1228198.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | ActiveX [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - (Disable SSL3) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -DisableSSL3 [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe] : "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA} Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} Name: eDSPSDProtect - AppID: {023ED001-BA16-4467-B0D9-D098191C17A9} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488} Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df} Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323} Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: DTSLimiterDLL - AppID: {24E79C19-1F52-43CC-8684-BFA13340E72C} Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F} Name: ShredderContextMenu - AppID: {253C5D8C-536F-4140-9103-55F5B5442921} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: DTSVoiceClarityDLL - AppID: {272EFD2A-90BE-4E48-8557-3D9CEA0530A0} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00} Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: ConvertToPDFShellExtension - AppID: {2EAE6086-084B-4C42-B2CA-B30549B3D047} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B} Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B} Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0} Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} Name: EEL32A - AppID: {3D5781D9-B2FF-4396-8478-395412020995} Name: igfxcfg - AppID: {3D62E9A1-D243-11D2-B561-00A0C92E6848} Name: StarBurnXLib - AppID: {3DD7EA49-B5E1-4493-895D-C73562138FC0} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a} Name: McNAReg - AppID: {4743AB3F-566B-42ED-9F55-B561577663D2} Name: EEG32A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: ComProxy - AppID: {536BF835-F397-46D3-AD11-92642F8CABD9} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B} Name: EED32A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0} Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2} Name: Odyssey - AppID: {5F8FD45A-D58C-4AAD-8EDE-B9B78F02B959} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: McAlertHst - AppID: {66AEAB5B-1AC2-4504-B28D-667C2529858F} Name: DTSNeoPCDLL - AppID: {68976842-77A6-447F-83E8-97DF7A83A970} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: PDFPreviewHandlerHost - AppID: {6B127CFD-C642-4338-BC8C-472DF61E5A14} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: SUPERAntiSpywareContextMenuExtension - AppID: {746C91D0-C4A9-460A-B841-851A2B6F2C4B} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: DTSBassEnhancementDLL - AppID: {7E70FA0D-5DFA-4BA6-98C6-F10BBAAF7410} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: IPS - AppID: {86F9F754-EB88-4A94-A092-721F013CB10B} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: CavWp - AppID: {895A8A5F-FE77-4089-AF43-354D81EF1099} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: DTSSymmetryDLL - AppID: {91953DA9-4AB8-473A-BF6D-462FA2E58025} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60} Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44} Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: chext - AppID: {9D4C4C5F-EE90-4a6b-9245-244C369E4FAE} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134} Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: DTSBoostDLL - AppID: {A5900CCC-3E28-4F96-8410-C43BF113C279} Name: AIMPlugin - AppID: {A72B23B6-A76F-4E17-AEE0-50F10A9B5C9B} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: ContextHandler - AppID: {A805009D-B902-439A-8E64-26EE3507A12E} Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: AudialsPlayerApp - AppID: {AC34A1CE-3D65-4bf5-9055-F64BF4C71F70} Name: SwHelper_1228198 - AppID: {AF551664-D2DF-4E34-85DE-46320B13A0B4} Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: DTSGainCompensatorDLL - AppID: {B3D43A87-E6C7-4EC8-8546-CEB9EE9BD936} Name: KeyScrambler - AppID: {B4E5C8E2-DB42-48FA-9423-AAA706BCE970} Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA} Name: EASendMailObj - AppID: {B68B03DD-C8C4-49A6-9ACD-D427E9325754} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A} Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: DTSS2HeadphoneDLL - AppID: {BA291C7C-39AC-4331-9592-B694DA24BC89} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: FoxitPrevHndlr - AppID: {BD5BDF7D-9849-4FEF-AC02-28EE2E7C7C46} Name: ShellExtBridge118 - AppID: {BDED339F-DD12-48FB-A96D-24F690CBC085} Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497} Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83} Name: ConvertToPDFShellExtension_RD - AppID: {C88D8F9A-04DA-4008-B535-375F38366DDA} Name: McNASvc - AppID: {C8A49047-AFB0-4931-9314-ABAAC93E662B} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: DTSS2SpeakerDLL - AppID: {CF3C79C7-8096-4BF2-9684-9F6B832FAC23} Name: McSvHVer - AppID: {CFE68DFE-E6A3-48FC-A16B-0AE991E23576} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: sfFTPLib - AppID: {D6625767-E42E-491C-A919-9A71641572A4} Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE} Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400} Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: EAGetMailObj - AppID: {DE73C9C2-1C57-4306-99B9-CBFF7A423DA6} Name: FoxitThumbnailHndlr - AppID: {E1084781-9CA9-42EF-AC67-140D37CCD97E} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A} Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: McNAVer - AppID: {EC57D58E-0F20-4253-8C14-BD2B37BE5884} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: SWDNLD - AppID: {ED372EB0-5B14-484F-A27C-05FF89B6DF25} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: MyPrivilegedObject - AppID: {F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: Microsoft.Aspnet.Snapin.AspNetManagementUtility.4 - AppID: {F75B6772-91E4-4D2F-9D44-61A447109C2B} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: DefenderShellExt - AppID: {FF2EA936-C1E1-428D-9572-F4285AFC4F48} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv ---------- | SvcHost - Netsvcs (Whitelist) Term - : ---------- | Software [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\2BrightSparks] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\7-Zip] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Acer] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Admin Arsenal] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Adobe] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Aiseesoft Studio] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AOMEI] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AppDataLow] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Ashampoo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Bitdefender] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\BugSplat] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Canneverbe Limited] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Caphyon] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Chromium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Code