--------------- QuickDiag | g3n-h@ckm@n | V3_12.05.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/05/2017 09:28:11 Updated 12/05/2017 | 13.00 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+00:00) Dublin, Édimbourg, Lisbonne, Londres [jean- (Administrator)] - [DESKTOP-0MK4QLL] (S-1-5-21-2393403230-1296784631-2839305349-1001) System: Microsoft Windows 10 Famille - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: To be filled by O.E.M. - To be filled by O.E.M. - IdNumber: To be filled by O.E.M. - UUID: 03000200-0400-0500-0006-000700080009 Processor : X64 - 1333 Mhz - Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz CHIPHD_I19_windows - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - CHIPHD_I19_windows - ALASKA - 3 CoreTemp : 42.4 Celsius ----------| Extended ---------- | SoundDevice Intel SST Audio Device (WDM) - Status: OK - Manufacturer: Intel Corporation - PNPDeviceID: ACPI\80860F28\1 ---------- | Video Intel(R) HD Graphics - Resolution: 1360x768 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim32.dll,igd10iumd32.dll,igd10iumd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_0F31&SUBSYS_0F318086&REV_0F\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1074388992 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 10.18.10.4491 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13824 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29960 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 30504 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 193536 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36720 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23264 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86528 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 49664 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33280 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 73728 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\lvcodec2.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 305000 - Manufacturer: Logitech Inc. - Status: OK ---------- | CPU CPU #1 value:28 % CPU #2 value:0 % CPU #3 value:58 % CPU #4 value:10 % Total Overall CPU Usage value:24 % ---------- | Network Realtek RTL8723BS Wireless LAN 802.11n SDIO Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:24 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Realtek RTL8723BS Wireless LAN 802.11n SDIO Network Adapter - Ethernet 802.3 - Realtek Semiconductor Corp. - Status: - PnPID : SD\VID_024C&PID_B723\3&18BDEB84&0&0 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\5&18BF39ED&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\5&18BF39ED&0&2 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\4&3356E930&0&11 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE WAN Miniport (SSTP) - - - Status: - PnPID : WAN Miniport (IKEv2) - - - Status: - PnPID : WAN Miniport (L2TP) - - - Status: - PnPID : WAN Miniport (PPTP) - - - Status: - PnPID : WAN Miniport (PPPOE) - - - Status: - PnPID : WAN Miniport (IP) - - - Status: - PnPID : WAN Miniport (IPv6) - - - Status: - PnPID : WAN Miniport (Network Monitor) - - - Status: - PnPID : Microsoft ISATAP Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 2033 | Free (MB) : 906 Pagefile = Total (MB) : 4130 | Free (MB) : 3042 Virtual = Total (MB) : 2097 | Free (MB) : 1844 Physical Memory 0 : Capacity: 2147483648 - A1_DIMM0 - Posit.: - Manufacturer: A1_Manufacturer0 - PartNumber: Array1_PartNumber0 - S/N: A1_SerNum0 ---------- | SID Users Administrateur : [S-1-5-21-2393403230-1296784631-2839305349-500] DefaultAccount : [S-1-5-21-2393403230-1296784631-2839305349-503] defaultuser0 : [S-1-5-21-2393403230-1296784631-2839305349-1000] Invité : [S-1-5-21-2393403230-1296784631-2839305349-501] jean- : [S-1-5-21-2393403230-1296784631-2839305349-1001] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 28.62 Go | Free : 3.25 Go -> NTFS (SSD) [SD] D:\ -> [Removable] | [séjour pari] | Total : 117.02 Go | Free : 73.76 Go -> exFAT (SSD) [SD] E:\ -> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 650.01 Go -> NTFS [USB] F:\ -> [Removable] | [CUBUNTU] | Total : 7.2 Go | Free : 0.09 Go -> FAT32 [USB] X:\ -> [Network] | [] | Total : 30.02 Go | Free : 0.06 Go -> Disk Usage Information [4 total Physical Disks] Physical Drive #0 [C:] : Read:31,531 bytes/sec, Written:0 bytes/sec Max Read:31,531 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:31,531 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - SCSI - Removable Media - 1 Part. - PnPID : SD\DISK&GENERIC&SD128&3.0\4&940D528&0&DA7A5341&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : SD\DISK&SAMSUNG&BGND3R&0.1\4&2241BC54&0&FB81FEC9&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_1.00\0022CFF6BDF8C080958BAE56&0 ---------- | Windows updates Test 1 : Windows Is Activated ---------- | Browsers IE : 11.0.14393.953 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 25.0.0.171 ---------- | Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : COMODO Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 476 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 09:25:40] CPU Usage:0 % 684 | [Owner : Système | Parent : 580() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 09:25:40] CPU Usage:0 % 772 | [Owner : Système | Parent : 580() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 09:25:39] CPU Usage:0 % 780 | [Owner : Système | Parent : 764() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe [16/07/2016 09:25:40] CPU Usage:0 % 864 | [Owner : Système | Parent : 764() | 9.21 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.14393.1198) = C:\Windows\System32\winlogon.exe [11/05/2017 16:04:30] CPU Usage:0 % 948 | [Owner : Système | Parent : 772(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.14393.1198) = C:\Windows\System32\services.exe [11/05/2017 16:04:51] CPU Usage:0 % 956 | [Owner : Système | Parent : 772(wininit.exe) | 15.49 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [06/01/2017 13:36:27] CPU Usage:0 % 1060 | [Owner : Système | Parent : 948(services.exe) | 19.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1124 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 10.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1232 | [Owner : DWM-1 | Parent : 864(winlogon.exe) | 28.87 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe [16/07/2016 09:25:31] CPU Usage:0 % 1328 | [Owner : Système | Parent : 948(services.exe) | 46.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1348 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 21.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1356 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 12.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1376 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 22.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1424 | [Owner : Système | Parent : 948(services.exe) | 19.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1460 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 24.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1804 | [Owner : SERVICE RÉSEAU | Parent : 948(services.exe) | 16.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1820 | [Owner : SERVICE LOCAL | Parent : 1424(svchost.exe) | 8.85 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe [16/07/2016 09:25:50] CPU Usage:0 % 496 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 10.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 604 | [Owner : Système | Parent : 948(services.exe) | 14.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 2460 | [Owner : Système | Parent : 948(services.exe) | 19.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 2476 | [Owner : Système | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\MsMpEng.exe [11/05/2017 16:07:32] CPU Usage:0 % 2484 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 10.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 2572 | [Owner : Système | Parent : 948(services.exe) | 23.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 932 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\NisSrv.exe [11/05/2017 16:07:32] CPU Usage:0 % 1436 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 784 | [Owner : jean- | Parent : 1060(svchost.exe) | 9.89 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 09:25:39] CPU Usage:0 % 7796 | [Owner : SERVICE LOCAL | Parent : 496(svchost.exe) | 11.08 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows .) - (10.0.14393.447) = C:\Windows\System32\audiodg.exe [11/01/2017 13:26:15] CPU Usage:0 % 6492 | [Owner : jean- | Parent : 4452() | 26.75 Mo] - (.SosVirus - Pre_Scan.) - (4.5.17.1) = C:\Users\jean-\Desktop\Pre_Scan.exe [17/05/2017 08:46:07] CPU Usage:0 % 6284 | [Owner : jean- | Parent : 1060(svchost.exe) | 21.98 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 09:25:39] CPU Usage:0 % 6828 | [Owner : jean- | Parent : 1328(svchost.exe) | 16.51 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 09:25:07] CPU Usage:0 % 6724 | [Owner : SERVICE LOCAL | Parent : 948(services.exe) | 13.84 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [03/02/2017 08:42:56] CPU Usage:0 % 7544 | [Owner : Système | Parent : 948(services.exe) | 14.63 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe [25/03/2017 16:58:08] CPU Usage:0 % 7060 | [Owner : jean- | Parent : 948(services.exe) | 27.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 09:25:39] CPU Usage:0 % 6280 | [Owner : jean- | Parent : 1060(svchost.exe) | 28.83 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 09:25:03] CPU Usage:0 % 6708 | [Owner : jean- | Parent : 6828(sihost.exe) | 86.3 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.1198) = C:\Windows\explorer.exe [11/05/2017 16:05:37] CPU Usage:0 % 3532 | [Owner : jean- | Parent : 1060(svchost.exe) | 12.23 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 09:25:39] CPU Usage:0 % 1448 | [Owner : jean- | Parent : 1060(svchost.exe) | 49.05 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [06/01/2017 13:36:40] CPU Usage:0 % 7672 | [Owner : jean- | Parent : 1060(svchost.exe) | 72.38 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.1198) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [11/05/2017 16:05:16] CPU Usage:0 % 4104 | [Owner : jean- | Parent : 1328(svchost.exe) | 10.94 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 09:25:55] CPU Usage:0 % 7636 | [Owner : jean- | Parent : 1060(svchost.exe) | 33.08 Mo] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe [16/07/2016 09:25:07] CPU Usage:0 % 3024 | [Owner : jean- | Parent : 1060(svchost.exe) | 54.53 Mo] - (. - .) - (11.15.597.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x86__kzf8qxf38zg5c\SkypeHost.exe [09/05/2017 08:51:21] CPU Usage:0 % 2568 | [Owner : jean- | Parent : 1060(svchost.exe) | 13.27 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1198) = C:\Windows\System32\smartscreen.exe [11/05/2017 16:05:10] CPU Usage:0 % 3968 | [Owner : jean- | Parent : 6708(explorer.exe) | 35.81 Mo] - (.SosVirus - QuickDiag.) - (12.5.17.1) = C:\Users\jean-\Desktop\QuickDiag.exe [17/05/2017 08:45:12] CPU Usage:0 % 6100 | [Owner : SERVICE RÉSEAU | Parent : 1060(svchost.exe) | 11.74 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 09:25:47] CPU Usage:0 % 8184 | [Owner : Système | Parent : 1060(svchost.exe) | 8.44 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [16/07/2016 09:25:47] CPU Usage:0 % ---------- | MD5 [MD5.6E46F7CBC16009E381015C69F4FA22B1] - [11/05/2017 16:05:37] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4211.18 Ko] - (10.0.14393.1198) : C:\WINDOWS\Explorer.exe [MD5.0FEC5F30E705EADAEA5E9144F2FB12DC] - [16/07/2016 09:25:51] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [198 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.17141511B178B2A0664F77EAB7AED9F7] - [16/07/2016 09:25:40] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [15.68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.6046950FC9CA5B7A7E084C189658DACB] - [16/07/2016 09:25:39] - (.© Microsoft Corporation. - COM Surrogate.) - [19.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.2FFE748D0F7EA52F9EFDEA0289100734] - [11/05/2017 16:06:54] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [613.71 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Kernel32.dll [MD5.76C8CBC584D5BEDA0819F36F778DDA16] - [06/01/2017 13:36:27] - (.© Microsoft Corporation. - Local Security Authority Process.) - [42.91 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.5D83D5946350BF4C36C5610E420B1A7C] - [11/05/2017 16:04:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [697 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\rpcss.dll [MD5.111474C61232202B5B588D2B512CBB25] - [16/07/2016 09:25:58] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [60.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.FF9D624EF38C716850432C198A9B3CC2] - [11/05/2017 16:04:51] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [371.27 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\services.exe [MD5.1F8434DD4907C832E6E90D6298EAB85B] - [16/07/2016 09:25:39] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [37.88 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.693FDF115D9833DFC67E0800A1C6A760] - [06/01/2017 13:35:22] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1313.47 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll [MD5.FA900E6CCCF0A429D5B720C6F0E2274B] - [16/07/2016 09:25:39] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [27 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.B315D888C2AC5007D0F87880CE92102A] - [16/07/2016 09:25:39] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [200.3 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.307573EA60EAC5AFBAB358F80D066047] - [11/05/2017 16:04:30] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [565 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Winlogon.exe [MD5.3B5BE5B3D3CE8D9834C2C9B325AC6A29] - [06/01/2017 13:36:27] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [471.