Sector] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Codyssey] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Comodo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ComodoGroup] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Cygnus Solutions] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Disc Soft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Dritek] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Dropbox] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DropboxUpdate] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DVDVideoSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\EaseUS] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Elantech] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Encrypt4allSoftware] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Foxit Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\FreeDownloadManager.ORG] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Gabest] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\giveawayoftheday.com] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Glarysoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\GNU] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Google] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\HissenITMasterdata] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icaros] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icecream] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Informer Technologies, Inc.] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\InfraRecorder] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Innovative Solutions] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Insyde Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Intel] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\IrisTech] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\IvoSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\KillSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Laplink] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Licenses] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LiteManager] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Locky] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LopeSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\macrium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Macromedia] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Malwarebytes] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Marmiton] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Max Diesel] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MediaInfo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Moo0] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Mozilla] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MPC-HC] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Netscape] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\NetVoyage] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\nkN2QX8XUF] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\O&O] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Obsidium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\OEM] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Opera Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Panda Security] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Paramount Software (UK) Ltd.] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\PCurVersion] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Perigee Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Policies] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\QFX Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\RapidSolution] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Realtek] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Reason] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Remo Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Safer Networking Limited] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sanwhole] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Scadarlia] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\SharewareOnSale] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ShellExtBridge110] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sonix] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Spearit] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\StackDocklet] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Steganos] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\SUPERAntiSpyware.com] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\sysinternals] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\techPowerUp] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Thingamahoochie] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Trolltech] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\undefined] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix Standard] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Viv] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Vivaldi] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VOS] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WebTweakTools] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows 8 - Codec Pack] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows X] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WinRAR] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WinRAR SFX] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Wondershare] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Xilisoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ZHP] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\2BrightSparks] [HKLM\Software\7-Zip] [HKLM\Software\Acer] [HKLM\Software\Acer Incorporated] [HKLM\Software\ACLEngine] [HKLM\Software\Acronis] [HKLM\Software\Admin Arsenal] [HKLM\Software\Adobe] [HKLM\Software\America Online] [HKLM\Software\AppDataLow] [HKLM\Software\Ashampoo] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\AVC3] [HKLM\Software\Bitdefender] [HKLM\Software\Canneverbe Limited] [HKLM\Software\Caphyon] [HKLM\Software\Chicony Electronics Co.,Ltd.] [HKLM\Software\Clients] [HKLM\Software\Code Sector] [HKLM\Software\COMODO] [HKLM\Software\ComodoGroup] [HKLM\Software\Cygnus Solutions] [HKLM\Software\DebugMode] [HKLM\Software\Disc Soft] [HKLM\Software\Dritek] [HKLM\Software\DTS] [HKLM\Software\DVDVideoSoft] [HKLM\Software\EaseUS] [HKLM\Software\EgisTec] [HKLM\Software\EgisTec IPS] [HKLM\Software\EgisTec Shredder] [HKLM\Software\Foxit Software] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Gabest] [HKLM\Software\GNU] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Hummingbird] [HKLM\Software\Icaros] [HKLM\Software\Ignis] [HKLM\Software\Innovative Solutions] [HKLM\Software\Insyde Software] [HKLM\Software\Intel] [HKLM\Software\Interwoven] [HKLM\Software\IObit] [HKLM\Software\JavaSoft] [HKLM\Software\KillSoft] [HKLM\Software\KLCodecPack] [HKLM\Software\Laplink] [HKLM\Software\LAV] [HKLM\Software\Lavasoft] [HKLM\Software\LiteManagerTeam] [HKLM\Software\macrium] [HKLM\Software\Macromedia] [HKLM\Software\McAfee] [HKLM\Software\McAfeeInstaller] [HKLM\Software\Media