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.1D8B6976EC75698485A195A06B2DEBAC] - [16/07/2016 09:24:55] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [22.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.4D9D97CB649DC7139001C864FBE6D948] - [16/07/2016 09:24:55] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [155.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.9577B2171AD8DBC6A8BAAD75232CBF38] - [16/07/2016 09:25:50] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [73 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.67B188419B7018D7956A38C89EFCC70A] - [16/07/2016 09:24:54] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [127.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.06F26151E364693421427F145571CDCC] - [25/03/2017 16:57:52] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [110.5 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.E67AAF24F03D9D1B7616C0F5663556CA] - [16/07/2016 09:24:53] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [65.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.7D889F2D2464940C2DA8A218F5282F21] - [16/07/2016 09:24:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [88.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.3FDB0E7AC49A78D21B470863CDA5E342] - [16/07/2016 09:25:57] - (.© Microsoft Corporation. - IP Network Address Translator.) - [184 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.B8272E9A229A86973D6213E5E84DB968] - [25/03/2017 16:58:12] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [390.34 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.D05756943783CC83F38EDD5678B720A2] - [03/05/2017 09:59:32] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [928.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.19B3776EE853B95924BAEDEF14702135] - [16/07/2016 09:25:50] - (.© Microsoft Corporation. - MBT Transport driver.) - [212 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.6F254CF9C44B29FBD36F7D0C1BDC901A] - [11/05/2017 16:07:19] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1910.84 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.102319D1AB9C8AE57ABF4542C15E46E5] - [16/07/2016 09:24:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [80 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.26F09741A8FF5EE03C66B33EB5C2A7D2] - [16/07/2016 09:25:55] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [79 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.F064A9E33658E8A73280AE8AA5723C59] - [16/07/2016 09:26:53] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [128 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.598FE0AA4DB1C42281D06C2DD2AC8901] - [03/05/2017 09:59:59] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1920.84 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.1CD4B4D747348FAA7205D80E7BDAFD36] - [25/03/2017 16:58:13] - (.© Microsoft Corporation. - TDI Translation Driver.) - [93.34 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.8FC38A2B3D7A58A69065F43479E848FA] - [16/07/2016 09:25:50] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [344.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll (.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.7.0) -- C:\skinpack\OldNewExplorer32.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.10.4491) -- C:\WINDOWS\SYSTEM32\igd10iumd32.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.10.4491) -- C:\WINDOWS\SYSTEM32\igdusc32.dll (.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files\Acronis\TrueImageHome\tishell.dll (..-..) - (0.0.0.0) -- C:\Program Files\Unlocker\UnlockerCOM.dll (.Perigee Software.-.PerigeeCopy shell extension DLL.) - (1.6.0.0) -- C:\Program Files\PerigeeCopy\PerigeeCopy.dll (..-..) - (12.0.649.11190) -- C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareShellExtension.dll (..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\chext.dll (..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\libchcore32u.dll (.SQLite.-.SQLite.) - (3.11.1.0) -- C:\Program Files\Copy Handler\sqlite3_32.dll (.Ashampoo GmbH & Co. KG.-.Ashampoo WinOptimizer 15 Explorer Contextmenu.) - (1.0.0.0) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\WinOptimizerContextHandler32.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll (.Acronis.-.Versions Page.) - (17.0.0.3100) -- C:\Program Files\Acronis\TrueImageHome\versions_page.dll (.IObit.-.IObitUnlockerExtension.) - (1.2.0.2) -- C:\Program Files\IObit\IObit Unlocker\IObitUnlockerExtension.dll (..-..) - (0.0.0.0) -- C:\PROGRA~1\TeraCopy\TERACO~2.DLL (.Paramount Software UK Ltd.-.Reflect Shell Extension Context Menu.) - (6.1.865.0) -- C:\Program Files\Macrium\Reflect\RContextMenu.dll (.Conceptworld Corporation.-.Piky Basket.) - (2.0.0.21) -- C:\Program Files\Conceptworld\Piky\Piky.dll (.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files\KillSoft\KillCopy\killcopy.dll (.IObit.-.IObitUnlockerExtension.) - (1.2.0.2) -- C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll (.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (8.3.0.331) -- C:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Program Files\COMODO\COMODO Internet Security\cmdres.DLL (.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (11.0.914.0) -- C:\Program Files\Common Files\CyberLink\ShellExtComponent\CLVDShellExt11.dll (.Solvusoft.-.SupersonicPC - Secure Delete Shell extension.) - (1.0.0.2) -- C:\Program Files\SupersonicPC\SolvusoftWMSecureShell.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Power2GoExpress11 - (?Ó?Óo [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\...\Run]) - User: DESKTOP-0MK4QLL\jean- ultracopier - ("C:\Program Files\Supercopier\supercopier.exe" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\...\Run]) - User: DESKTOP-0MK4QLL\jean- RocketDock - (C:\SkinPack\RocketDock\RocketDock.exe [Common Startup]) - User: Public DptfPolicyLpmServiceHelper - (C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [HKLM\SOFTWARE\...\Run]) - User: Public BingDesktop - (C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey [HKLM\SOFTWARE\...\Run]) - User: Public IseUI - (C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [HKLM\SOFTWARE\...\Run]) - User: Public COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - (C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [HKLM\SOFTWARE\...\Run]) - User: Public UnlockerAssistant - ("C:\Program Files\Unlocker\UnlockerAssistant.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Syncios device service - (C:\Program Files\Anvsoft\Syncios\SynciosDeviceService.exe [HKLM\SOFTWARE\...\Run]) - User: Public WindowsDefender - ("%ProgramFiles%\Windows Defender\MSASCuiL.exe" [HKLM\SOFTWARE\...\Run]) - User: Public Ashampoo WinOptimizer Live-Tuner2 - ("C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\LiveTuner2.exe" -TRAY [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress11"= "ultracopier"="C:\Program Files\Supercopier\supercopier.exe" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=wordpad\1 "MRUList"=a [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "DptfPolicyLpmServiceHelper"=C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [15/08/2015 02:34:00] "BingDesktop"=C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey "IseUI"=C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [03/05/2017 16:32:47] "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [22/04/2017 23:22:20] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" "Syncios device service"=C:\Program Files\Anvsoft\Syncios\SynciosDeviceService.exe [21/03/2017 07:19:20] "WindowsDefender"="%ProgramFiles%\Windows Defender\MSASCuiL.exe" "Ashampoo WinOptimizer Live-Tuner2"="C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\LiveTuner2.exe" -TRAY [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "DptfPolicyLpmServiceHelper"=0x040000000000000000000000 "WindowsDefender"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D255C4E8F691A0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List ASC10_SkipUac_jean- CreateExplorerShellUnelevatedTask Driver Booster Scheduler Driver Booster SkipUAC (jean-) EPSON XP-710 Series Invitation {CD2920CA-3175-4CF4-88FA-3FF8FF350EDF} EPSON XP-710 Series Update {CD2920CA-3175-4CF4-88FA-3FF8FF350EDF} SoftwareInformerService Uninstaller_SkipUac_jean- User_Feed_Synchronization-{CC58EDE3-970A-49BF-8597-0230B224356C} ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=SessionEnv CertPropSvc "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=47801078-8af6-41f2-af9f-520af12 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkTimeout"=5 [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=AcrSch2Svc UsoSvc gpsvc trustedinstaller "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=39 "WaitToKillServiceTimeout"=200 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [25/03/2017 19:22:50] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=956 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymoussam"=1 "restrictanonymous"=0 "SamConnectedAccountsExist"=1 ---------- | .LNK with Arguments c:\users\jean-\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK c:\users\jean-\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\jean-\AppData\Local\Microsoft\BingDesktop\themes\2017-05-17.jpg [17/05/2017 08:44:14] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "DelayLockInterval"=900 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E3E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301005703080080070000B0040000E5A3C361E1CED20143003A005C00550073006500720073005C006A00650061006E002D005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00420069006E0067004400650073006B0074006F0070005C007400680065006D00650073005C0032003000310037002D00300035002D00310037002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ActiveWndTrkTimeout"=0 "AutoColorization"=0 "ImageColor"=2951390022 "PreferredUILanguages"=fr-FR "Pattern Upgrade"=TRUE "ForegroundLockTimeout"=0 "MenuShowDelay"=0 "AutoEndTasks"=1 "HungAppTimeout"=4000 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSimpleNetIDList"=1 "NoDriveTypeAutoRun"=221 "NolowDiskSpaceChecks"=1 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0xBD0E0C47735D584D9CEDE91E22E232825C1000000114020000000000C0000000000000465913000010901EF8A46ECE11A7FF00AA003CA9F64D1500006024B221EA3A6910A2DC08002B30309DB5A00000F05A00A7E8D6AF488DFA023B1CF660A75E270000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=2 "GlobalAssocChangedCounter"=69 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "Browse For Folder Width"=347 "Browse For Folder Height"=346 "link"=0x00000000 "DesktopProcess"=1 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewShadow"=1 "StoreAppsOnTaskbar"=0 "StartMenuInit"=13 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarGlomLevel"=0 "TaskbarStateLastRun"=0xF3CB1559 "ReindexedProfile"=1 "TaskbarSmallIcons"=0 "nonetcrawling"=1 "ListviewAlphaSelect"=0 "TaskbarAnimations"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "FilterAdministratorToken"=1 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "EnableLinkedConnections"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=103 "Max Cached Icons"=2000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 "FirstLogon"=0 "PUUActive"=0xEF5A5A76030007000E000B005616000068160000B8400000D10000002F004500FF55F07B1553000015530000F306000019060000E800000000000000A85200001B02000027000000C187AD4DE4CED201C6750000000000000100000000000000 "AutoRestartShell"=1 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DefaultUserName"=jean-marie.carribon@wanadoo.fr "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=197011692 "ShutdownFlags"=2147483687 "DisableCad"=1 "USERINIT"=C:\Windows\system32\userinit.exe, "AutoAdminLogon"=0 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-2393403230-1296784631-2839305349-1001 "LastUsedUsername"=jean-marie.carribon@wanadoo.fr "AutoRestartShell"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""="%SystemRoot%\system32\NOTEPAD.EXE" %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command] ""="C:\Program Files\Comodo\Dragon\dragon.exe" [HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo] "ReinstallCommand"="C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [25/03/2017 16:57:56] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\jean-\Downloads\Intel Driver Update Utility Installer.exe"=0x534143500100000000000000070000002800000038DF9600B858970001000000000000000000000A00210000EBC9C4943BDFD101000000800000000002000000280000000000000000000000000000000000000000000000000000005C200600000000000100000001000000 "C:\Users\jean-\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000069690000000000000100000001000000 "C:\Users\jean-\Downloads\GPIO_UART_I2C_PWM_Win10_32_122815\Install_Driver.bat"=0x534143500100000000000000070000002800000000180300989B030001000000000000000000010500100000EBC9C4943BDFD1010000000000000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D87E3801682C390101000000000000000000000A00210000EBC9C4943BDFD1010000000100000000 "C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A00210000EBC9C4943BDFD1010000000100000000 "C:\Users\jean-\Downloads\BingDesktopSetup.exe"=0x5341435001000000000000000700000028000000D86AA00040A2A00001000000000000000000010571000000EBC9C4943BDFD10100000000000000000200000028000000000000008009004000000000000000000000000000000000C5A60C00000000000100000001000000 "C:\Users\jean-\AppData\Local\Temp\Temp1_UsbFix_Standard.zip\UsbFix_Standard.exe"=0x5341435001000000000000000700000028000000EA8F3F000000000001000000000000000000010600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000017910600000000000100000001000000 "C:\Users\jean-\Downloads\processclose_2_08.01.17.1.exe"=0x5341435001000000000000000700000028000000A8270F003B5B0F0001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000 "C:\Users\jean-\Downloads\wrar540fr.exe"=0x5341435001000000000000000700000028000000D87A1F0019F51F0001000000000000000000000A00210000EBC9C4943BDFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000424B0000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090E31600E5CC170001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000002000300000000001100000011000000 "C:\Program Files\CyberLink\Power2Go11\Trial\TrialMgr.exe"=0x5341435001000000000000000700000028000000181F02009834020001000000000000000000000A71200000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003B820100000000000300000003000000 "C:\Users\jean-\Downloads\pre-scan_7_26.04.17.1.exe"=0x5341435001000000000000000700000028000000A89D35007D17360001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C2CA0000000000000100000001000000 "C:\Users\jean-\Downloads\ashampoo_burning_studio_2017_25270.exe"=0x534143500100000000000000070000002800000078D09604FBDA960401000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000002CC0500000000000100000001000000 "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000D8B1B200BF5BB30001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000080070700000000000100000001000000 "C:\Users\jean-\Downloads\cmd_fw_installer_6113_c7.exe"=0x534143500100000000000000070000002800000090DA5100A838520001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000 "C:\Program Files\Comodo\COMODO Internet Security\cmdinstall.exe"=0x5341435001000000000000000700000028000000C0C64E0090084F0001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BC8F0000000000000100000001000000 "C:\Program Files\TechSmith\Jing\Jing.exe"=0x5341435001000000000000000700000028000000F86B2C00FA272D0001000000000000000000000AF1220000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000020596200000000000500000005000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000A04100FE90420001000000010000000000000A71220000EBC9C4943BDFD1010000000000000000 "C:\Program Files\LiteManager Pro - Server\ROMServer.exe"=0x534143500100000000000000070000002800000008965C0060CC5C0001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000050000001000000000000000000000000000000000000080020000005000000000000000000000C000040000000000000000000000000000C613000000000000010000000100000000000000000000400000000000000000000000000000000025480000000000000100000000000000 "C:\Program Files\Wondershare\Filmora\Filmora.exe"=0x5341435001000000000000000700000028000000B847D10023AAD10001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000019A00000000000000100000001000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitReader83_L10N_Setup_Prom.exe"=0x534143500100000000000000070000002800000068FBE104F222E20401000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000053850200000000000100000001000000 "C:\Users\jean-\AppData\Roaming\UsbFix\UsbFix.exe"=0x534143500100000000000000070000002800000000D41B004B0A1C0001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000BA881000000000000200000002000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 6 - skinpacks\SkinPack Crystal.exe"=0x53414350010000000000000007000000280000008A59C4010000000001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000000381200000000000300000003000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - folderico apps part 2\FolderIcoSetup.exe"=0x53414350010000000000000007000000280000001E0EA9000000000001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E6FA0100000000000100000001000000 "E:\anti-faux positif pre_scan - exe installers\advanced-systemcare-free_10-2-0-721_fr_403234.exe"=0x5341435001000000000000000700000028000000A0A78E02A6088F0201000000000000000000000A00210000EBC9C4943BDFD1010000000000000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\dixmlsetup.exe"=0x534143500100000000000000070000002800000010E01E006ECF1F0001000000000000000000000A41200000EBC9C4943BDFD101000000000000000002000000280000000000000000080040000000000000000000000000000000007FDD0000000000000100000001000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux récompense lfsu100%sf\mucommander-0.9.1.exe"=0x5341435001000000000000000700000028000000F8C796000000000001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000048080100000000000100000001000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\trolcommander-0_9_7-setup.exe"=0x53414350010000000000000007000000280000002025FC010000000001000000000000000000010600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000082300400000000000100000001000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 10 - folderico apps part 1\FolderIcoSetup.exe"=0x53414350010000000000000007000000280000001E0EA9000000000001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000099B70300000000000100000001000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\SynciosPro912-fb28sp\Setup.exe"=0x53414350010000000000000007000000280000007072480509DB480501000000000000000000010600010000EBC9C4943BDFD1010000000000000000 "E:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 2 - 1ers giveaway & img bing\Mercalli EASY SAL.exe"=0x534143500100000000000000070000002800000018B6CC01589ECD0101000000000000000000010600010000EBC9C4943BDFD10100000000000000000200000028000000000000008000004000000000000000000000000000000000994E0400000000000100000001000000 "C:\Program Files\IObit\Advanced SystemCare\ASC.exe"=0x534143500100000000000000070000002800000020316B00D0F46B0001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000047090000000000000200000002000000 "C:\Program Files\Runtime Software\DriveImage XML\dixml.exe"=0x534143500100000000000000070000002800000000F41000634E110001000000000000000000000A41220000EBC9C4943BDFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B14E0900000000000300000003000000 "C:\Users\jean-\Downloads\ReflectDL.exe"=0x5341435001000000000000000700000028000000B8112F0020ED2F0001000000000000000000000A71220000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B67A1200000000000100000001000000 "C:\Users\jean-\AppData\Local\Temp\2949A178-33B2-45B3-9788-07DB3B95EBD2\securezone_upgrade_standard.exe"=0x5341435001000000000000000700000028000000D8857800CBCB780001000000000000000000010600010000EBC9C4943BDFD10100000080000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B72D0000000000000100000001000000 "C:\Program Files\Anvsoft\Syncios\adb.exe"=0x534143500100000000000000070000002800000000AA15002AE3150001000000000000000000010571000000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000014686200000000002600000026000000 "C:\Users\jean-\Downloads\supercopier-windows-x86-1.2.3.6-setup.exe"=0x534143500100000000000000070000002800000097B569000000000001000000000000000000010600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000006A30000000000000100000001000000 "C:\Users\jean-\Downloads\ashampoo_snap_business_9.0.3_sm.exe"=0x534143500100000000000000070000002800000028260F039B440F0301000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000092315500000000000100000001000000 "C:\Users\jean-\Downloads\TreeSizeFreeSetup.exe"=0x5341435001000000000000000700000028000000D0FE7100EEBC720001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D86D0100000000000100000001000000 "C:\Users\jean-\Downloads\TreeSize-x86-Demo.exe"=0x5341435001000000000000000700000028000000B8DF22013649230101000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A2A40200000000000100000001000000 "C:\Program Files\Wondershare\Wondershare Filmora (CPC)\Filmora.exe"=0x5341435001000000000000000700000028000000B847D10023AAD10001000000000000000000000A71220000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002F131600000000000100000001000000 "SIGN.MEDIA=3057CE caus' clonezillla the giveaways & bing photos 6 mai comes on archos\SharewareOnSale_Giveaway_Encrypt4all_Pro_hub.exe"=0x5341435001000000000000000700000028000000B8652200998B220001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000085540400000000000100000001000000 "C:\Program Files\Comodo\Dragon\dragon.exe"=0x5341435001000000000000000700000028000000785C3A00B8233B0001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000156E1200000000000100000001000000 "C:\Users\jean-\Downloads\FolderViewer51-fb20so\Setup.exe"=0x534143500100000000000000070000002800000000AE2301B040240101000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000033E70000000000000100000001000000 "C:\Users\jean-\Downloads\FastHTMLChecker30-db72so\Setup.exe"=0x5341435001000000000000000700000028000000387F94014B11950101000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000025D20000000000000100000001000000 "C:\Program Files\Acronis\TrueImageHome\TrueImageLauncher.exe"=0x5341435001000000000000000700000028000000B04B03000D24040001000000000000000000000A00210000EBC9C4943BDFD101000000000000000002000000280000000000000080000040000000000000000000000000000000006D1B0200000000000100000001000000 "C:\Users\jean-\Downloads\ReflectDL (1).exe"=0x5341435001000000000000000700000028000000B8112F0020ED2F0001000000000000000000000A71220000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004A7E0300000000000100000001000000 "C:\Program Files\Macrium\Reflect\Reflect.exe"=0x5341435001000000000000000700000028000000B8970400E627050001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC773F00000000000100000001000000 "C:\Users\jean-\Downloads\processclose_2_08.01.17.1 (1).exe"=0x5341435001000000000000000700000028000000A8270F003B5B0F0001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000383D0000000000000100000001000000 "C:\Users\jean-\Downloads\mde-free\mde-free-setup.exe"=0x5341435001000000000000000700000028000000A8388F000CF58F0001000000000000000000010600010000EBC9C4943BDFD101000000000000000002000000280000000000000000000040000000000000000000000000000000002FE20400000000000100000001000000 "C:\Users\jean-\AppData\Local\Temp\Temp1_interface_utilisateur_ecb_v5 (1).zip\CaisseEpargne.exe"=0x534143500100000000000000070000002800000020D822003BF0220001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000047520000000000000100000001000000 "C:\Users\jean-\Downloads\goback.exe"=0x5341435001000000000000000700000028000000A087C504E430C60401000000000000000000020600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000037D60100000000000100000001000000 "C:\Program Files\EaseUS\System GoBack Free\bin\Loader.exe"=0x534143500100000000000000070000002800000028C209006DB80A0001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Graphic21.exe"=0x5341435001000000000000000700000028000000146CC2020000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 Lupo_PenSuite_v2016_Full.exe"=0x5341435001000000000000000700000028000000E58ABB170000000001000000000000000000010600010000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Office21.exe"=0x5341435001000000000000000700000028000000D40BBD060000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Network21.exe"=0x5341435001000000000000000700000028000000CE6E68050000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Utilities21.exe"=0x5341435001000000000000000700000028000000C455CF020000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 wips_golden21.exe"=0x5341435001000000000000000700000028000000A9D4C1050000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Multimedia21.exe"=0x5341435001000000000000000700000028000000FAEF58060000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_Security21.exe"=0x5341435001000000000000000700000028000000610EE9010000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=EC8F5842 WiPS_System21.exe"=0x5341435001000000000000000700000028000000CE4DFB010000000001000000000000000000000A41220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=6CA43 DTVP30_Launcher.exe"=0x534143500100000000000000070000002800000050E911007F5C120001000000000000000000030671000000EBC9C4943BDFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000135A0400000000000100000001000000 "C:\Users\jean-\Desktop\JRT.exe"=0x5341435001000000000000000700000028000000B862190060FC190001000000000000000000010671020000EBC9C4943BDFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009D100600000000000100000001000000 "C:\Program Files\trolCommander\trolCommander.exe"=0x5341435001000000000000000700000028000000007C01009F41020001000000000000000000000A71200000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000025330000000000000100000001000000 "C:\Program Files\CyberLink\PhotoDirector8\PhotoDirector8.exe"=0x5341435001000000000000000700000028000000181F0300F81E040001000000000000000000000A00210000EBC9C4943BDFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000A2C60F00000000000100000001000000 "C:\Program Files\Xilisoft\Video Splitter 2\SplashScreen.exe"=0x534143500100000000000000070000002800000050640600F64B070001000000000000000000010671020000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009C630000000000000100000001000000 "C:\Program Files\Xilisoft\Video Editor 2\videoeditor.exe"=0x5341435001000000000000000700000028000000003C0800E65C080001000000000000000000010671220000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009E9F1000000000000100000001000000 "C:\Users\jean-\Downloads\JavaSetup8u131.exe"=0x534143500100000000000000070000002800000040440B0020CC0B0001000000000000000000000A71220000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=E1A6A26F VuzeBittorrentClientInstaller.exe"=0x5341435001000000000000000700000028000000A0660100F4D6010001000000000000000000030600010000EBC9C4943BDFD1010000000000000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0980C009A080D0001000000010000000000000A00210000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=E1A6A26F