Player - Codec Pack] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\MozillaPlugins-BackupByVivaldiPortable] [HKLM\Software\MSNSett] [HKLM\Software\muCommander] [HKLM\Software\Nero] [HKLM\Software\Notepad++] [HKLM\Software\Oberon Media] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OemSetup] [HKLM\Software\OOBEOffer] [HKLM\Software\Panda Security] [HKLM\Software\PeaZip] [HKLM\Software\PeaZip_additional] [HKLM\Software\Policies] [HKLM\Software\QFX Software] [HKLM\Software\RapidSolution] [HKLM\Software\Realtek] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Reason] [HKLM\Software\RegisteredApplications] [HKLM\Software\Remo Software] [HKLM\Software\Runtime Software] [HKLM\Software\Shadow Defender] [HKLM\Software\Simply Super Software] [HKLM\Software\Skype] [HKLM\Software\SonicFocus] [HKLM\Software\Sony Corporation] [HKLM\Software\SOSVirus] [HKLM\Software\Spearit] [HKLM\Software\SRS Labs] [HKLM\Software\Start Menu Reviver] [HKLM\Software\Steganos] [HKLM\Software\SUPERAntiSpyware.com] [HKLM\Software\sysinternals] [HKLM\Software\TechSmith] [HKLM\Software\Thingamahoochie] [HKLM\Software\trolCommander] [HKLM\Software\TVInstallTemp] [HKLM\Software\WafCX] [HKLM\Software\Waves Audio] [HKLM\Software\Windows 8 - Codec Pack] [HKLM\Software\Windows X] [HKLM\Software\WinRAR] [HKLM\Software\Wondershare] [HKLM\Software\Wow6432Node] [HKLM\Software\Xilisoft] [HKLM\Software\Xiph.Org] [HKLM\SOFTWARE\AppDataLow\Software\Adobe] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | FeatureControl [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "VideoDownloaderUltimate.exe"="11001" "Notifier.exe"="11001" "ServiceProvider.exe"="8000" "burningstudio2017.exe"="11001" "softinfo.exe"="11000" "ashsnap.exe"="11001" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801] "burningstudio2017.exe"="1" "ashsnap.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "burningstudio2017.exe"="1" "ashsnap.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "softinfo.exe"="0" "burningstudio2017.exe"="1" "ashsnap.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "burningstudio2017.exe"="10" "ashsnap.exe"="10" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "burningstudio2017.exe"="10" "ashsnap.exe"="10" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "burningstudio2017.exe"="1" "ashsnap.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "WindowsAnytimeUpgradeUI.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "prevhost.exe"="8" "sllauncher.exe"="8000" "Filmora.exe"="9999" "AudialsNotifier.exe"="11000" "Audials.exe"="11000" "Scadarlia"="11001" "softinfo.exe"="11000" "FoxitReader.exe"="11000" "AcqWeb.exe"="11001" "FoxitPhantomPDF.exe"="11000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING] "iexplore.exe"="1" "*"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGuiIT.exe"="0" "SAPGUI.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "sllauncher.exe"="0" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "softinfo.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES] "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"="1" "cs.exe"="1" "waol.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "sllauncher.exe"="1" "wlmail.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "sllauncher.exe"="6" "iexplore.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "sllauncher.exe"="6" "iexplore.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "winmail.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "sllauncher.exe"="1" "WindowsLiveWriter.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"="1" "msimn.exe"="1" "outlook.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" "winword.exe"="1" "excel.exe"="1" "powerpnt.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "PresentationHost.exe"="1" "wlmail.exe"="1" ---------- | The Created last ones ? Modified [MD5.00000000000000000000000000000000] - [04/05/2017 13:48:38] - |D| - [110679484] - C:\Program Files\2BrightSparks [MD5.00000000000000000000000000000000] - [04/05/2017 16:54:45] - |D| - [3631890] - C:\Program Files\7-Zip [MD5.00000000000000000000000000000000] - [04/05/2017 13:59:41] - |D| - [26483846] - C:\Program Files\Admin Arsenal [MD5.00000000000000000000000000000000] - [04/05/2017 13:55:17] - |D| - [114964283] - C:\Program Files\Aiseesoft Studio [MD5.00000000000000000000000000000000] - [04/05/2017 13:31:22] - |D| - [178921790] - C:\Program Files\AOMEI PE Builder 1.5 [MD5.00000000000000000000000000000000] - [04/05/2017 14:31:48] - |D| - [3072443] - C:\Program Files\AxBx [MD5.00000000000000000000000000000000] - [04/05/2017 13:39:30] - |D| - [3896388] - C:\Program Files\BatteryCare [MD5.00000000000000000000000000000000] - [04/05/2017 14:57:36] - |D| - [5568913] - C:\Program Files\Bitdefender [MD5.00000000000000000000000000000000] - [05/05/2017 10:15:18] - |D| - [214674689] - C:\Program Files\Caphyon [MD5.00000000000000000000000000000000] - [04/05/2017 17:19:53] - |D| - [19783313] - C:\Program Files\CDBurnerXP [MD5.00000000000000000000000000000000] - [04/05/2017 17:41:48] - |D| - [0] - C:\Program Files\Classic Shell [MD5.00000000000000000000000000000000] - [04/05/2017 14:16:05] - |D| - [2922805] - C:\Program Files\Codyssey [MD5.00000000000000000000000000000000] - [04/05/2017 15:25:45] - |D| - [9889635] - C:\Program Files\DebugMode [MD5.00000000000000000000000000000000] - [04/05/2017 14:36:06] - |D| - [2334479] - C:\Program Files\DIY DataRecovery CHK-Mate [MD5.00000000000000000000000000000000] - [04/05/2017 14:27:20] - |D| - [109326462] - C:\Program Files\DVDVideoSoft [MD5.00000000000000000000000000000000] - [05/05/2017 09:02:40] - |D| - [660444] - C:\Program Files\Easy File Locker [MD5.00000000000000000000000000000000] - [06/05/2017 19:31:41] - |D| - [2296753] - C:\Program Files\Encrypt4all Software [MD5.00000000000000000000000000000000] - [04/05/2017 11:57:47] - |D| - [2397966] - C:\Program Files\Eyes Relaxing And Focusing 3.0 [MD5.00000000000000000000000000000000] - [04/05/2017 15:07:17] - |D| - [5333899] - C:\Program Files\Fast File Copy by Daanav.com [MD5.00000000000000000000000000000000] - [06/05/2017 19:58:12] - |D| - [23167086] - C:\Program Files\Fast HTML Checker [MD5.00000000000000000000000000000000] - [04/05/2017 13:48:01] - |D| - [4256380] - C:\Program Files\FastStone Photo Resizer [MD5.00000000000000000000000000000000] - [04/05/2017 11:53:52] - |D| - [12054580] - C:\Program Files\FolderIco [MD5.00000000000000000000000000000000] - [06/05/2017 19:53:40] - |D| - [66514695] - C:\Program Files\FolderViewer [MD5.00000000000000000000000000000000] - [05/05/2017 08:03:41] - |D| - [2912439] - C:\Program Files\Foolish IT [MD5.00000000000000000000000000000000] - [05/05/2017 08:44:28] - |D| - [854004164] - C:\Program Files\Foxit Software [MD5.00000000000000000000000000000000] - [04/05/2017 14:35:06] - |D| - [20641460] - C:\Program Files\FreeCodecPack [MD5.00000000000000000000000000000000] - [04/05/2017 19:32:05] - |D| - [39677851] - C:\Program Files\Glary Utilities 5 [MD5.00000000000000000000000000000000] - [04/05/2017 14:21:52] - |D| - [0] - C:\Program Files\Google [MD5.00000000000000000000000000000000] - [04/05/2017 13:29:07] - |D| - [3272674] - C:\Program Files\GPU-Z [MD5.00000000000000000000000000000000] - [04/05/2017 17:04:30] - |D| - [3114284] - C:\Program Files\Greenshot [MD5.00000000000000000000000000000000] - [04/05/2017 15:09:32] - |D| - [6502962] - C:\Program Files\GridinSoft Anti-Ransomware [MD5.00000000000000000000000000000000] - [04/05/2017 14:20:39] - |D| - [98286679] - C:\Program Files\GUM66A5.tmp [MD5.00000000000000000000000000000000] - [04/05/2017 11:33:09] - |D| - [160193397] - C:\Program Files\HissenITMasterdata [MD5.00000000000000000000000000000000] - [04/05/2017 15:01:42] - |D| - [86290573] - C:\Program Files\Icecream Screen Recorder [MD5.00000000000000000000000000000000] - [05/05/2017 10:42:12] - |D| - [31687763] - C:\Program Files\iGetting Audio [MD5.00000000000000000000000000000000] - [04/05/2017 17:16:14] - |D| - [14092247] - C:\Program Files\InfraRecorder [MD5.00000000000000000000000000000000] - [04/05/2017 17:27:37] - |D| - [64165780] - C:\Program Files\Innovative Solutions [MD5.00000000000000000000000000000000] - [04/05/2017 21:26:43] - |D| - [82139237] - C:\Program Files\K-Lite Codec Pack [MD5.00000000000000000000000000000000] - [04/05/2017 11:46:13] - |D| - [110319158] - C:\Program Files\Kotobee Author [MD5.00000000000000000000000000000000] - [04/05/2017 11:48:37] - |D| - [106722852] - C:\Program Files\Kotobee Publisher [MD5.00000000000000000000000000000000] - [04/05/2017 11:47:41] - |D| - [78140732] - C:\Program Files\Kotobee Reader [MD5.00000000000000000000000000000000] - [04/05/2017 12:06:03] - |D| - [27155131] - C:\Program Files\LiteManager Pro - Server [MD5.00000000000000000000000000000000] - [04/05/2017 12:02:17] - |D| - [45912271] - C:\Program Files\LiteManager Pro - Viewer [MD5.00000000000000000000000000000000] - [05/05/2017 10:19:18] - |D| - [15151271] - C:\Program Files\LopeSoft [MD5.00000000000000000000000000000000] - [06/05/2017 20:01:26] - |D| - [3455030] - C:\Program Files\MetroTextual [MD5.00000000000000000000000000000000] - [04/05/2017 20:47:56] - |D| - [109212603] - C:\Program Files\Microsoft VS Code [MD5.00000000000000000000000000000000] - [04/05/2017 15:21:55] - |D| - [91562365] - C:\Program Files\MiniCopier [MD5.00000000000000000000000000000000] - [08/05/2017 08:19:29] - |D| - [110566380] - C:\Program Files\Moo0 [MD5.00000000000000000000000000000000] - [04/05/2017 13:47:40] - |D| - [11412989] - C:\Program Files\muCommander [MD5.00000000000000000000000000000000] - [04/05/2017 14:18:09] - |D| - [16158791] - C:\Program Files\MultiCommander [MD5.00000000000000000000000000000000] - [04/05/2017 15:15:08] - |D| - [17198723] - C:\Program Files\NiceCopier [MD5.00000000000000000000000000000000] - [04/05/2017 17:00:29] - |D| - [7158928] - C:\Program Files\Notepad++ [MD5.00000000000000000000000000000000] - [04/05/2017 14:41:37] - |D| - [0] - C:\Program Files\Opera [MD5.00000000000000000000000000000000] - [04/05/2017 15:21:04] - |D| - [2130609] - C:\Program Files\Panda USB Vaccine [MD5.00000000000000000000000000000000] - [04/05/2017 17:34:02] - |D| - [27786479] - C:\Program Files\PeaZip [MD5.00000000000000000000000000000000] - [04/05/2017 15:27:31] - |D| - [1800193] - C:\Program Files\PerigeeCopy [MD5.00000000000000000000000000000000] - [06/05/2017 20:04:15] - |D| - [2312029] - C:\Program Files\Remembr [MD5.00000000000000000000000000000000] - [05/05/2017 10:21:07] - |D| - [82126198] - C:\Program Files\Remo Convert OST to PST [MD5.00000000000000000000000000000000] - [05/05/2017 10:21:57] - |D| - [22447993] - C:\Program Files\Remo Drive Defrag [MD5.00000000000000000000000000000000] - [05/05/2017 10:22:37] - |D| - [30643031] - C:\Program Files\Remo Drive Wipe [MD5.00000000000000000000000000000000] - [05/05/2017 10:28:26] - |D| - [35232570] - C:\Program Files\Remo File Eraser 2.0 [MD5.00000000000000000000000000000000] - [05/05/2017 10:24:39] - |D| - [61179303] - C:\Program Files\Remo MORE [MD5.00000000000000000000000000000000] - [05/05/2017 10:26:49] - |D| - [31269429] - C:\Program Files\Remo Outlook Backup & Migrate [MD5.00000000000000000000000000000000] - [05/05/2017 10:27:14] - |D| - [28695814] - C:\Program Files\Remo Privacy Cleaner [MD5.00000000000000000000000000000000] - [05/05/2017 10:29:25] - |D| - [68037905] - C:\Program Files\Remo Recover for Android 2.0 [MD5.00000000000000000000000000000000] - [05/05/2017 10:29:13] - |D| - [64948427] - C:\Program Files\Remo Recover FREE Edition [MD5.00000000000000000000000000000000] - [05/05/2017 10:26:39] - |D| - [21847932] - C:\Program Files\Remo Repair MOV 2.0 [MD5.00000000000000000000000000000000] - [05/05/2017 10:26:56] - |D| - [21449796] - C:\Program Files\Remo Repair PowerPoint 2.0 [MD5.00000000000000000000000000000000] - [05/05/2017 10:28:50] - |D| - [20989402] - C:\Program Files\Remo Repair RAR 2.0 [MD5.00000000000000000000000000000000] - [05/05/2017 10:28:30] - |D| - [56330078] - C:\Program Files\Remo Repair Registry [MD5.00000000000000000000000000000000] - [05/05/2017 10:28:40] - |D| - [21088550] - C:\Program Files\Remo Repair ZIP 2.0 [MD5.00000000000000000000000000000000] - [04/05/2017 15:08:38] - |D| - [844689] - C:\Program Files\Roadkil.Net [MD5.00000000000000000000000000000000] - [05/05/2017 07:20:30] - |D| - [3868027] - C:\Program Files\Runtime Software [MD5.00000000000000000000000000000000] - [04/05/2017 11:31:33] - |D| - [68501856] - C:\Program Files\Sanwhole [MD5.00000000000000000000000000000000] - [08/05/2017 08:03:32] - |D| - [505707] - C:\Program Files\SEAF [MD5.00000000000000000000000000000000] - [04/05/2017 13:57:58] - |D| - [3877191] - C:\Program Files\Shadow Defender [MD5.00000000000000000000000000000000] - [04/05/2017 14:47:25] - |D| - [2245603] - C:\Program Files\ShadowExplorer [MD5.00000000000000000000000000000000] - [04/05/2017 14:25:00] - |D| - [6222274] - C:\Program Files\Spybot Anti-Beacon [MD5.00000000000000000000000000000000] - [06/05/2017 20:08:21] - |D| - [9908224] - C:\Program Files\SUPERAntiSpyware [MD5.00000000000000000000000000000000] - [06/05/2017 20:02:30] - |D| - [8989134] - C:\Program Files\System Ninja [MD5.00000000000000000000000000000000] - [04/05/2017 19:13:57] - |D| - [65780407] - C:\Program Files\TeamViewer [MD5.00000000000000000000000000000000] - [05/05/2017 05:01:00] - |D| - [11373214] - C:\Program Files\TechSmith [MD5.00000000000000000000000000000000] - [04/05/2017 14:35:30] - |D| - [19791548] - C:\Program Files\Trojan Remover [MD5.00000000000000000000000000000000] - [04/05/2017 13:49:29] - |D| - [36830654] - C:\Program Files\trolCommander [MD5.00000000000000000000000000000000] - [06/05/2017 20:12:12] - |D| - [125854142] - C:\Program Files\UX Pack [MD5.00000000000000000000000000000000] - [04/05/2017 16:22:54] - |D| - [124966006] - C:\Program Files\VideoLAN [MD5.00000000000000000000000000000000] - [05/05/2017 10:57:38] - |D| - [32295800] - C:\Program Files\VivPDF Editor [MD5.00000000000000000000000000000000] - [04/05/2017 17:20:01] - |D| - [8484844] - C:\Program Files\WinMerge [MD5.00000000000000000000000000000000] - [04/05/2017 17:14:03] - |D| - [4867889] - C:\Program Files\WinRAR [MD5.00000000000000000000000000000000] - [05/05/2017 09:49:27] - |D| - [32256] - C:\Program Files\WiPS Golden 2.1 [MD5.00000000000000000000000000000000] - [04/05/2017 13:53:32] - |D| - [379806596] - C:\Program Files\Xilisoft [MD5.00000000000000000000000000000000] - [04/05/2017 16:02:17] - |D| - [6458985] - C:\Program Files\Xiph.Org [MD5.E7EDA9CE45F0E63CC811A3568F3D26DC] - [04/05/2017 13:58:20] - |A| - [64] - C:\Windows\diskpt.crt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - [0] - C:\Windows\diskpt.dat [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - [0] - C:\Windows\diskptex.dat [MD5.CD2200309CF3272C1E4CE018F3B0F443] - [07/05/2017 08:57:00] - |A| - [48114] - C:\Windows\driveicon.ico [MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - |A| - [2616320] - C:\Windows\explorer.exe [MD5.4116CE62E6CBBBD7D0D5B4A20B89FB59] - [07/05/2017 09:06:44] - |A| - [916480] - C:\Windows\expstart.exe [MD5.D6F717B7F6F2D38BFAC991D7D02D9C86] - [06/05/2017 20:31:19] - |A| - [1996] - C:\Windows\hosts [MD5.8D132E1FF8BD600905DD81FC24E985E4] - [07/05/2017 18:01:49] - |A| - [188226985] - C:\Windows\MEMORY.DMP [MD5.00000000000000000000000000000000] - [07/05/2017 18:02:06] - |D| - [145424] - C:\Windows\Minidump [MD5.3C553D61A2270FB53DB6DA0A9FB54A55] - [07/05/2017 15:02:42] - |A| - [512] - C:\Windows\MirDetected.bin [MD5.00000000000000000000000000000000] - [06/05/2017 21:16:17] - |D| - [3567104] - C:\Windows\UXBackup [MD5.2BF7CEA794A8450B03159A2854A15511] - [06/05/2017 20:14:17] - |A| - [352256] - C:\Windows\uxpack.icons [MD5.7255732B7ED89086BEA8DD5C4014E57B] - [06/05/2017 20:14:18] - |A| - [2413056] - C:\Windows\UxStyle_Core_Jul13_x86.msi [MD5.22A43F0783307C94C79478FD4078A7E0] - [04/05/2017 10:19:04] - |A| - [6634] - C:\Windows\W7Patcher_x86_Uninstall.log [MD5.72F2D357120F95C1E725C22915FE95E1] - [04/05/2017 14:19:35] - |A| - [193] - C:\Windows\WORDPAD.INI [MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 09:02:57] - |A| - [36] - C:\Windows\xlkfs.log [MD5.5ACF52CA9954686443AC53099E5008A4] - [04/05/2017 13:49:17] - |A| - [40435712] - C:\Windows\Installer\1373ae6.msi [MD5.7BA30BB7E15475F6027E86E86EA973CE] - [04/05/2017 20:41:00] - |A| - [3354624] - C:\Windows\Installer\543e7ea.msi [MD5.0D433FA036476D588447453E44BD3D9A] - [05/05/2017 09:12:27] - |A| - [315478016] - C:\Windows\Installer\543e7ef.msi [MD5.A53B41AE0580EE5443CC5BE38855B343] - [06/05/2017 19:55:24] - |A| - [417792] - C:\Windows\Installer\ccfeab2.msi [MD5.D10EE23BCF5C43838AC77213984E72A8] - [06/05/2017 21:53:21] - |A| - [17419] - C:\Windows\Installer\MSI40F7.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 14:01:56] - |A| - [0] - C:\Windows\Installer\wix{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}.SchedServiceConfig.rmi [MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2} [MD5.00000000000000000000000000000000] - [04/05/2017 12:02:22] - |D| - [366816] - C:\Windows\Installer\{5686E484-7136-4674-A4B2-508C7B26DCA4} [MD5.00000000000000000000000000000000] - [05/05/2017 10:17:21] - |D| - [269673] - C:\Windows\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011} [MD5.00000000000000000000000000000000] - [04/05/2017 14:01:33] - |D| - [355574] - C:\Windows\Installer\{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E} [MD5.00000000000000000000000000000000] - [04/05/2017 11:31:39] - |D| - [825906] - C:\Windows\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2} [MD5.00000000000000000000000000000000] - [04/05/2017 12:06:07] - |D| - [313872] - C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C} [MD5.00000000000000000000000000000000] - [05/05/2017 09:24:31] - |D| - [2603292] - C:\Windows\Installer\{78A42908-2050-11E7-94A8-000C2992F709} [MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{84875F6F-2996-4469-BF1D-F59A85C5C702} [MD5.00000000000000000000000000000000] - [06/05/2017 19:55:23] - |D| - [12374833] - C:\Windows\Installer\{8751AE19-FF09-42CB-8316-C9615DDD02AC} [MD5.00000000000000000000000000000000] - [05/05/2017 05:01:14] - |D| - [316416] - C:\Windows\Installer\{8C784F8B-89D0-4A59-A000-7EEF129E1574} [MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{DAC390BA-1387-4DF8-A9BC-683E81E77E86} [MD5.FC726DD94F4DD4028A976FCC4DBF0C43] - [07/05/2017 15:44:00] - |A| - [122880] - C:\Windows\system32\ac3acm.acm [MD5.00000000000000000000000000000000] - [04/05/2017 16:55:12] - |D| - [35569591] - C:\Windows\system32\Adobe [MD5.28936CBC6C4459D9AB656FB894E3090E] - [06/05/2017 21:16:50] - |A| - [1795584] - C:\Windows\system32\authui.dll [MD5.67C1B58706B47EEBA4E117AC197289E6] - [06/05/2017 21:16:59] - |A| - [740864] - C:\Windows\system32\batmeter.dll [MD5.F977BE7B8C5462087374364EAFB3C15B] - [06/05/2017 21:17:05] - |A| - [10752] - C:\Windows\system32\browseui.dll [MD5.E62EE6F1EFC85CB36D62AB779DB6E4EC] - [06/05/2017 20:14:37] - |A| - [517120] - C:\Windows\system32\CLWCP.exe [MD5.5CB2886338C82E388F68557E2745200F] - [06/05/2017 21:17:11] - |A| - [1498624] - C:\Windows\system32\ExplorerFrame.dll [MD5.0554D656B9DCAE7E3DA72659DFACB67A] - [07/05/2017 15:43:55] - |A| - [112128] - C:\Windows\system32\ff_vfw.dll [MD5.335A224416BA985EAFA71D15C004F702] - [07/05/2017 15:44:00] - |A| - [39936] - C:\Windows\system32\huffyuv.dll [MD5.0E5AE41049351ED936A11FE3AFB729E4] - [06/05/2017 21:17:18] - |A| - [28063232] - C:\Windows\system32\imageres.dll [MD5.ACAA3955AEF5BE4B3A1035566A34CD7D] - [04/05/2017 08:30:44] - |A| - [236792] - C:\Windows\system32\iseguard32.dll [MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - [07/05/2017 15:44:00] - |A| - [216064] - C:\Windows\system32\lagarith.dll [MD5.2B24DB82C3C6A590591039153536183A] - [07/05/2017 15:44:00] - |A| - [473088] - C:\Windows\system32\lameACM.acm [MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - [07/05/2017 15:44:01] - |A| - [415] - C:\Windows\system32\lame_acm.xml [MD5.B13BC3C4BBA6A405613D0B24EB259B29] - [07/05/2017 15:06:51] - |A| - [131072] - C:\Windows\system32\MirDisk.cfg [MD5.57024392A88E8BAEC1FD86CBE246B46C] - [07/05/2017 15:08:44] - |A| - [51200] - C:\Windows\system32\MirFolder.cfg [MD5.F749878A7974CF018B5AE2E10C7D8358] - [07/05/2017 17:05:01] - |A| - [2621440000] - C:\Windows\system32\MirSwap [MD5.FD8E9EEBFF89AE09091C714A4221421F] - [07/05/2017 15:06:51] - |A| - [131072] - C:\Windows\system32\mkdw48.acy [MD5.DC5705DEA815444A11EF32D71060B898] - [06/05/2017 20:11:35] - |A| - [69632] - C:\Windows\system32\moveex.exe [MD5.B83967E8E83318C36A2D4EF76EBD1D3B] - [07/05/2017 08:51:53] - |A| - [76288] - C:\Windows\system32\moveex.x64 [MD5.AECB4512F0F4CFB959BB74422B8DE571] - [07/05/2017 15:03:34] - |A| - [21464] - C:\Windows\system32\NaBootMir.exe [MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - [04/05/2017 