VuzeLeapSetup.exe"=0x5341435001000000000000000700000028000000D08D1500AC80160001000000000000000000010600010000EBC9C4943BDFD1010000000000000000 "SIGN.MEDIA=E1A6A26F PkySetup.EXE"=0x5341435001000000000000000700000028000000232B07000000000001000000000000000000000A41200000EBC9C4943BDFD1010000000000000000020000002800000000000000000800400000000000000000000000000000000016330000000000000100000001000000 "C:\Program Files\Java\jre1.8.0_131\bin\ssvagent.exe"=0x534143500100000000000000070000002800000040CE00001A35010001000000000000000000010600010000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000100000001000000 "C:\Users\jean-\Downloads\wrar540fr (1).exe"=0x5341435001000000000000000700000028000000D87A1F0019F51F0001000000000000000000000A00210000EBC9C4943BDFD1010000008000000000020000002800000000000000000000400000000000000000000000000000000078420000000000000100000001000000 "SIGN.MEDIA=1CCEF8E lfsu100%sf pt f widen & events bisc. abbaye\lfs ultra & 100% sécurisé part f widen\ambiance kubuntu\SkinPack KDE.sfx.exe"=0x53414350010000000000000007000000280000008EEFCC010000000001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000068980000000000000100000001000000 "SIGN.MEDIA=2521B1E lfsu100%sf pt f widen & events bisc. abbaye\lfs ultra & 100% sécurisé part f widen\ambiance kubuntu\SkinPack KDE.exe"=0x534143500100000000000000070000002800000002C4CB010000000001000000000000000000000A00210000EBC9C4943BDFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006FC80700000000000200000002000000 "C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe"=0x5341435001000000000000000700000028000000C0342400BB67240001000000000000000000030671020000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000A010000000000000100000001000000 "SIGN.MEDIA=2A8C53 VirtualBox\Virtualize_This_Key.exe"=0x534143500100000000000000070000002800000053E80B0091440A0001000000000000000000010671220000EBC9C4943BDFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000002000010000000000000000000000000DA9F0000000000000100000001000000 "SIGN.MEDIA=130A00 VirtualBox\Portable-VirtualBox\Portable-VirtualBox.exe"=0x5341435001000000000000000700000028000000000A1300CE96130001000000000000000000030600010000EBC9C4943BDFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000012100010000000000000000000000000414B0000000000000100000001000000 "C:\Program Files\IObit\IObit Uninstaller\IU6Setup.exe"=0x53414350010000000000000007000000280000007081A8009AECA80001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000061EF0A00000000000100000001000000 "C:\ProgramData\IObit\ASCDownloader\IU6\Driver Booster.exe"=0x5341435001000000000000000700000028000000C8E4EF001EE1F00001000000000000000000000A00210000EBC9C4943BDFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008FC70800000000000100000001000000 "C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\WO15.exe"=0x5341435001000000000000000700000028000000A0E5780042EF780001000000000000000000000A71220000EBC9C4943BDFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000ABAD0C00000000000100000001000000 "C:\Users\jean-\Downloads\pdf2wordd.exe"=0x53414350010000000000000007000000280000005DB60C000000000001000000000000000000010571000000EBC9C4943BDFD10100000000000000000200000028000000000000000008004000000000000000000000000000000000BE580000000000000100000001000000 "C:\Users\jean-\Downloads\RegistryFirstAid_AQFR.exe"=0x5341435001000000000000000700000028000000E8388B0056F18B0001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000033AD0100000000000100000001000000 "C:\Users\jean-\Downloads\SmartPrivacyCleaner_FR.exe"=0x534143500100000000000000070000002800000000EA14008BAE150001000000000000000000010600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000043A00100000000000100000001000000 "C:\Users\jean-\Downloads\Setup_SupersonicPC_2015.exe"=0x534143500100000000000000070000002800000010599B0076929B0001000000000000000000010600010000EBC9C4943BDFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000059270100000000000100000001000000 "C:\Users\jean-\Desktop\adsfix_4_16.05.17.4.exe"=0x5341435001000000000000000700000028000000A83963005442630001000000000000000000000A00210000EBC9C4943BDFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001A5C0000000000000100000001000000 "C:\Users\jean-\Downloads\adwcleaner_6.046.exe"=0x5341435001000000000000000700000028000000C8993E00246F3F0001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000 "C:\Users\jean-\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8612A00958F2A0001000000000000000000000A00210000EBC9C4943BDFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003F410000000000000100000001000000 "C:\Users\jean-\Desktop\Pre_Scan.exe"=0x5341435001000000000000000700000028000000A8A135006A2A360001000000000000000000000A00210000EBC9C4943BDFD1010000000000000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{315313a3-2fd6-11e7-958c-586356fa674d}] : "G:\DTVP30_Launcher.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows Defender] "UIFirstRun"=0 [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131349650061323015 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallLocation"=C:\Program Files\Windows Defender\ "InstallTime"=0xEE55E8936711D101 "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0x3E759E2C95A5D201 "OneTimeSqmDataSent"=1 "DisableAntiSpyware"=0 "DisableAntiVirus"=0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ROMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts # 127.0.0.1 localhost # ::1 localhost ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.14] avec 32 octets de donn?es?: R?ponse de 216.58.204.14?: octets=32 temps=50 ms TTL=54 R?ponse de 216.58.204.14?: octets=32 temps=49 ms TTL=54 R?ponse de 216.58.204.14?: octets=32 temps=51 ms TTL=54 R?ponse de 216.58.204.14?: octets=32 temps=50 ms TTL=54 Statistiques Ping pour 216.58.204.14: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 49ms, Maximum = 51ms, Moyenne = 50ms ---------- | @ [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 "DisableFirstRunCustomize"=3 "FormSuggest Passwords"=no "FormSuggest PW Ask"=no "Use FormSuggest"=no "ImageStoreRandomFolder"=05ro6tk "OperationalData"=13 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000760300007C020000 "Start Page_TIMESTAMP"=0xA41CDFDB0FC4D201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000004900000061CECC95C883C060D91881A1756DF0F316CF00CC0B1CFD86F4D055D5980C490AA7C9B04F4725ACF9E58488471F8A10D764462A9FE3B80CBA821A64DDC3141BF6014646600DD7E6B80302000000100000007663585725326233636639496F253364 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x29D12C2DF2C3D201 "NoUpdateCheck"=1 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "CertificateRevocation"=1 "ZonesSecurityUpgrade"=0x29D12C2DF2C3D201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "MaxConnectionsPerServer"=10 "MaxConnectionsPer1_0Server"=10 "GlobalUserOffline"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=about:blank "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE "DisableRandomFlighting"=0 "EnableLegacyEdgeSwitching"=1 "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc] "ProgID"=SNAP.DOC ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncError] - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} -- C:\Program Files\Acronis\TrueImageHome\tishell.dll [11/11/2015 12:02:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncInProgress] - {00F848DC-B1D4-4892-9C25-CAADC86A215D} -- C:\Program Files\Acronis\TrueImageHome\tishell.dll [11/11/2015 12:02:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncOk] - {71573297-552E-46fc-BE3D-3DFAF88D47B7} -- C:\Program Files\Acronis\TrueImageHome\tishell.dll [11/11/2015 12:02:16] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 09:25:22] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0x29D12C2DF2C3D201 "Version"=5 "UpgradeTime"=0x29D12C2DF2C3D201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | ElevationPolicy [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575}] - (C:\Program Files\Foxit Software\Foxit Reader\) - FoxitReader.exe : C:\Program Files\Foxit Software\Foxit Reader\plugins\FoxitReaderBrowserAx.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1f5a4299-aa9d-4d8b-9ec6-d9b3d4ddb2dc}] - (C:\WINDOWS\system32\spool\DRIVERS\W32X86\3) - E_FPRELPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] - (C:\Program Files\Java\jre1.8.0_131\bin) - jp2launcher.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - (C:\Program Files\Java\jre1.8.0_131\bin) - javaws.exe : C:\Program Files\Java\jre1.8.0_131\bin\wsdetect.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77b27fef-baff-43b3-8417-e8e586a7481e}] - (C:\WINDOWS\system32\spool\DRIVERS\W32X86\3) - E_FARNLPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC155DD0-14EE-4F26-86AA-F974045CFE55}] - (C:\Program Files\Foxit Software\Foxit Reader\plugins\Creator) - FXC_ProxyProcess.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] - (C:\Program Files\Java\jre1.8.0_131\bin) - ssvagent.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] : : C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\System32\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll ---------- | Ext\Stats [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}] : : [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}] : : C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] : : C:\skinpack\OldNewExplorer32.dll [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] : : C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\System32\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] -> (ExplorerWnd Helper) : C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [16/05/2017 11:08:12] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] -> () : C:\skinpack\OldNewExplorer32.dll [03/05/2017 18:16:41] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [11/05/2017 16:31:19] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [11/05/2017 16:31:17] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.131.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9dcc4489-981d-44f3-be1c-920a8eb6f7e5}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{9dcc4489-981d-44f3-be1c-920a8eb6f7e5}] "NameServer"=156.154.70.25,156.154.71.25 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9dcc4489-981d-44f3-be1c-920a8eb6f7e5}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{9dcc4489-981d-44f3-be1c-920a8eb6f7e5}] "NameServer"=156.154.70.25,156.154.71.25 ---------- | ActiveX [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{71A5A636-652F-3BE0-BC14-02545E9F5EC7}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3} Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CLWFLService7 - AppID: {03C200E3-11BC-49ea-8BAB-3B09120AC3AE} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B} Name: CELERITASWMSecureShell - AppID: {0545D0D4-6CF7-4088-B65A-65F1EA53A70F} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96} Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: IntelCpHeciSvc - AppID: {11AC3232-E7D7-49CD-ABFE-501700100B3A} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80} Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0} Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B} Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC} Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A} Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A} Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: TIManagersProxy Class Application - AppID: {1EF75F33-893B-4E8F-9655-C3D602BA4897} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: Dispatch - AppID: {224FC5DE-26AD-4A47-A2C3-5A50885F314C} Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69} Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A} Name: InstallAgentUserBroker - AppID: {28d08f70-46eb-4f26-a6cb-54b75132e100} Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37} Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C} Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD} Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606} Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97} Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F} Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90} Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d} Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB} Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C} Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2} Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6} Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E} Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85} Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C} Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E} Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849} Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB} Name: IndexedDbCacheServer - AppID: {49f6e667-6658-4bd1-9de9-6af87f9faf85} Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: AszBrowseHelper - AppID: {4D0EF64C-71D3-4A05-93B1-8EC58AE8D6D9} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E} Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b} Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212} Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6} Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309} Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF} Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: PDFPreviewHandlerHost - AppID: {6B127CFD-C642-4338-BC8C-472DF61E5A14} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23} Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: CLMLSvc_P2G11 - AppID: {79454E97-52CD-4517-B6A1-43A1D3C5FDAC} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E} Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54} Name: UACObject - AppID: {8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC} Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24} Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2} Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276} Name: chext - AppID: {9D4C4C5F-EE90-4a6b-9245-244C369E4FAE} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe} Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121} Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41} Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325} Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d} Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871} Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1} Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA} Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E} Name: UACObject - AppID: {B49FBDA8-D846-43c4-ACAA-06D7794374C8} Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755} Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41} Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b} Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D} Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880} Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497} Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3} Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5} Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F} Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8} Name: ConvertToPDFShellExtension_RD - AppID: {C88D8F9A-04DA-4008-B535-375F38366DDA} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: BingDesktopUpdater - AppID: {CE41EBCF-17C0-4307-971E-03FEBCBB7D39} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03} Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6} Name: IndexedDbBrokerServer - AppID: {dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6} Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61} Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A} Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886} Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744} Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09} Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C} Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power BrokerInfrastructure LSM PlugPlay SystemEventsBroker DeviceInstall DcomLaunch "Camera"=FrameServer "smbsvcs"=lanmanserver browser ---------- | SvcHost - Netsvcs (Whitelist) NcaSvc - %SystemRoot%\System32\ncasvc.dll : %SystemRoot%\System32\svchost.exe -k NetSvcs DcpSvc - %SystemRoot%\system32\dcpsvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs dmwappush - : XboxNetApiSvc - %SystemRoot%\system32\XboxNetApiSvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs Wpn - : RetailDemo - %SystemRoot%\system32\RDXService.dll : %SystemRoot%\System32\svchost.exe -k netsvcs DsmSvc - %SystemRoot%\System32\DeviceSetupManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs DmEnrollmentSvc - %systemroot%\system32\Windows.Internal.Management.dll : %systemroot%\system32\svchost.exe -k netsvcs shpamsvc - %systemroot%\system32\Windows.SharedPC.AccountManager.dll : %SystemRoot%\System32\svchost.exe -k netsvcs lfsvc - %SystemRoot%\System32\lfsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs XblGameSave - %SystemRoot%\System32\XblGameSave.dll : %SystemRoot%\system32\svchost.exe -k netsvcs UsoSvc - %systemroot%\system32\usocore.dll : %systemroot%\system32\svchost.exe -k netsvcs dosvc - : %systemroot%\system32\svchost.exe -k netsvcs XblAuthManager - %SystemRoot%\System32\XblAuthManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs wlidsvc - %SystemRoot%\system32\wlidsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs wisvc - %systemroot%\system32\flightsettings.dll : %systemroot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Acronis] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\AppDataLow] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Ashampoo] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\BugSplat] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Cameyo] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Chromium] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Code Sector] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Comodo] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\ComodoGroup] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Conceptworld] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\CyberLink] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\EaseUS] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\ej-technologies] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Encrypt4allSoftware] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\EPSON] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\FileHippo.com] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Foxit Software] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\GNU] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Icecream] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Informer Technologies, Inc.] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Intel] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\JavaSoft] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\KillSoft] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Licenses] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\LiteManager] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\macrium] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Magnet] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Obsidium] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Paramount Software (UK) Ltd.] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Perigee Software] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Policies] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\RegisteredApplications] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\SharewareOnSale] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\SyncEngines] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Syncios] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\sysinternals] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\TechSmith] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Tihiy] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Trolltech] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Ultracopier] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\undefined] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\UsbFix] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\VOS] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\WinRAR] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\WinRAR SFX] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Wondershare] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Xilisoft] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\{3E130920-7C40-4938-9222-4C357069EC21}] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\{80768678-7367-4d4f-9DBE-4CD4AC6D02AF}] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\{98132F81-18BE-4722-8B1D-0A25D9AE3DA0}] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Acronis] [HKLM\Software\adaware] [HKLM\Software\AdsFix] [HKLM\Software\Ashampoo] [HKLM\Software\AVC3] [HKLM\Software\Bitdefender] [HKLM\Software\Chromium] [HKLM\Software\Clients] [HKLM\Software\Code Sector] [HKLM\Software\CodeGear] [HKLM\Software\COMODO] [HKLM\Software\ComodoGroup] [HKLM\Software\CyberLink] [HKLM\Software\DebugMode] [HKLM\Software\Dragon] [HKLM\Software\EaseUS] [HKLM\Software\EaseUS Todo Backup] [HKLM\Software\ej-technologies] [HKLM\Software\EPSON] [HKLM\Software\Foxit Software] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GNU] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Ignis] [HKLM\Software\Intel] [HKLM\Software\IObit] [HKLM\Software\jam software] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\KillSoft] [HKLM\Software\LiteManager] [HKLM\Software\LiteManagerTeam] [HKLM\Software\Logitech] [HKLM\Software\Macrium] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\MozillaPlugins] [HKLM\Software\MSNSett] [HKLM\Software\muCommander] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OldTimer Tools] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\proDAD] [HKLM\Software\RegisteredApplications] [HKLM\Software\Runtime Software] [HKLM\Software\Syncios] [HKLM\Software\Sysinternals] [HKLM\Software\TechSmith] [HKLM\Software\trolCommander] [HKLM\Software\WafCX] [HKLM\Software\WinRAR] [HKLM\Software\Wondershare] [HKLM\Software\WOW6432Node] [HKLM\Software\Xilisoft] [HKLM\Software\Xiph.Org] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] ---------- | FeatureControl [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "OneDrive.exe"="11000" "Trial.exe"="8888" "burningstudio2017.exe"="11001" "softinfo.exe"="11000" "Azureus.exe"="11001" "WO15.exe"="11001" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801] "burningstudio2017.exe"="1" "WO15.exe"="1" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "burningstudio2017.exe"="1" "WO15.exe"="1" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "burningstudio2017.exe"="1" "softinfo.exe"="0" "WO15.exe"="1" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "burningstudio2017.exe"="10" "WO15.exe"="10" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "burningstudio2017.exe"="10" "WO15.exe"="10" [HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "burningstudio2017.exe"="1" "WO15.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.00000000000000000000000000000000] - [05/05/2017 14:10:07] - |AD| - [274162626] - C:\Program Files\Acronis [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:15] - |D| - [714422175] - C:\Program Files\adaware [MD5.00000000000000000000000000000000] - [05/05/2017 13:15:49] - |D| - [227104879] - C:\Program Files\Anvsoft [MD5.00000000000000000000000000000000] - [03/05/2017 16:07:46] - |D| - [435689133] - C:\Program Files\Ashampoo [MD5.00000000000000000000000000000000] - [03/05/2017 16:31:37] - |D| - [289982043] - C:\Program Files\Comodo [MD5.00000000000000000000000000000000] - [11/05/2017 16:38:27] - |D| - [365276] - C:\Program Files\Conceptworld [MD5.00000000000000000000000000000000] - [03/05/2017 16:58:53] - |AD| - [13580722] - C:\Program Files\Copy Handler [MD5.00000000000000000000000000000000] - [03/05/2017 15:04:57] - |D| - [1890342416] - C:\Program Files\CyberLink [MD5.00000000000000000000000000000000] - [03/05/2017 17:10:53] - |D| - [9889635] - C:\Program Files\DebugMode [MD5.00000000000000000000000000000000] - [05/05/2017 12:36:46] - |D| - [349448] - C:\Program Files\e-Carte Bleue [MD5.00000000000000000000000000000000] - [09/05/2017 09:01:26] - |D| - [158177269] - C:\Program Files\EaseUS [MD5.00000000000000000000000000000000] - [06/05/2017 08:57:57] - |D| - [2275093] - C:\Program Files\Encrypt4all Software [MD5.00000000000000000000000000000000] - [03/05/2017 17:33:54] - |AD| - [398] - C:\Program Files\Eyes Relaxing And Focusing 3.0 [MD5.00000000000000000000000000000000] - [03/05/2017 17:13:42] - |AD| - [5333895] - C:\Program Files\Fast File Copy by Daanav.com [MD5.00000000000000000000000000000000] - [06/05/2017 09:15:52] - |D| - [23167086] - C:\Program Files\Fast HTML Checker [MD5.00000000000000000000000000000000] - [03/05/2017 17:24:10] - |D| - [10955385] - C:\Program Files\FileHippo.com [MD5.00000000000000000000000000000000] - [05/05/2017 13:08:42] - |AD| - [11158873] - C:\Program Files\FolderIco [MD5.00000000000000000000000000000000] - [06/05/2017 09:13:56] - |AD| - [66507530] - C:\Program Files\FolderViewer [MD5.00000000000000000000000000000000] - [05/05/2017 13:28:44] - |D| - [264585563] - C:\Program Files\Foxit Software [MD5.00000000000000000000000000000000] - [03/05/2017 17:09:40] - |D| - [23870839] - C:\Program Files\free-video-splitter [MD5.00000000000000000000000000000000] - [03/05/2017 17:21:10] - |AD| - [86290553] - C:\Program Files\Icecream Screen Recorder [MD5.00000000000000000000000000000000] - [03/05/2017 15:07:15] - |D| - [42840946] - C:\Program Files\InstallShield Installation Information [MD5.00000000000000000000000000000000] - [03/05/2017 17:01:59] - |D| - [126454511] - C:\Program Files\IObit [MD5.00000000000000000000000000000000] - [05/05/2017 17:39:16] - |D| - [42534536] - C:\Program Files\JAM Software [MD5.00000000000000000000000000000000] - [11/05/2017 16:30:40] - |D| - [167613181] - C:\Program Files\Java [MD5.00000000000000000000000000000000] - [03/05/2017 16:56:21] - |D| - [779975] - C:\Program Files\KillSoft [MD5.00000000000000000000000000000000] - [03/05/2017 14:21:21] - |AD| - [110319154] - C:\Program Files\Kotobee Author [MD5.00000000000000000000000000000000] - [03/05/2017 17:41:50] - |AD| - [106722848] - C:\Program Files\Kotobee Publisher [MD5.00000000000000000000000000000000] - [03/05/2017 17:53:17] - |AD| - [78144192] - C:\Program Files\Kotobee Reader [MD5.00000000000000000000000000000000] - [03/05/2017 17:40:49] - |AD| - [21088435] - C:\Program Files\LiteManager Pro - Server [MD5.00000000000000000000000000000000] - [03/05/2017 17:39:20] - |AD| - [45912271] - C:\Program Files\LiteManager Pro - Viewer [MD5.00000000000000000000000000000000] - [06/05/2017 10:05:59] - |AD| - [123578988] - C:\Program Files\Macrium [MD5.00000000000000000000000000000000] - [09/05/2017 08:54:47] - |D| - [12242027] - C:\Program Files\Macrorit [MD5.00000000000000000000000000000000] - [03/05/2017 14:14:31] - |D| - [28382288] - C:\Program Files\Microsoft [MD5.00000000000000000000000000000000] - [03/05/2017 17:15:20] - |AD| - [91562361] - C:\Program Files\MiniCopier [MD5.00000000000000000000000000000000] - [05/05/2017 13:05:37] - |D| - [11412989] - C:\Program Files\muCommander [MD5.00000000000000000000000000000000] - [03/05/2017 16:57:12] - |AD| - [17198719] - C:\Program Files\NiceCopier [MD5.00000000000000000000000000000000] - [03/05/2017 15:07:10] - |D| - [25494705] - C:\Program Files\NSIS Uninstall Information [MD5.00000000000000000000000000000000] - [16/05/2017 17:14:35] - |D| - [805824] - C:\Program Files\PDF-to-Word [MD5.00000000000000000000000000000000] - [03/05/2017 16:59:39] - |AD| - [1800193] - C:\Program Files\PerigeeCopy [MD5.00000000000000000000000000000000] - [05/05/2017 13:14:55] - |AD| - [24456071] - C:\Program Files\proDAD [MD5.00000000000000000000000000000000] - [03/05/2017 17:01:10] - |AD| - [844685] - C:\Program Files\Roadkil.Net [MD5.00000000000000000000000000000000] - [03/05/2017 17:00:46] - |D| - [6862403] - C:\Program Files\Runtime Software [MD5.00000000000000000000000000000000] - [16/05/2017 18:48:42] - |D| - [17220057] - C:\Program Files\Smart Privacy Cleaner [MD5.00000000000000000000000000000000] - [03/05/2017 16:56:24] - |D| - [23699827] - C:\Program Files\Supercopier [MD5.00000000000000000000000000000000] - [16/05/2017 18:49:23] - |D| - [60998541] - C:\Program Files\SupersonicPC [MD5.00000000000000000000000000000000] - [03/05/2017 17:08:59] - |D| - [11373214] - C:\Program Files\TechSmith [MD5.00000000000000000000000000000000] - [03/05/2017 17:02:16] - |AD| - [10904374] - C:\Program Files\TeraCopy [MD5.00000000000000000000000000000000] - [05/05/2017 13:09:40] - |D| - [36830654] - C:\Program Files\trolCommander [MD5.00000000000000000000000000000000] - [03/05/2017 16:56:16] - |D| - [22473689] - C:\Program Files\Ultracopier [MD5.00000000000000000000000000000000] - [03/05/2017 17:01:21] - |D| - [229643] - C:\Program Files\Unlocker [MD5.00000000000000000000000000000000] - [03/05/2017 14:47:53] - |AD| - [5135338] - C:\Program Files\WinRAR [MD5.00000000000000000000000000000000] - [03/05/2017 16:42:27] - |D| - [427486336] - C:\Program Files\Wondershare [MD5.00000000000000000000000000000000] - [03/05/2017 17:09:33] - |D| - [170521674] - C:\Program Files\Xilisoft [MD5.00000000000000000000000000000000] - [03/05/2017 17:21:54] - |D| - [6458985] - C:\Program Files\Xiph.Org [MD5.6E46F7CBC16009E381015C69F4FA22B1] - [11/05/2017 16:05:37] - |A| - [4312248] - C:\WINDOWS\explorer.exe [MD5.122B358F4584FF7768CF1BBCAB2F30D9] - [03/05/2017 09:59:01] - |A| - [884224] - C:\WINDOWS\HelpPane.exe [MD5.00000000000000000000000000000000] - [16/05/2017 11:11:22] - |D| - [0] - C:\WINDOWS\IObit [MD5.00000000000000000000000000000000] - [05/05/2017 17:15:59] - |D| - [0] - C:\WINDOWS\Minidump [MD5.DED4C7F2CFED071D87006916F7B303C6] - [16/05/2017 17:17:52] - |A| - [624710] - C:\WINDOWS\ntbtlog.txt [MD5.567A0B0612F8366ACFDBEAA9919A1C55] - [17/05/2017 09:02:46] - |A| - [832] - C:\WINDOWS\PFRO.log [MD5.00000000000000000000000000000000] - [12/05/2017 15:33:17] - |D| - [3934176] - C:\WINDOWS\rescache [MD5.038356387332650843BCB352BB89A101] - [16/05/2017 18:46:57] - |A| - [275] - C:\WINDOWS\WindowsUpdate.log [MD5.00000000000000000000000000000000] - [03/05/2017 17:09:03] - |SHD| - [4004304] - C:\WINDOWS\Installer\$PatchCache$ [MD5.6871D1EF3A4CAA8B545C66CA7653ADA8] - [11/05/2017 16:26:35] - |A| - [56561664] - C:\WINDOWS\Installer\34261c.msi [MD5.1B7EF0DB6D8C6C84CBB385ABB9E2BAB9] - [11/05/2017 16:26:11] - |A| - [761856] - C:\WINDOWS\Installer\342620.msi [MD5.7EF5F4FD7F92680F6A2CEBA70AC77C3D] - [03/05/2017 16:23:14] - |A| - [63614976] - C:\WINDOWS\Installer\3c755f.msi [MD5.21B73BCB4862A0E6D3E97782F6D61C1E] - [03/05/2017 16:24:10] - |A| - [20668928] - C:\WINDOWS\Installer\3c7564.msi [MD5.250F7DF4A791F7F6D483F8846BA4F877] - [03/05/2017 16:24:23] - |A| - [2411008] - C:\WINDOWS\Installer\3c7569.msi [MD5.4C8A0D227F25864DC12C495F08BF22F9] - [03/05/2017 16:24:30] - |A| - [3651072] - C:\WINDOWS\Installer\3c756e.msi [MD5.F5824520EEEDFE9FD3CC3BF6E6EB52A5] - [03/05/2017 16:24:35] - |A| - [2122240] - C:\WINDOWS\Installer\3c7573.msi [MD5.947A8A4A0FD4E65916112EB643F477D9] - [03/05/2017 16:24:37] - |A| - [722432] - C:\WINDOWS\Installer\3c7578.msi [MD5.F336B6B22BFE0E362BF98951C41B80B3] - [03/05/2017 16:24:42] - |A| - [5296640] - C:\WINDOWS\Installer\3c757d.msi [MD5.BFA47C0F37771C0342B1DDDDCE12E4F1] - [03/05/2017 16:25:42] - |A| - [85942272] - C:\WINDOWS\Installer\3c7582.msi [MD5.86B22D6F5C9179079EA1DB2B3226B085] - [05/05/2017 12:36:30] - |A| - [1303040] - C:\WINDOWS\Installer\45dbe.msi [MD5.0EA1BEC4A29DD4C5A387C96CB2B6B7E9] - [05/05/2017 14:08:14] - |A| - [389709824] - C:\WINDOWS\Installer\5861ee.msi [MD5.A53B41AE0580EE5443CC5BE38855B343] - [06/05/2017 09:15:41] - |A| - [417792] - C:\WINDOWS\Installer\901ac.msi [MD5.5012CC23DE8A65EE37EC951D4481BBFE] - [06/05/2017 10:04:51] - |A| - [41971712] - C:\WINDOWS\Installer\b4bab.msi [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:12] - |A| - [714432] - C:\WINDOWS\Installer\MSI8B73.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:12] - |A| - [714432] - C:\WINDOWS\Installer\MSI8C11.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:12] - |A| - [714432] - C:\WINDOWS\Installer\MSI8CCD.tmp [MD5.A0E1595479D16207F1145D060ACF68DC] - [03/05/2017 09:43:02] - |A| - [870400] - C:\WINDOWS\Installer\MSIB71F.tmp [MD5.33908AA43AC0AAABC06A58D51B1C2CCA] - [03/05/2017 09:43:06] - |A| - [152064] - C:\WINDOWS\Installer\MSIC4EB.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:29] - |A| - [714432] - C:\WINDOWS\Installer\MSICDDE.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:35] - |A| - [714432] - C:\WINDOWS\Installer\MSIE4E2.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:35] - |A| - [714432] - C:\WINDOWS\Installer\MSIE689.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:35] - |A| - [714432] - C:\WINDOWS\Installer\MSIE736.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:36] - |A| - [714432] - C:\WINDOWS\Installer\MSIE89E.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:39] - |A| - [714432] - C:\WINDOWS\Installer\MSIF6B9.tmp [MD5.7EFB2B3586AD6109B4FED8B8A26FAD07] - [03/05/2017 16:33:40] - |A| - [714432] - C:\WINDOWS\Installer\MSIF7C3.tmp [MD5.4F10CBED54B6BFFF1D1A500A60AE0E8D] - [06/05/2017 10:04:51] - |A| - [329804492] - C:\WINDOWS\Installer\pe10_1607x64.zip [MD5.5012CC23DE8A65EE37EC951D4481BBFE] - [06/05/2017 10:04:50] - |A| - [41971712] - C:\WINDOWS\Installer\reflect_setupv6.3.1745-x86-00.msi [MD5.EBBD7BB2862070E8F488ACC294F786FB] - [06/05/2017 10:05:57] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{05ED2D58-BDCF-4001-A7C3-D3D712810009} [MD5.2228ADCE4524FB3BE59591AE93D5C4F8] - [03/05/2017 16:24:13] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E} [MD5.297BCF4E439B658F40B63EC687BACE3F] - [03/05/2017 15:08:49] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} [MD5.65FCE0E479FC22CA6C91B3B376D50EEA] - [11/05/2017 16:30:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F32180131F0} [MD5.DF9F56B27516EFAEE06A7A1B61674BA5] - [03/05/2017 16:24:36] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{26F31E12-3722-45FD-903B-49012286BB4C} [MD5.EB1123848E57A27BE0787617D7A431E6] - [03/05/2017 18:15:15] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{3A76F170-D527-49DC-883D-BD4C9F16DB77} [MD5.30A9E87DE2D6D376652899E7E8A8CE87] - [03/05/2017 16:24:42] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{3E5BEF30-3962-4B47-AECA-937B6CBB0A68} [MD5.1C0022E84E299F582C6FD2C1C3449A4D] - [03/05/2017 16:25:46] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{442A7291-038A-4793-AC12-5DF5720F5575} [MD5.AC695558A8818B63FF7718793390E543] - [11/05/2017 16:31:56] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{4A03706F-666A-4037-7777-5F2748764D10} [MD5.D5AED12A35B50EE72B319485368C1628] - [03/05/2017 16:33:01] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2} [MD5.459B294A5D88D4D4A6D0D2107FCB3005] - [03/05/2017 17:39:13] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{5686E484-7136-4674-A4B2-508C7B26DCA4} [MD5.3B3CF3FA810EF59431B4D732A0529BD7] - [03/05/2017 17:40:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{71FFA475-24D5-44FB-A51F-39B699E3D82C} [MD5.F222641256F3A46A68CAFAC0A4BE46CF] - [03/05/2017 09:43:02] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7D095455-D971-4D4C-9EFD-9AF6A6584F3A} [MD5.8D6409F4EF98BDAC5E786352B551B8D1] - [03/05/2017 16:24:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7DE129E5-BB4A-4517-A6CD-C69EEB346781} [MD5.FE4D6CC450D3DA5C3208A44EE5B23131] - [03/05/2017 16:24:30] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C} [MD5.1EA62CA428FF56938E2EF513D9289AF1] - [03/05/2017 17:58:37] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{837b34e3-7c30-493c-8f6a-2b0f04e2912c} [MD5.C79E27079B5996CAE50F820C8DE2F672] - [06/05/2017 09:15:51] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8751AE19-FF09-42CB-8316-C9615DDD02AC} [MD5.B1608B4BD905E87C26FA7E9388FD64C5] - [03/05/2017 17:08:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8C784F8B-89D0-4A59-A000-7EEF129E1574} [MD5.3C314E20785B9CACAAFAC10B9DA9ABE4] - [03/05/2017 16:23:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8F4FE9F3-9251-4DC0-BCA4-CA764D691AE4} [MD5.5612B43FC3AD4173DA02F9E8BE9A9EAF] - [03/05/2017 17:13:52] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{9A25302D-30C0-39D9-BD6F-21E6EC160475} [MD5.052771F83BCE2D1EC03C3B86174A15FC] - [03/05/2017 16:24:24] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3} [MD5.3026D2A6479F25B9B34AD29FCF8B6059] - [03/05/2017 15:04:56] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B175520C-86A2-35A7-8619-86DC379688B9} [MD5.56C27932B53DA9A930908809CA35CEAB] - [03/05/2017 15:04:55] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} [MD5.3364D020E2660C798182C50BE884895F] - [03/05/2017 15:07:54] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C59C179C-668D-49A9-B6EA-0121CCFC1243} [MD5.F43F96737A8AF10754EBB4E107C5B446] - [05/05/2017 14:09:39] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9} [MD5.4B3D3ECD04CD36A44BD301AE3DBD063F] - [05/05/2017 12:36:45] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{D881F038-D767-45AA-90C1-1E5411A9670A} [MD5.08B16C10E37D59A8B0EAB12095EFC710] - [03/05/2017 18:07:32] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} [MD5.42E3E77706A695E7F764455CB2494977] - [03/05/2017 17:12:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2017 10:06:07] - |A| - [0] - C:\WINDOWS\Installer\wix{05ED2D58-BDCF-4001-A7C3-D3D712810009}.SchedServiceConfig.rmi [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{04833277-EE61-4251-9273-0CF86C0FE710} [MD5.00000000000000000000000000000000] - [06/05/2017 10:06:02] - |D| - [665497] - C:\WINDOWS\Installer\{05ED2D58-BDCF-4001-A7C3-D3D712810009} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:16] - |D| - [59352] - C:\WINDOWS\Installer\{06D33B93-9458-4E28-BDEA-F5ECB2C3C30E} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{0BC63E80-F9DE-40B2-AE07-EFAD9C82E06E} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{18F14F4B-D8A9-4309-817E-3BC0B7664E53} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{1B932032-73EB-4E1B-99F6-1541DEFD631A} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{1EBC6C6F-7D31-4897-B241-DC7052F3E7A5} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:36] - |D| - [59352] - C:\WINDOWS\Installer\{26F31E12-3722-45FD-903B-49012286BB4C} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{367D1EA4-24FD-402F-AFF0-08A678D2EE28} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{37AD632E-994D-4944-B57D-A80852BCB96D} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:44] - |D| - [59352] - C:\WINDOWS\Installer\{3E5BEF30-3962-4B47-AECA-937B6CBB0A68} [MD5.00000000000000000000000000000000] - [03/05/2017 16:25:57] - |D| - [1075080] - C:\WINDOWS\Installer\{442A7291-038A-4793-AC12-5DF5720F5575} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{4C5D0B6A-944A-47A6-A2F3-BCB58E05CA5D} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{4EAB2511-0135-48CA-A47B-CE1E6836793A} [MD5.00000000000000000000000000000000] - [03/05/2017 16:33:36] - |D| - [764030] - C:\WINDOWS\Installer\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2} [MD5.00000000000000000000000000000000] - [03/05/2017 17:39:25] - |D| - [366816] - C:\WINDOWS\Installer\{5686E484-7136-4674-A4B2-508C7B26DCA4} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{68BE8BAB-5375-4C99-9116-1808F5968D40} [MD5.00000000000000000000000000000000] - [03/05/2017 17:40:54] - |D| - [313872] - C:\WINDOWS\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{73830292-868E-4C82-9AF5-CCFE2047B6A3} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{73D4C081-72C2-4C3B-A8CC-BE86DC7A503D} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7} [MD5.00000000000000000000000000000000] - [03/05/2017 14:31:31] - |D| - [123570] - C:\WINDOWS\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:38] - |D| - [59352] - C:\WINDOWS\Installer\{7DE129E5-BB4A-4517-A6CD-C69EEB346781} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:32] - |D| - [59352] - C:\WINDOWS\Installer\{7F7C8AE0-961B-4AED-B99A-D9BE29C0F24C} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{84875F6F-2996-4469-BF1D-F59A85C5C702} [MD5.00000000000000000000000000000000] - [06/05/2017 09:15:41] - |D| - [12374833] - C:\WINDOWS\Installer\{8751AE19-FF09-42CB-8316-C9615DDD02AC} [MD5.00000000000000000000000000000000] - [03/05/2017 17:09:03] - |D| - [316416] - C:\WINDOWS\Installer\{8C784F8B-89D0-4A59-A000-7EEF129E1574} [MD5.00000000000000000000000000000000] - [03/05/2017 16:23:36] - |D| - [358360] - C:\WINDOWS\Installer\{8F4FE9F3-9251-4DC0-BCA4-CA764D691AE4} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{A305217D-C8FC-46D3-B9E3-054B707B4E62} [MD5.00000000000000000000000000000000] - [03/05/2017 