14:32:34] - |A| - [71096] - C:\Windows\system32\NMSAccessU.exe [MD5.0C100E0085F62A51E3202EB8F5997687] - [06/05/2017 20:11:36] - |A| - [7680] - C:\Windows\system32\PEChecksum.exe [MD5.82B36D39067C90E20114AE1F87C2BEBB] - [07/05/2017 08:51:53] - |A| - [15872] - C:\Windows\system32\PEChecksum.x64 [MD5.00000000000000000000000000000000] - [04/05/2017 14:25:32] - |D| - [30455] - C:\Windows\system32\PolicyDefinitions [MD5.63933941E56CBA2B65BDF51F72D4A341] - [04/05/2017 12:06:28] - |A| - [323520] - C:\Windows\system32\ROMwln.dll [MD5.F5C5B3A75783BEFF7257EABA026783CA] - [05/05/2017 10:21:26] - |A| - [7963240] - C:\Windows\system32\rsror32.dll [MD5.3FE1177C731A499D875FFD2555C0EED1] - [05/05/2017 10:21:27] - |A| - [2451048] - C:\Windows\system32\rsrorx32.dll [MD5.00000000000000000000000000000000] - [08/05/2017 08:40:37] - |D| - [7102464] - C:\Windows\system32\ShellExtBridge [MD5.B71EDD2C82F513AACCD3059635F483EA] - [04/05/2017 14:30:05] - |A| - [692224] - C:\Windows\system32\SyncBackPro.dll [MD5.7321B7749A743F14E16648B7C103B90D] - [06/05/2017 20:14:27] - |A| - [196662] - C:\Windows\system32\uxstartup.bmp [MD5.9D54CFACA40A430B78191CF3071FFA7B] - [07/05/2017 15:43:59] - |A| - [3613696] - C:\Windows\system32\x264vfw.dll [MD5.9F46C6AFDA41FAB966914EEFAC86A6BC] - [07/05/2017 15:43:58] - |A| - [674816] - C:\Windows\system32\xvidcore.dll [MD5.98137DD9449C4F2FEA17F641F0893D3C] - [07/05/2017 15:43:58] - |A| - [282112] - C:\Windows\system32\xvidvfw.dll [MD5.242189D5C420C14F4BE70E26175C2927] - [04/05/2017 13:58:14] - |A| - [351600] - C:\Windows\system32\Drivers\diskpt.sys [MD5.899D9A335D58EA818936B6D7439C2394] - [07/05/2017 14:58:46] - |A| - [37016] - C:\Windows\system32\Drivers\FolderHK.sys [MD5.EE7A27F531CBD33928059F8BB0E31E34] - [06/05/2017 21:46:52] - |A| - [1956] - C:\Windows\system32\Drivers\fvstore.dat [MD5.B653E03B1479ADCF69D164BB6DD65562] - [04/05/2017 15:30:42] - |A| - [29968] - C:\Windows\system32\Drivers\gsars.sys [MD5.07DE3E7A109069B56059BF910FB55CF6] - [04/05/2017 15:45:48] - |A| - [33552] - C:\Windows\system32\Drivers\gsinspect.sys [MD5.C2C0BB2CEC7218280018AA26C2AF4636] - [07/05/2017 14:58:48] - |A| - [33896] - C:\Windows\system32\Drivers\HKDirFlt.sys [MD5.048C878140F1DA2C560820EBFB541EB8] - [04/05/2017 08:30:45] - |A| - [40952] - C:\Windows\system32\Drivers\isedrv.sys [MD5.CBF574D0FE60DD69E12ABF8D3BB68A3B] - [07/05/2017 14:58:48] - |A| - [28648] - C:\Windows\system32\Drivers\MirDisk.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2017 16:08:34] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [MD5.CF30D43BD112080BAF33667651CBD1B0] - [05/05/2017 10:28:42] - |A| - [49424] - C:\Windows\system32\Drivers\rsblk.sys [MD5.B8EAC99B14772BDC36CA963AED109FA2] - [05/05/2017 10:23:35] - |A| - [22312] - C:\Windows\system32\Drivers\rsdrv.sys ---------- | Drives A: D: [11/04/2017 08:38:33] - |A| - (. - .) - [552] - (0.0.0.0) - D:\COMODO TrustConnect (VPN).lnk [13/04/2017 19:00:45] - |A| - (. - .) - [1107968] - (0.0.0.0) - D:\RSIT.exe [23/03/2017 22:37:48] - |H| - (. - .) - [16] - (0.0.0.0) - D:\AUTORUN.INF F: G: [25/09/2014 23:56:44] - |R| - (.Copyright (C) 2014 - DTVaultPrivacy MFC Application.) - [1173840] - (3.0.0.6) - G:\DTVP30_Launcher.exe [19/10/2013 01:18:27] - |R| - (. - .) - [71] - (0.0.0.0) - G:\autorun.inf I: [07/05/2017 23:34:48] - |A| - (.© 2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4555968] - (3.17.0.10) - I:\DriveD.exe J: [05/02/2017 21:47:15] - |A| - (. - .) - [552] - (0.0.0.0) - J:\COMODO TrustConnect (VPN).lnk [02/03/2016 17:57:54] - |A| - (.© 2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4555968] - (3.17.0.10) - J:\DriveD.exe [05/02/2017 21:47:13] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - J:\rkill.exe [15/02/2017 05:05:46] - |A| - (. - .) - [77103600] - (12.0.0.58851) - J:\pcmover_fr_10.exe [24/03/2017 08:52:43] - |H| - (. - .) - [16] - (0.0.0.0) - J:\AUTORUN.INF X: [30/09/2016 07:06:18] - |A| - (. - .) - [410] - (0.0.0.0) - X:\ampa.ini Y: [08/02/2017 02:00:00] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [10640704] - (3.7.14.264) - Y:\SophosClean.exe [26/01/2017 02:00:00] - |A| - (. - .) - [1836] - (0.0.0.0) - Y:\a2settings.ini Z: ---------- | C: [14/07/2009 04:36:15] - |SHD| - [129] - C:\$Recycle.Bin [21/12/2016 23:46:44] - |D| - [103561309] - C:\AdwCleaner [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 04:04:04] - |A| - (. - .) - [24] - (0.0.0.0) - C:\autoexec.bat [12/12/2016 23:00:34] - |RD| - [2136042861] - C:\Backup [05/12/2016 11:13:31] - |AD| - [86054683] - C:\book [17/09/2010 09:22:05] - |SHD| - [185285658] - C:\Boot [MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [17/09/2010 09:22:06] - |RASH| - (. - .) - [383562] - (0.0.0.0) - C:\bootmgr [MD5.117A26124A6997CB68A7984E2EA6ECCE] - [17/09/2010 09:22:07] - |RASH| - (. - .) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 04:04:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys [14/07/2009 06:53:55] - |SHD| - [0] - C:\Documents and Settings [10/12/2016 18:43:28] - |D| - [1478656] - C:\ESD [22/12/2016 05:14:29] - |D| - [0] - C:\EverySync [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/12/2016 11:07:11] - |ASH| - (. - .) - [796729344] - (0.0.0.0) - C:\hiberfil.sys [17/09/2010 08:58:43] - |D| - [0] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\IO.SYS [04/05/2017 14:47:36] - |D| - [920997] - C:\MARMITON [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\MSDOS.SYS [17/09/2010 09:16:45] - |D| - [2596616670] - C:\OEM [MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/12/2016 14:59:09] - |ASH| - (. - .) - [1372729344] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 04:37:05] - |D| - [0] - C:\PerfLogs [06/12/2016 05:41:40] - |D| - [86564150] - C:\Pre_Scan [MD5.4A05452D6D1BB76283349BA16F876649] - [07/12/2016 15:15:57] - |A| - (. - .) - [6590] - (0.0.0.0) - C:\Pre_Scan.txt [14/07/2009 04:37:05] - |RD| - [10327091782] - C:\Program Files [14/07/2009 04:37:05] - |HD| - [5240466328] - C:\ProgramData [06/12/2016 05:50:01] - |D| - [262067] - C:\QuickDiag [MD5.A428D446A34CD13DDB7A7DBB55EFD5EE] - [08/05/2017 08:08:16] - |A| - (. - .) - [215939] - (0.0.0.0) - C:\QuickDiag.txt [12/12/2016 16:02:56] - |SHD| - [260722604] - C:\Recovery [MD5.4E0E6588697C22A5D2E6C9F2F699EE4D] - [06/12/2016 09:15:11] - |A| - (. - .) - [301898] - (0.0.0.0) - C:\Reflect_Install.log [MD5.70A86849D2637DC3D597351A2F62834A] - [17/09/2010 09:10:23] - |A| - (. - .) - [2089] - (0.0.0.0) - C:\RHDSetup.log [07/12/2016 13:49:08] - |D| - [0] - C:\rsit [05/12/2016 19:53:59] - |D| - [0] - C:\SauvegardePersonnelle [04/05/2017 10:16:17] - |D| - [59502164] - C:\SkinPack [05/12/2016 11:07:11] - |SHD| - [0] - C:\System Volume Information [04/05/2017 23:46:48] - |RD| - [130802992] - C:\Unreal Commander [15/12/2016 08:09:08] - |D| - [28759887] - C:\UsbFix [14/07/2009 04:37:05] - |RD| - [11724503102] - C:\Users [06/05/2017 21:47:31] - |HD| - [0] - C:\VTRoot [04/05/2017 10:19:05] - |HD| - [24770560] - C:\W7P_Backups [12/07/2007 03:48:01] - |D| - [18216082000] - C:\Windows ---------- | C:\Windows [MD5.065919847CF1C1C0A1C5F63C488EB54B] - [17/09/2010 09:26:45] - |A| - (. - .) - [33] - (0.0.0.0) - C:\Windows\0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/09/2010 08:57:00] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\Acer.tag [04/02/2017 18:41:27] - |D| - [0] - C:\Windows\Acronis [14/07/2009 06:52:30] - |D| - [802] - C:\Windows\addins [14/07/2009 04:37:05] - |D| - [112290] - C:\Windows\AppCompat [14/07/2009 04:37:05] - |D| - [9913976] - C:\Windows\AppPatch [14/07/2009 04:37:05] - |RSD| - [866539318] - C:\Windows\assembly [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [14/12/2016 19:44:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 04:37:06] - |D| - [18304606] - C:\Windows\Boot [MD5.E14C43046B4F7D7A108B668EB176A521] - [14/07/2009 06:57:37] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 04:37:06] - |D| - [3233280] - C:\Windows\Branding [MD5.6FBB766EB79F9EED3684194EEAF838DF] - [12/12/2016 23:50:28] - |A| - (. - .) - [11453] - (0.0.0.0) - C:\Windows\ChangeLang_Done.tag [MD5.3A12D0855904754EB55D5A05BD301683] - [17/09/2010 03:45:55] - |A| - (. - .) - [10] - (0.0.0.0) - C:\Windows\CSUP.TXT [14/07/2009 04:37:06] - |D| - [4853400] - C:\Windows\Cursors [14/07/2009 06:34:21] - |D| - [0] - C:\Windows\debug [06/10/2009 04:29:32] - |AD| - [254527] - C:\Windows\DeployWinRE2 [MD5.337F31202C81C9DC45F52600F41EF046] - [12/12/2016 15:21:00] - |A| - (. - .) - [14947] - (0.0.0.0) - C:\Windows\devices.txt [14/07/2009 06:52:30] - |D| - [3042330] - C:\Windows\diagnostics [14/07/2009 06:56:48] - |D| - [0] - C:\Windows\DigitalLocker [MD5.E7EDA9CE45F0E63CC811A3568F3D26DC] - [04/05/2017 13:58:20] - |A| - (. - .) - [64] - (0.0.0.0) - C:\Windows\diskpt.crt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\diskpt.dat [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\diskptex.dat [MD5.3B3E3D81B9F4FAB89AC0B2769ABE17D3] - [14/12/2016 07:08:12] - |A| - (. - .) - [64] - (0.0.0.0) - C:\Windows\dm.dmap [17/09/2010 09:17:21] - |D| - [52941297] - C:\Windows\Downloaded Installations [14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files [MD5.CD2200309CF3272C1E4CE018F3B0F443] - [07/05/2017 08:57:00] - |A| - (. - .) - [48114] - (0.0.0.0) - C:\Windows\driveicon.ico [MD5.E7CCB395344AF1C555C45E55C149A773] - [17/09/2010 09:18:36] - |A| - (.Copyright (C) 2004 - EMCRI DLL.) - [361808] - (1.0.0.3) - C:\Windows\EMCRI_E.dll [MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2616320] - (6.1.7601.17514) - C:\Windows\explorer.exe [MD5.4116CE62E6CBBBD7D0D5B4A20B89FB59] - [07/05/2017 09:06:44] - |A| - (. - .) - [916480] - (0.0.0.0) - C:\Windows\expstart.exe [MD5.F38B53088F3200BC9B8037DBA400F0AA] - [12/12/2016 15:19:41] - |A| - (. - .) - [113264] - (0.0.0.0) - C:\Windows\FixUVC.exe [14/07/2009 04:37:06] - |RSD| - [358395035] - C:\Windows\Fonts [12/12/2016 23:44:18] - |D| - [142336] - C:\Windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 04:37:06] - |D| - [83144388] - C:\Windows\Globalization [14/07/2009 04:37:06] - |D| - [38934178] - C:\Windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 02:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 02:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe [MD5.D6F717B7F6F2D38BFAC991D7D02D9C86] - [06/05/2017 20:31:19] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\hosts [14/07/2009 04:37:06] - |D| - [143547244] - C:\Windows\IME [14/07/2009 04:37:06] - |D| - [129607680] - C:\Windows\inf [17/09/2010 09:17:22] - |SHD| - [1706682985] - C:\Windows\Installer [14/07/2009 04:37:06] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 04:37:06] - |D| - [0] - C:\Windows\LiveKernelReports [MD5.EF3024328398C07DE0BDF35B67ABEC68] - [17/09/2010 08:57:27] - |A| - (. - .) - [172] - (0.0.0.0) - C:\Windows\LMv4.UNI [14/07/2009 04:37:06] - |D| - [901205] - C:\Windows\Logs [14/07/2009 04:37:06] - |RSD| - [20259763] - C:\Windows\Media [MD5.8D132E1FF8BD600905DD81FC24E985E4] - [07/05/2017 18:01:49] - |A| - (. - .) - [188226985] - (0.0.0.0) - C:\Windows\MEMORY.DMP [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:55:01] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 04:37:07] - |D| - [401494084] - C:\Windows\Microsoft.NET [14/12/2016 11:04:34] - |D| - [1496] - C:\Windows\Migration [07/05/2017 18:02:06] - |D| - [145424] - C:\Windows\Minidump [MD5.3C553D61A2270FB53DB6DA0A9FB54A55] - [07/05/2017 15:02:42] - |A| - (. - .) - [512] - (0.0.0.0) - C:\Windows\MirDetected.bin [MD5.A8BF8A76DA1BDCAEFB65F2F987BCA8C5] - [23/04/2009 06:44:23] - |A| - (. - .) - [2572] - (0.0.0.0) - C:\Windows\MOD01OPK04000H0001.enc [MD5.1162C16DCAF8288ADF7CB74DE472A107] - [17/09/2010 03:46:01] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\MOD01SET00000000MU.enc [MD5.E551DAEAF6F19A8FCFA8E0D689870CD3] - [17/09/2010 09:21:10] - |A| - (. - .) - [2008] - (0.0.0.0) - C:\Windows\MOD01SET5K000G0002.enc [MD5.448CA8C1E3F648FFEF53645B511C5F74] - [06/10/2009 22:46:28] - |A| - (. - .) - [2476] - (0.0.0.0) - C:\Windows\MOD01SET74FR0H0003.enc [MD5.013985963D7C6010B033A70E452292BA] - [17/09/2010 09:21:10] - |A| - (. - .) - [2048] - (0.0.0.0) - C:\Windows\MOD01SET75000H0005.enc [MD5.24D9E3329D9625546EDD7EEB46B33E9A] - [17/09/2010 09:21:10] - |A| - (. - .) - [2168] - (0.0.0.0) - C:\Windows\MOD01SET78000G0018.enc [14/07/2009 04:37:07] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:04:57] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [12/12/2016 23:35:29] - |D| - [10136198] - C:\Windows\NAPP_Dism_Log [MD5.D0B21C17A8FD3C4D452016AB5E640A58] - [06/10/2009 04:29:32] - |A| - (. - .) - [741] - (0.0.0.0) - C:\Windows\NewDeployWinRE.cmd [MD5.D378BFFB70923139D6A4F546864AA61C] - [14/07/2009 01:41:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7600.16385) - C:\Windows\notepad.exe [MD5.31D60373127C06FD2B41C28A11A66341] - [05/02/2017 12:14:42] - |A| - (. - .) - [87784] - (0.0.0.0) - C:\Windows\ntbtlog.txt [17/09/2010 09:31:33] - |D| - [229807] - C:\Windows\oem [17/09/2010 09:36:37] - |D| - [499712] - C:\Windows\OEMTemp [14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Offline Web Pages [17/09/2010 09:13:51] - |D| - [0] - C:\Windows\Options [12/07/2007 03:49:28] - |D| - [1381781] - C:\Windows\Panther [MD5.ACA81BF682ED2907FCEDF4A359BB8E1B] - [17/09/2010 09:37:39] - |A| - (. - .) - [70] - (0.0.0.0) - C:\Windows\patch.loag [12/12/2016 15:32:00] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 06:52:30] - |D| - [62073347] - C:\Windows\Performance [MD5.A7DDCDBFF307FC1BCE867C53EB49F638] - [04/02/2017 17:37:55] - |A| - (. - .) - [32342] - (0.0.0.0) - C:\Windows\PFRO.log [MD5.C4929C7C4BE57AF744E315B239F61F07] - [12/12/2016 15:19:42] - |A| - (. - .) - [302] - (0.0.0.0) - C:\Windows\PidList_C.ini [14/07/2009 04:37:07] - |D| - [1132015] - C:\Windows\PLA [MD5.EADCEB89DD46DA2A5560CA2AF016A6A6] - [12/12/2016 15:19:42] - |A| - (.Copyright (C) 2007 - DefaultSettingEXE MFC Application.) - [206208] - (1.1.0.1) - C:\Windows\PLFSetI.exe [14/07/2009 04:37:07] - |D| - [2859777] - C:\Windows\PolicyDefinitions [17/09/2010 08:23:21] - |D| - [22954842] - C:\Windows\Prefetch [MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 01:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 04:37:07] - |D| - [21544] - C:\Windows\Registration [14/07/2009 04:37:07] - |D| - [5270451] - C:\Windows\Resources [MD5.C8717886B101DFEF52EBC243C1706801] - [17/09/2010 09:10:23] - |A| - (.Copyright (C) 2010 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1251944] - (1.0.2.4) - C:\Windows\RtlExUpd.dll [14/07/2009 04:37:07] - |D| - [0] - C:\Windows\SchCache [14/07/2009 04:37:07] - |D| - [58021] - C:\Windows\schemas [14/07/2009 04:37:07] - |D| - [5267914] - C:\Windows\security [14/07/2009 06:34:13] - |D| - [53751631] - C:\Windows\ServiceProfiles [14/07/2009 04:37:07] - |D| - [66240790] - C:\Windows\servicing [14/07/2009 06:34:16] - |D| - [457] - C:\Windows\Setup [MD5.FE2E55FD2205FFEDE360DE9B0EB11233] - [04/02/2017 16:09:43] - |A| - (. - .) - [11400] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/02/2017 16:09:43] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [MD5.0D0D3F885589CDEA678C3B17ABB70DC7] - [24/10/2014 10:12:04] - |A| - (.Copyright (C) 1998-2014 - ArchiCrypt Live Engine.) - [117848] - (19.1.1.0) - C:\Windows\SleeN1964.sys [12/12/2016 15:02:19] - |D| - [552866041] - C:\Windows\SoftwareDistribution [14/07/2009 04:37:07] - |D| - [70586312] - C:\Windows\Speech [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:48:09] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\suite.vssMgr.exe [14/07/2009 04:37:07] - |D| - [700380] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:04:23] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini [12/07/2007 03:51:11] - |D| - [5485093652] - C:\Windows\System32 [14/07/2009 04:37:09] - |D| - [15] - C:\Windows\TAPI [14/07/2009 04:37:09] - |D| - [11532] - C:\Windows\Tasks [14/07/2009 04:37:09] - |D| - [70801941] - C:\Windows\Temp [14/07/2009 04:37:09] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 06:52:30] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [14/12/2016 19:45:00] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.B38882E54F783A2C37946C27091DC8B4] - [17/09/2010 09:18:30] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\Windows\UNINSTLMv4.EXE [MD5.3D571A3CBF127E9555EAD2F8598F425F] - [13/07/2009 01:07:48] - |A| - (.Copyright (C) 2009 - Unsigned Themes Service.) - [21096] - (0.0.2.0) - C:\Windows\UnsignedThemesSvc.exe [06/05/2017 21:16:17] - |D| - [3567104] - C:\Windows\UXBackup [MD5.2BF7CEA794A8450B03159A2854A15511] - [06/05/2017 20:14:17] - |A| - (. - .) - [352256] - (0.0.0.0) - C:\Windows\uxpack.icons [MD5.7255732B7ED89086BEA8DD5C4014E57B] - [06/05/2017 20:14:18] - |A| - (. - .) - [2413056] - (0.0.0.0) - C:\Windows\UxStyle_Core_Jul13_x86.msi [14/07/2009 04:37:09] - |D| - [12420] - C:\Windows\Vss [MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\vssMgr.exe [MD5.22A43F0783307C94C79478FD4078A7E0] - [04/05/2017 10:19:04] - |A| - (. - .) - [6634] - (0.0.0.0) - C:\Windows\W7Patcher_x86_Uninstall.log [14/07/2009 04:37:09] - |D| - [50922096] - C:\Windows\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:04:23] - |A| - (. - .) - [403] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:41:57] - |RAH| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.BCD4D802DBFA0AFA2D2C63B6CBC156C3] - [04/02/2017 17:40:46] - |A| - (. - .) - [1390264] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 22:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 04:37:09] - |D| - [7705994148] - C:\Windows\winsxs [MD5.360A166B4DD11DFD897F73F5410FDEE2] - [17/04/2010 02:28:46] - |A| - (.© 2008 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\Windows\WLXPGSS.SCR [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 23:34:23] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.72F2D357120F95C1E725C22915FE95E1] - [04/05/2017 14:19:35] - |A| - (. - .) - [193] - (0.0.0.0) - C:\Windows\WORDPAD.INI [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 01:41:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 09:02:57] - |A| - (. - .) - [36] - (0.0.0.0) - C:\Windows\xlkfs.log [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [12/12/2016 15:33:59] - |A| - (. - .) - [20] - (0.0.0.0) - C:\Windows\xö“ [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 23:30:30] - |A| - (. - .) - [707] - (0.0.0.0) - C:\Windows\_default.pif ---------- | Systemroot\System [14/07/2009 01:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 01:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 23:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 23:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 22:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 01:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 01:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 01:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 23:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 23:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 23:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 23:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 22:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 23:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 23:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 23:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [14/07/2009 00:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 23:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 23:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 22:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 23:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 23:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [04/05/2017 13:49:17] - C:\Windows\Installer\1373ae6.msi : (PDQ Deploy - Admin Arsenal) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2010 04:28:52] - C:\Windows\Installer\13ccf3.msi : (MSI Database - Insyde) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:42:22] - C:\Windows\Installer\1d5cdf2.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/12/2016 15:22:38] - C:\Windows\Installer\20566370.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2014 05:01:52] - C:\Windows\Installer\330278.msi : (UxStyle Core Beta - The Within Network, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/12/2016 07:18:09] - C:\Windows\Installer\34edd0.msi : (COMODO Secure Shopping - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/11/2016 19:50:16] - C:\Windows\Installer\34edd9.msi : (Acronis Backup Agent - Acronis) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2010 09:17:21] - C:\Windows\Installer\3c5f1.msi : (eSobi - esobi Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/09/2015 15:21:54] - C:\Windows\Installer\473c1c2.msi : (Jing - TechSmith Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2017 07:55:22] - C:\Windows\Installer\4cb55b.msi : (COMODO Secure Shopping - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [04/05/2017 20:41:00] - C:\Windows\Installer\543e7ea.msi : (FileOpen - Foxit Software Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]