16:24:25] - |D| - [59352] - C:\WINDOWS\Installer\{AAF4B2C1-2E27-46EF-9B9E-2B2130F056F3} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{BCC0552D-76C0-4130-BFBD-49BE49ACC594} [MD5.00000000000000000000000000000000] - [03/05/2017 15:08:16] - |D| - [155217] - C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B} [MD5.00000000000000000000000000000000] - [05/05/2017 14:11:46] - |D| - [1862565] - C:\WINDOWS\Installer\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{D6AB1F5B-FED6-49a9-9747-327BD28FB3C7} [MD5.00000000000000000000000000000000] - [05/05/2017 12:36:46] - |D| - [226272] - C:\WINDOWS\Installer\{D881F038-D767-45AA-90C1-1E5411A9670A} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{DAC390BA-1387-4DF8-A9BC-683E81E77E86} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{DAE39927-6F98-4122-A3D2-AC16A5B0E52F} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{EC925096-5689-4BE3-B675-D16D0394B4A0} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{EF478DD2-1CD0-412F-B006-06AC204385D3} [MD5.00000000000000000000000000000000] - [03/05/2017 17:38:25] - |D| - [0] - C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C} [MD5.29DF2CB190A24E1727B63B3D4019D52F] - [11/05/2017 16:07:00] - |A| - [330752] - C:\WINDOWS\system32\aadcloudap.dll [MD5.8C7FC58B83F422E08B22F10A8B44D4FF] - [11/05/2017 16:04:57] - |A| - [886272] - C:\WINDOWS\system32\aadtb.dll [MD5.F646D3DF102212DCF926E0318A0ACE64] - [11/05/2017 16:06:04] - |A| - [238080] - C:\WINDOWS\system32\AboveLockAppHost.dll [MD5.73AA4413714102CC1436D722968FB3A0] - [11/05/2017 16:06:32] - |A| - [291328] - C:\WINDOWS\system32\adsnt.dll [MD5.84F1480E4219BDD2C81E5839D9AE2768] - [03/05/2017 09:59:02] - |A| - [215552] - C:\WINDOWS\system32\apds.dll [MD5.7B60A320715741FC6C37A97CCC8F7158] - [11/05/2017 16:05:45] - |A| - [819200] - C:\WINDOWS\system32\AppContracts.dll [MD5.184DA3091D4740B62EA23A3DAD50E06A] - [11/05/2017 16:04:30] - |A| - [16896] - C:\WINDOWS\system32\appidcertstorecheck.exe [MD5.714E67E2458C812930B4AC575C2FEFF9] - [11/05/2017 16:06:15] - |A| - [98304] - C:\WINDOWS\system32\appidsvc.dll [MD5.DFF7F0E9D7626E49DDBC5A31BC080F82] - [11/05/2017 16:06:02] - |A| - [118272] - C:\WINDOWS\system32\AppointmentActivation.dll [MD5.588C0863520012F65DE4955753064065] - [11/05/2017 16:05:11] - |A| - [125952] - C:\WINDOWS\system32\apprepapi.dll [MD5.10AACA3EBF92BCCB84B7C9CF005C57DF] - [11/05/2017 16:05:10] - |A| - [284672] - C:\WINDOWS\system32\apprepsync.dll [MD5.2908E772992FDB942B356C583D49BB3C] - [03/05/2017 10:00:44] - |A| - [313856] - C:\WINDOWS\system32\AppXDeploymentClient.dll [MD5.7D025186BB0306169A0577BA8042B1CE] - [03/05/2017 09:58:36] - |A| - [790528] - C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll [MD5.9C2BFE5DED8787FC04FCDFD2ADE2AEA7] - [11/05/2017 16:07:09] - |A| - [1378304] - C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll [MD5.5D222070265822F461F91C82F79F3FE1] - [03/05/2017 09:58:36] - |A| - [1949696] - C:\WINDOWS\system32\AppXDeploymentServer.dll [MD5.BB0D9586D7A6A865EED5839D50097E4B] - [03/05/2017 09:59:34] - |A| - [79360] - C:\WINDOWS\system32\asycfilt.dll [MD5.D503318341DEBF01411DC961AB102843] - [03/05/2017 09:59:01] - |A| - [315744] - C:\WINDOWS\system32\atmfd.dll [MD5.10101539E6DD925549591A753D7447B7] - [03/05/2017 09:59:01] - |A| - [37376] - C:\WINDOWS\system32\atmlib.dll [MD5.3407B919E14909BAF86590E054BE66BB] - [11/05/2017 16:04:28] - |A| - [300544] - C:\WINDOWS\system32\AudioEndpointBuilder.dll [MD5.AD9DFD8C94C587334101FBEA77AB7A44] - [11/05/2017 16:04:33] - |A| - [786432] - C:\WINDOWS\system32\audiosrv.dll [MD5.2DDFD70F95DF120913E6118438825F5E] - [03/05/2017 10:00:45] - |A| - [117760] - C:\WINDOWS\system32\AuthBroker.dll [MD5.A4D9A76E8B86C92BCE64CBBFD096CA84] - [11/05/2017 16:05:53] - |A| - [798208] - C:\WINDOWS\system32\authui.dll [MD5.955747AFB2F0658591CA10216A34C76A] - [11/05/2017 16:06:05] - |A| - [1255936] - C:\WINDOWS\system32\AzureSettingSyncProvider.dll [MD5.149AD3F8581FFA59FE4676F691105E80] - [03/05/2017 09:58:29] - |A| - [505856] - C:\WINDOWS\system32\bcastdvr.exe [MD5.909D66B74A7D8B21E741EDC7ECF9EE52] - [11/05/2017 16:06:05] - |A| - [623616] - C:\WINDOWS\system32\bisrv.dll [MD5.8D09C988CE2AD04646BFBDDA1BE7C381] - [11/05/2017 16:04:25] - |A| - [95232] - C:\WINDOWS\system32\BluetoothApis.dll [MD5.087A358502B3452ED8E5AB34C3CABD4F] - [11/05/2017 16:05:58] - |A| - [82432] - C:\WINDOWS\system32\browserbroker.dll [MD5.717259AF72DFCD78C83CF6B94CA06F0A] - [11/05/2017 16:04:28] - |A| - [25440] - C:\WINDOWS\system32\browser_broker.exe [MD5.688751472351116EB6D7250BC8ADE77E] - [11/05/2017 16:05:59] - |A| - [206336] - C:\WINDOWS\system32\bthprops.cpl [MD5.D4276965062667900278914EFB67B932] - [11/05/2017 16:06:18] - |A| - [121344] - C:\WINDOWS\system32\bthserv.dll [MD5.B6D797E918FA87E7F3BFCEE1EAB7E73C] - [11/05/2017 16:04:03] - |A| - [27648] - C:\WINDOWS\system32\BthTelemetry.dll [MD5.5FDA234E211E3D4BB2DAB68CF1F8A550] - [11/05/2017 16:06:20] - |A| - [89600] - C:\WINDOWS\system32\CameraCaptureUI.dll [MD5.AD2B539972FE1E1078AC698F4A47FE8D] - [03/05/2017 10:00:45] - |A| - [3198464] - C:\WINDOWS\system32\cdp.dll [MD5.25C016973DE287788026B2A0E531F647] - [11/05/2017 16:06:58] - |A| - [2646528] - C:\WINDOWS\system32\CertEnroll.dll [MD5.83D2E9E5F7B825045E97CC9A873F20CC] - [11/05/2017 16:06:45] - |A| - [6042624] - C:\WINDOWS\system32\Chakra.dll [MD5.896486EC12170379C282D6DE2FE00014] - [11/05/2017 16:07:32] - |A| - [822784] - C:\WINDOWS\system32\Chakradiag.dll [MD5.F54072C5907891AA70A2AF72E099A390] - [03/05/2017 09:58:48] - |A| - [195584] - C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll [MD5.09914F5D56A53E5B53585650C2D2D7AA] - [03/05/2017 09:58:52] - |A| - [125792] - C:\WINDOWS\system32\CloudExperienceHostBroker.dll [MD5.9F46E661D851BEAFD0AC25A27E76CAEF] - [11/05/2017 16:04:28] - |A| - [116576] - C:\WINDOWS\system32\CloudExperienceHostCommon.dll [MD5.A2C650E8456AB2A14FA170F6F64810A5] - [03/05/2017 10:00:46] - |A| - [136032] - C:\WINDOWS\system32\CloudExperienceHostUser.dll [MD5.5D24BF0FDD618051CE844FC0DAC1F7D1] - [11/05/2017 16:04:50] - |A| - [2168288] - C:\WINDOWS\system32\combase.dll [MD5.8BB1308493E1A7F7653A7EEE86E10717] - [03/05/2017 09:58:49] - |A| - [34088] - C:\WINDOWS\system32\CompPkgSup.dll [MD5.FB64DA1D5D19F40B1907745F04555B55] - [11/05/2017 16:04:28] - |A| - [294400] - C:\WINDOWS\system32\ConhostV2.dll [MD5.F34409745B1E8620AE5E39772DB8F3E8] - [11/05/2017 16:04:04] - |A| - [102400] - C:\WINDOWS\system32\ConsentUX.dll [MD5.090E143D7B4A5FE41C8DCC0D2DFEAEBD] - [11/05/2017 16:06:20] - |A| - [448864] - C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll [MD5.E47E87B8F8C178B284D6DD8DA9303139] - [11/05/2017 16:06:51] - |A| - [583128] - C:\WINDOWS\system32\CoreMessaging.dll [MD5.3FA897C7B5449BE2C8699792DF0DFEEB] - [11/05/2017 16:06:27] - |A| - [2048488] - C:\WINDOWS\system32\CoreUIComponents.dll [MD5.64255D92BAADDFFDCAD08582F7E807FB] - [03/05/2017 09:58:49] - |A| - [390656] - C:\WINDOWS\system32\CredProvDataModel.dll [MD5.7E3A33292899D3265A8B5B2157E74398] - [11/05/2017 16:04:08] - |A| - [203776] - C:\WINDOWS\system32\credprovhost.dll [MD5.C22A687BC6DCD7F87BD133A2B52A4A18] - [11/05/2017 16:04:37] - |A| - [1557224] - C:\WINDOWS\system32\crypt32.dll [MD5.C3771CB78F3394334B021329C9D1DCA1] - [11/05/2017 16:06:06] - |A| - [288256] - C:\WINDOWS\system32\CryptoWinRT.dll [MD5.2DAE51A9868A909C71EE56CCF9733F20] - [11/05/2017 16:07:04] - |A| - [3733504] - C:\WINDOWS\system32\D3DCompiler_47.dll [MD5.495900F3BD3AB90ACA71621368201AB6] - [11/05/2017 16:06:15] - |A| - [195072] - C:\WINDOWS\system32\dafBth.dll [MD5.632D6A78FA50EB13C61AD5FA2106B8A9] - [03/05/2017 10:00:51] - |A| - [166400] - C:\WINDOWS\system32\dafpos.dll [MD5.FE54A8BC52CE41710E0DDF9621377940] - [11/05/2017 16:06:14] - |A| - [216576] - C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll [MD5.BDC301A81279B9A78554FD7BA61EEA3E] - [11/05/2017 16:06:02] - |A| - [271360] - C:\WINDOWS\system32\deviceaccess.dll [MD5.45A59DFFA1D9F17EE61D57FB8A75F67B] - [11/05/2017 16:04:06] - |A| - [1755136] - C:\WINDOWS\system32\DeviceFlows.DataModel.dll [MD5.62EBB1238EAE08C3F026F3C28EB1D8DB] - [11/05/2017 16:05:51] - |A| - [506880] - C:\WINDOWS\system32\DevicePairing.dll [MD5.2E21D48A41908B8BDC0A4CF88E723221] - [11/05/2017 16:04:26] - |A| - [323584] - C:\WINDOWS\system32\DevicesFlowBroker.dll [MD5.4A75292A737477F2D803EF10A8E4E6BF] - [16/05/2017 15:59:08] - |A| - [28160] - C:\WINDOWS\system32\DfSdkBt.exe [MD5.1B8691B5DD5F28DD3527B5C754672F4A] - [11/05/2017 16:07:21] - |A| - [1488384] - C:\WINDOWS\system32\diagtrack.dll [MD5.77D6D031DE66A3BF8343DFEF1BECF368] - [11/05/2017 16:06:21] - |A| - [141312] - C:\WINDOWS\system32\dialclient.dll [MD5.1BEC139FDDF9478EC1605D699AE14EF6] - [11/05/2017 16:06:20] - |A| - [138240] - C:\WINDOWS\system32\DisplayManager.dll [MD5.2290B2B88B8002E98380137ED7CAF1FA] - [11/05/2017 16:06:04] - |A| - [248832] - C:\WINDOWS\system32\dlnashext.dll [MD5.3A11C48DD67ABD1E363C392DD87AC489] - [03/05/2017 09:58:54] - |A| - [123392] - C:\WINDOWS\system32\dmcertinst.exe [MD5.EBB3AE6143E78C0C87856DC6DB761B31] - [03/05/2017 09:59:00] - |A| - [395264] - C:\WINDOWS\system32\dmenrollengine.dll [MD5.EBC41191EBF29380A54C5D5ED1DC4A6B] - [03/05/2017 09:58:57] - |A| - [920064] - C:\WINDOWS\system32\dosvc.dll [MD5.003D05AA7EFD7AD36041F20C2EE6C5D3] - [11/05/2017 16:04:06] - |A| - [404992] - C:\WINDOWS\system32\dsreg.dll [MD5.E023A2AF2EE09893957D4D7EF4E6FAD5] - [11/05/2017 16:06:57] - |A| - [1993216] - C:\WINDOWS\system32\dwmcore.dll [MD5.8CA7AAC405BA117ABEC8FB62FE49E442] - [11/05/2017 16:07:22] - |A| - [2008576] - C:\WINDOWS\system32\DWrite.dll [MD5.368EB8AAA966F040C90F28082022EB6D] - [11/05/2017 16:06:11] - |A| - [242688] - C:\WINDOWS\system32\Dxpserver.exe [MD5.4C47BE2F71A72A12FFB577B43EDF4997] - [11/05/2017 16:06:47] - |A| - [270336] - C:\WINDOWS\system32\dxtrans.dll [MD5.0460E354BB290E96BE71DCEBD65CAA9B] - [11/05/2017 16:06:42] - |A| - [18365440] - C:\WINDOWS\system32\edgehtml.dll [MD5.2FF6AADC02E8FDA84487D822C0461CD4] - [11/05/2017 16:06:20] - |A| - [431616] - C:\WINDOWS\system32\efswrt.dll [MD5.FE3DD825868B03006EFA931E03E9D696] - [11/05/2017 16:06:22] - |A| - [857600] - C:\WINDOWS\system32\EmailApis.dll [MD5.CE80CD0D38AE069D9278C13B9B48E622] - [03/05/2017 09:59:00] - |A| - [157696] - C:\WINDOWS\system32\enrollmentapi.dll [MD5.EEBD629243B300E6EFE84E7F609C981F] - [03/05/2017 09:58:56] - |A| - [728064] - C:\WINDOWS\system32\enterprisecsps.dll [MD5.A245BAB79B58ABA58E5482036296DCAC] - [03/05/2017 10:00:45] - |A| - [134144] - C:\WINDOWS\system32\ErrorDetails.dll [MD5.9BC0AA523622EA767E66FCD9429A6322] - [11/05/2017 16:06:09] - |A| - [224256] - C:\WINDOWS\system32\ExSMime.dll [MD5.A622A7F07406723EC2A34D8E2788A5EA] - [07/05/2017 23:35:30] - |A| - [8192] - C:\WINDOWS\system32\E_DCINST.DLL [MD5.F7E8465680D7889174E6C7284E74B586] - [07/05/2017 23:35:26] - |A| - [81408] - C:\WINDOWS\system32\E_FD4BLPE.DLL [MD5.2033AC56A5AB0B2C92E65C42BDE97EAB] - [07/05/2017 23:35:28] - |A| - [142848] - C:\WINDOWS\system32\E_FLMBLPE.DLL [MD5.DBB453F1488A239ED5A2EFDB31BF5A05] - [03/05/2017 09:59:47] - |A| - [85504] - C:\WINDOWS\system32\Family.Authentication.dll [MD5.F0DC77C2108C25D038DC38DCCB095EFD] - [11/05/2017 16:06:21] - |A| - [119296] - C:\WINDOWS\system32\Family.Client.dll [MD5.1455D313F9679506139617E702E8EF38] - [11/05/2017 16:06:21] - |A| - [186880] - C:\WINDOWS\system32\Family.SyncEngine.dll [MD5.FF63021FFE82478535F255A6794B30F6] - [09/05/2017 09:02:14] - |A| - [19496] - C:\WINDOWS\system32\fbnative.exe [MD5.B59D0331049559414247FADEFB239FAB] - [11/05/2017 16:09:54] - |A| - [835576] - C:\WINDOWS\system32\FlashPlayerApp.exe [MD5.754FE8626AAFABAA662CAF3542FC6E49] - [11/05/2017 16:09:54] - |A| - [177656] - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [MD5.81C8ED16DD5466F03BA1436D011242CB] - [11/05/2017 16:05:55] - |A| - [517632] - C:\WINDOWS\system32\FlightSettings.dll [MD5.79DD0FA4C937F36ACCED1D495701D76A] - [03/05/2017 09:59:01] - |A| - [156160] - C:\WINDOWS\system32\flvprophandler.dll [MD5.604519957A8BBA4D845F2159AC2A5AFF] - [16/05/2017 17:16:50] - |A| - [195744] - C:\WINDOWS\system32\FNTCACHE.DAT [MD5.32240902C9B59D555FD2D154A226B65B] - [11/05/2017 16:07:31] - |A| - [1525760] - C:\WINDOWS\system32\FntCache.dll [MD5.A9ADDAE245711AA2D3A8105562A777BC] - [03/05/2017 09:59:01] - |A| - [545944] - C:\WINDOWS\system32\fontdrvhost.exe [MD5.BBD5A35F3208511F6E3E9DCF3BF5CE85] - [03/05/2017 10:00:51] - |A| - [94208] - C:\WINDOWS\system32\FontProvider.dll [MD5.51EDA32CF28ADC0D5245949ABBCF4970] - [11/05/2017 16:04:26] - |A| - [758784] - C:\WINDOWS\system32\fvewiz.dll [MD5.16EE0A12BE235D5C7CC87A9D4B05AB12] - [11/05/2017 16:07:31] - |A| - [1411616] - C:\WINDOWS\system32\gdi32full.dll [MD5.45AF0567FC7D184492CEFFB278F9B0F5] - [03/05/2017 09:59:01] - |A| - [357376] - C:\WINDOWS\system32\Geolocation.dll [MD5.0E2E5B4A9348AD3590626C3E448CF485] - [11/05/2017 16:07:08] - |A| - [1098752] - C:\WINDOWS\system32\gpsvc.dll [MD5.525DC99027BFA6A37F19043B9E23A813] - [11/05/2017 16:06:19] - |A| - [188416] - C:\WINDOWS\system32\ie4uinit.exe [MD5.7661E19FE2A89A88025E1807EB1D1D63] - [11/05/2017 16:06:44] - |A| - [1509376] - C:\WINDOWS\system32\ieapfltr.dll [MD5.E40B7AA6BC27D2659B91C4E41B5CC544] - [11/05/2017 16:06:16] - |A| - [340480] - C:\WINDOWS\system32\iedkcs32.dll [MD5.BAA4FC27D724DD8298BF74352EF3625E] - [11/05/2017 16:05:42] - |A| - [12187136] - C:\WINDOWS\system32\ieframe.dll [MD5.26B1962EEE5A44CA71386476AAB2BAAF] - [11/05/2017 16:07:11] - |A| - [126464] - C:\WINDOWS\system32\iepeers.dll [MD5.239E565750C9D2947AC67FE454F9C71D] - [11/05/2017 16:06:13] - |A| - [306688] - C:\WINDOWS\system32\ieproxy.dll [MD5.F151F4FC0F9A62CA67FF46D0E25F298F] - [11/05/2017 16:06:12] - |A| - [2263832] - C:\WINDOWS\system32\iertutil.dll [MD5.3F2F97683015EA0686DEA57936A57233] - [11/05/2017 17:19:06] - |A| - [37476352] - C:\WINDOWS\system32\imageres.dll [MD5.688165D0202F8496A8F75B86BBE4E0CD] - [11/05/2017 17:19:07] - |A| - [1741312] - C:\WINDOWS\system32\imagesp1.dll [MD5.BEE6522178223C4C758C98A4D82F6F27] - [11/05/2017 16:06:10] - |A| - [433664] - C:\WINDOWS\system32\imapi2.dll [MD5.D6DAB734137803E959D6E4B7B4576B89] - [11/05/2017 16:06:00] - |A| - [2027008] - C:\WINDOWS\system32\inetcpl.cpl [MD5.09C26FFBB7CCE360E0076BC178289AA2] - [03/05/2017 10:00:54] - |A| - [2138112] - C:\WINDOWS\system32\InputService.dll [MD5.4B34230A758BF16BD8F6DD82D0D83D33] - [11/05/2017 16:06:21] - |A| - [180224] - C:\WINDOWS\system32\InstallAgent.exe [MD5.9C7DBBC32C5927F7BF70B61FA0AD0F74] - [11/05/2017 16:06:22] - |A| - [223232] - C:\WINDOWS\system32\InstallAgentUserBroker.exe [MD5.ACAA3955AEF5BE4B3A1035566A34CD7D] - [03/05/2017 16:32:47] - |A| - [236792] - C:\WINDOWS\system32\iseguard32.dll [MD5.DF090B5CA951695398BCFBAF633C6565] - [11/05/2017 16:07:13] - |A| - [3664384] - C:\WINDOWS\system32\jscript9.dll [MD5.422D85C44A2FABBDBE9B1816D2BC20F7] - [11/05/2017 16:07:26] - |A| - [635904] - C:\WINDOWS\system32\jscript9diag.dll [MD5.00000000000000000000000000000000] - [05/05/2017 13:15:08] - |D| - [24704035] - C:\WINDOWS\system32\KDirectShow [MD5.80B4306D2E9FCDD85D6D8AEB936F8F70] - [03/05/2017 10:00:48] - |A| - [755712] - C:\WINDOWS\system32\kerberos.dll [MD5.2FFE748D0F7EA52F9EFDEA0289100734] - [11/05/2017 16:06:54] - |A| - [628440] - C:\WINDOWS\system32\kernel32.dll [MD5.BA3FB8FAD87B69AD616D7C620F877CD8] - [11/05/2017 16:05:43] - |A| - [1725136] - C:\WINDOWS\system32\KernelBase.dll [MD5.0E2168CC913FAC527C2FB78ADFA29685] - [11/05/2017 16:06:14] - |A| - [861024] - C:\WINDOWS\system32\LicenseManager.dll [MD5.42A9297FB052FD49EFDF55814FE15FC7] - [03/05/2017 09:59:37] - |A| - [941568] - C:\WINDOWS\system32\localspl.dll [MD5.10C8325CDD43D9F623421CE71169A834] - [11/05/2017 16:04:08] - |A| - [318464] - C:\WINDOWS\system32\LocationApi.dll [MD5.B181768E4E46BD2AEFB027BDCF8EB80C] - [03/05/2017 09:59:01] - |A| - [1406976] - C:\WINDOWS\system32\LocationFramework.dll [MD5.FED557804A79112412362EF4EA6E69C4] - [11/05/2017 16:05:53] - |A| - [525312] - C:\WINDOWS\system32\LogonController.dll [MD5.5D207E02CEF3BB738A0233037516E744] - [11/05/2017 16:07:13] - |A| - [1120768] - C:\WINDOWS\system32\lsasrv.dll [MD5.D56E4DFD351E425829F0E836A61D026B] - [05/05/2017 17:26:38] - |A| - [32566] - C:\WINDOWS\system32\lvcoinst.log [MD5.C09EB799690E0D1FA13DF4C067DEA02E] - [11/05/2017 16:07:32] - |A| - [654336] - C:\WINDOWS\system32\MbaeApiPublic.dll [MD5.A1D14311F7D12D81B4D407765ED3C1EE] - [03/05/2017 10:00:54] - |A| - [498688] - C:\WINDOWS\system32\mbsmsapi.dll [MD5.ABC347AFB5D180AD859E3BFAD8F184E6] - [11/05/2017 16:07:32] - |A| - [641024] - C:\WINDOWS\system32\MCRecvSrc.dll [MD5.C276C17A2BC613E2D13BE5AC8D2324FB] - [11/05/2017 16:07:33] - |A| - [1277856] - C:\WINDOWS\system32\mfasfsrcsnk.dll [MD5.1FD3F9722119BDF7B8CFF0ECD1E84EA6] - [03/05/2017 17:31:09] - |A| - [1060864] - C:\WINDOWS\system32\mfc71.dll [MD5.84FACD3A1DBB86366386CBA576809CDA] - [11/05/2017 16:07:20] - |A| - [4023008] - C:\WINDOWS\system32\mfcore.dll [MD5.4B8A7B34B64D4E2AAF23C7DEA592B85A] - [03/05/2017 09:59:24] - |A| - [3307008] - C:\WINDOWS\system32\MFMediaEngine.dll [MD5.3F3B564914FC2FE6CF3585C0710ED023] - [03/05/2017 09:59:28] - |A| - [78336] - C:\WINDOWS\system32\mfmjpegdec.dll [MD5.FC323DE165BD10F593FFD7647EB8F3EE] - [11/05/2017 16:07:32] - |A| - [1851696] - C:\WINDOWS\system32\mfmp4srcsnk.dll [MD5.3D792CD088575F6E303177B39B61EB49] - [11/05/2017 16:07:30] - |A| - [1202936] - C:\WINDOWS\system32\mfmpeg2srcsnk.dll [MD5.FF135F441491055C6917A5F12EE2A529] - [11/05/2017 16:07:30] - |A| - [981888] - C:\WINDOWS\system32\mfnetcore.dll [MD5.52B898FCEE006E18B46CF4E40C1FBC25] - [11/05/2017 16:07:30] - |A| - [1360456] - C:\WINDOWS\system32\mfnetsrc.dll [MD5.CE29B63BFFF4AD7EFC4036CE1C30A1EB] - [03/05/2017 09:59:29] - |A| - [1344448] - C:\WINDOWS\system32\mfsrcsnk.dll [MD5.CE236E49B60B8AD9A34BDCF86B7BC6AC] - [11/05/2017 16:06:17] - |A| - [795648] - C:\WINDOWS\system32\MiracastReceiver.dll [MD5.291FCFF2E881C89BCE57FA0F9648E35A] - [11/05/2017 16:05:04] - |A| - [2749440] - C:\WINDOWS\system32\mispace.dll [MD5.531D629F52A698F7DD5CAFC43350C989] - [11/05/2017 16:05:44] - |A| - [352760] - C:\WINDOWS\system32\MMDevAPI.dll [MD5.F6432456E3B140CB8A574426962A866D] - [03/05/2017 10:00:57] - |A| - [6109696] - C:\WINDOWS\system32\mos.dll [MD5.24D380F1042A4EFCC9402B70210E2A8F] - [11/05/2017 16:07:24] - |A| - [764928] - C:\WINDOWS\system32\mprddm.dll [MD5.89A94512752A18D589FD96F465670E14] - [03/05/2017 09:58:52] - |A| - [746496] - C:\WINDOWS\system32\msdtcprx.dll [MD5.203FF399AB0F8FC1C47D0F87131F13E1] - [11/05/2017 16:07:07] - |A| - [1284096] - C:\WINDOWS\system32\msdtctm.dll [MD5.4B962ABF2C0AFE7ABE3187B1DE144E6C] - [11/05/2017 16:06:14] - |A| - [691712] - C:\WINDOWS\system32\msfeeds.dll [MD5.1B86F3971B176BF69728CFB0452DCF4A] - [11/05/2017 16:06:24] - |A| - [19414016] - C:\WINDOWS\system32\mshtml.dll [MD5.25C03F50E6140874A6401A1FD6D00BEA] - [11/05/2017 16:06:46] - |A| - [81408] - C:\WINDOWS\system32\mshtmled.dll [MD5.96EFF772A4C0E1C2107F06C50392C29F] - [11/05/2017 16:06:29] - |A| - [3689984] - C:\WINDOWS\system32\msi.dll [MD5.ECD027759059C8300E0FF28AA4CB3F5B] - [03/05/2017 09:59:31] - |A| - [6474752] - C:\WINDOWS\system32\mspaint.exe [MD5.F5B3C01F1A359B729434BE97A3058BBF] - [11/05/2017 16:06:03] - |A| - [1987584] - C:\WINDOWS\system32\mssrch.dll [MD5.FF6716722B08FF6285151254E8FCC6D8] - [11/05/2017 16:05:40] - |A| - [3106304] - C:\WINDOWS\system32\mstsc.exe [MD5.3FD7052E193365B8C4B5FA0F3054848D] - [11/05/2017 16:05:57] - |A| - [7468544] - C:\WINDOWS\system32\mstscax.dll [MD5.94D04BBD66F29536EE33F7F32447F458] - [11/05/2017 16:06:35] - |A| - [1980768] - C:\WINDOWS\system32\msxml6.dll [MD5.81CEC88D4EFF2C25BDF29EC89D497A37] - [03/05/2017 10:00:00] - |A| - [42496] - C:\WINDOWS\system32\musdialoghandlers.dll [MD5.DB3A5488B87E0D400919DEB280EAA0BB] - [03/05/2017 10:00:01] - |A| - [199168] - C:\WINDOWS\system32\MusNotification.exe [MD5.8F31FE0D1FCF00048E4445BA783C2370] - [03/05/2017 10:00:03] - |A| - [79360] - C:\WINDOWS\system32\MusNotificationUx.exe [MD5.B97C3A75337ED4A90869A949AC0A43BA] - [03/05/2017 10:00:03] - |A| - [417280] - C:\WINDOWS\system32\MusUpdateHandlers.dll [MD5.48FE3EE6A50D527C08841C1144EB4A20] - [11/05/2017 16:06:03] - |A| - [816640] - C:\WINDOWS\system32\NaturalLanguage6.dll [MD5.7314EBA2893E16AADCC0C15B81D2ABB0] - [11/05/2017 16:04:33] - |A| - [601952] - C:\WINDOWS\system32\NetSetupEngine.dll [MD5.F646CA295470F45DF5E07F5C02160E6C] - [03/05/2017 09:59:33] - |A| - [2682880] - C:\WINDOWS\system32\netshell.dll [MD5.F63FFFF813E671C7B04865D601E057AE] - [03/05/2017 09:59:33] - |A| - [222720] - C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll [MD5.5CB7E014438B70580CE75B0054F68950] - [11/05/2017 16:06:04] - |A| - [1774080] - C:\WINDOWS\system32\NetworkMobileSettings.dll [MD5.795FF780B654E9523C92912647707B41] - [11/05/2017 16:06:02] - |A| - [242688] - C:\WINDOWS\system32\NgcCtnrSvc.dll [MD5.9D7E3C0E0985B73A7592FB0C196120B6] - [11/05/2017 16:05:47] - |A| - [754688] - C:\WINDOWS\system32\ngcsvc.dll [MD5.78452F89A04B67187DC480711AE0B47E] - [11/05/2017 16:06:33] - |A| - [5996896] - C:\WINDOWS\system32\ntoskrnl.exe [MD5.1D551A46791A0BFC8F49B3516375164F] - [11/05/2017 16:06:10] - |A| - [26112] - C:\WINDOWS\system32\odbcconf.dll [MD5.1ACAF9A1CCE4E6E1D8E5311A335857F3] - [11/05/2017 16:04:53] - |A| - [962760] - C:\WINDOWS\system32\ole32.dll [MD5.3C226C9AC0E66B5625ED36F13B63BDCE] - [11/05/2017 16:07:18] - |A| - [325120] - C:\WINDOWS\system32\oleacc.dll [MD5.FD8950C7F8E05DFA0FAAD73C37350D9A] - [11/05/2017 16:04:53] - |A| - [601712] - C:\WINDOWS\system32\oleaut32.dll [MD5.A961BCBD846070F074857E78B2E735F6] - [11/05/2017 16:04:53] - |A| - [90624] - C:\WINDOWS\system32\olepro32.dll [MD5.76BF180D3A3A76908DE5AF263BF5B604] - [11/05/2017 16:04:32] - |A| - [1413632] - C:\WINDOWS\system32\OpcServices.dll [MD5.8F8F3FC449A6B9675932C96FD1916727] - [11/05/2017 16:06:21] - |A| - [343040] - C:\WINDOWS\system32\PlayToDevice.dll [MD5.467A5001663187088EEBD148FDD96CF9] - [11/05/2017 16:06:07] - |A| - [400384] - C:\WINDOWS\system32\PlayToManager.dll [MD5.69155F120262869DFD2C60FD239B0021] - [11/05/2017 16:06:20] - |A| - [220672] - C:\WINDOWS\system32\PlayToReceiver.dll [MD5.8E157CF31743178E7915B4BE492F9885] - [11/05/2017 16:06:02] - |A| - [525824] - C:\WINDOWS\system32\PrintDialogs.dll [MD5.8FD984D2367E6E30AA3EB1453AC628E8] - [11/05/2017 16:05:51] - |A| - [273920] - C:\WINDOWS\system32\PrintDialogs3D.dll [MD5.1F2B956499749C920D6E7EFEDAC72E15] - [03/05/2017 09:59:39] - |A| - [169984] - C:\WINDOWS\system32\psmsrv.dll [MD5.8A541CE178FC6408169633FA2BEA100C] - [11/05/2017 16:04:40] - |A| - [368128] - C:\WINDOWS\system32\puiobj.dll [MD5.9A3E79E1FD37790C14B7E1EF9450D515] - [03/05/2017 09:58:58] - |A| - [1564160] - C:\WINDOWS\system32\quartz.dll [MD5.E133C90AB455793D343C913DDCE1BBB4] - [03/05/2017 09:59:57] - |A| - [299008] - C:\WINDOWS\system32\RADCUI.dll [MD5.601736DE878C5D56A3A3017BD3C56858] - [11/05/2017 16:07:31] - |A| - [561152] - C:\WINDOWS\system32\rasmans.dll [MD5.02C6C018DA434FE6B4A47F99FDE14E7C] - [11/05/2017 16:06:01] - |A| - [450560] - C:\WINDOWS\system32\rastls.dll [MD5.B6B40C89660DA22D5CB2641BC986B6ED] - [11/05/2017 16:06:14] - |A| - [334848] - C:\WINDOWS\system32\rastlsext.dll [MD5.171B58B8818164E3E13802DFCC7CD074] - [11/05/2017 16:06:08] - |A| - [2747904] - C:\WINDOWS\system32\rdpcore.dll [MD5.4CF5994AFB2E7E91E805F3E108E44FB0] - [11/05/2017 16:06:16] - |A| - [3596800] - C:\WINDOWS\system32\rdpcorets.dll [MD5.DD4BE0809072D25A289330305F0FB8A1] - [03/05/2017 10:00:59] - |A| - [186880] - C:\WINDOWS\system32\RdpRelayTransport.dll [MD5.A27A1A42CA3AC0E25C0F52EE8A64AA97] - [11/05/2017 16:06:54] - |A| - [80224] - C:\WINDOWS\system32\rdpudd.dll [MD5.935DF2AAB561028680575FD7E03B7C1A] - [11/05/2017 16:06:21] - |A| - [281088] - C:\WINDOWS\system32\RDXTaskFactory.dll [MD5.D930E3EC7D86B77327ACECEB8464F792] - [11/05/2017 16:04:56] - |A| - [965472] - C:\WINDOWS\system32\ReAgent.dll [MD5.348121A5971149992BF5679A1552F8D4] - [11/05/2017 16:04:58] - |A| - [1220096] - C:\WINDOWS\system32\RecoveryDrive.exe [MD5.54DB990F283595B08B2198A06B630141] - [11/05/2017 16:04:37] - |A| - [165376] - C:\WINDOWS\system32\ReInfo.dll [MD5.AACA4A70D082CC3B31C3EFF1ECE30AE6] - [11/05/2017 16:04:58] - |A| - [1438720] - C:\WINDOWS\system32\ResetEngine.dll [MD5.5D83D5946350BF4C36C5610E420B1A7C] - [11/05/2017 16:04:51] - |A| - [713728] - C:\WINDOWS\system32\rpcss.dll [MD5.575B1C66616DE1C3338E85E062FD9BF3] - [11/05/2017 16:06:06] - |A| - [355328] - C:\WINDOWS\system32\RTMediaFrame.dll [MD5.4A35B991C8D569B270D6227DAAEC71D8] - [03/05/2017 09:59:56] - |A| - [787968] - C:\WINDOWS\system32\sbe.dll [MD5.FF9D624EF38C716850432C198A9B3CC2] - [11/05/2017 16:04:51] - |A| - [380184] - C:\WINDOWS\system32\services.exe [MD5.BC09951DF67F13AC37FE60F0DAFE260E] - [11/05/2017 16:06:22] - |A| - [186880] - C:\WINDOWS\system32\SettingsHandlers_Flights.dll [MD5.D570C24EA2FAC47B5534E6A2AC7104C6] - [11/05/2017 16:05:52] - |A| - [3774464] - C:\WINDOWS\system32\SettingsHandlers_nt.dll [MD5.7CE521C21CC401641B6FE01BCD008ABE] - [03/05/2017 10:00:46] - |A| - [862208] - C:\WINDOWS\system32\SettingSyncCore.dll [MD5.B981CB0CCFCD0B84C44D31F88310A5D8] - [11/05/2017 16:05:45] - |A| - [493920] - C:\WINDOWS\system32\SettingSyncHost.exe [MD5.6BC08677FCD2F36EF07D8114542C5440] - [11/05/2017 16:05:07] - |A| - [114176] - C:\WINDOWS\system32\setupugc.exe [MD5.7C567A22305DAD2D1D051EDB6ED69D45] - [11/05/2017 16:06:03] - |A| - [1109504] - C:\WINDOWS\system32\SharedStartModel.dll [MD5.36C82FBCEF44354CAC1D5845BD0088C3] - [11/05/2017 16:05:46] - |A| - [566784] - C:\WINDOWS\system32\ShareHost.dll [MD5.450D06FDB6CD31B4F7CE54ACB21451DA] - [11/05/2017 16:05:34] - |A| - [20967840] - C:\WINDOWS\system32\shell32.dll [MD5.681324ED7F3CCFCB292D7546A584B13F] - [11/05/2017 16:05:37] - |A| - [193024] - C:\WINDOWS\system32\shutdownux.dll [MD5.C5DB32A2B4A55472D03B09279A7E9782] - [11/05/2017 16:05:10] - |A| - [1700864] - C:\WINDOWS\system32\smartscreen.exe [MD5.F047C103AE6A8FCD165F0F2EC6587D54] - [11/05/2017 16:06:08] - |A| - [113152] - C:\WINDOWS\system32\SpaceAgent.exe [MD5.E32896FA4BBA49A13FBD2B8C038C6F5D] - [11/05/2017 16:05:56] - |A| - [582656] - C:\WINDOWS\system32\SpaceControl.dll [MD5.466D7DB79F5CB4AA9B3B0B74E998BE17] - [11/05/2017 16:06:15] - |A| - [29696] - C:\WINDOWS\system32\spaceman.exe [MD5.EDA2505DB9DE5613BCF5F1E5F17F497C] - [11/05/2017 16:07:29] - |A| - [1384704] - C:\WINDOWS\system32\sppobjs.dll [MD5.3699DEFF4360F030705E63DC86256137] - [11/05/2017 16:05:05] - |A| - [2154496] - C:\WINDOWS\system32\storagewmi.dll [MD5.2E8EE1F3CCBE84C0DD47A4C023B3270D] - [11/05/2017 16:06:20] - |A| - [557568] - C:\WINDOWS\system32\StoreAgent.dll [MD5.7D0E6AD9EAA6F000FEF72CC9992C6362] - [11/05/2017 16:06:51] - |A| - [143360] - C:\WINDOWS\system32\storewuauth.dll [MD5.29C5647968F3F5CA84572647A4D9F1C5] - [11/05/2017 16:06:22] - |A| - [237568] - C:\WINDOWS\system32\SyncSettings.dll [MD5.0D4867DEF4BC5F4A21F18EDC503A4B5D] - [11/05/2017 16:04:40] - |A| - [774144] - C:\WINDOWS\system32\SystemSettings.Handlers.dll [MD5.B4E828C14D32577285F722B263E0AA92] - [11/05/2017 16:06:01] - |A| - [73728] - C:\WINDOWS\system32\tdc.ocx [MD5.B63A1377A6DC87AF55734C244078FCDF] - [11/05/2017 16:06:19] - |A| - [846848] - C:\WINDOWS\system32\termsrv.dll [MD5.4A8A677561AD11B6CC514B1DD8CD4BF8] - [11/05/2017 16:05:42] - |A| - [256512] - C:\WINDOWS\system32\thumbcache.dll [MD5.761DBA75A9EF9545C9D02DD3EB8D3D24] - [03/05/2017 09:59:54] - |A| - [40960] - C:\WINDOWS\system32\TokenBrokerUI.dll [MD5.4F9BC99D6271D6E194D627DB1469031C] - [11/05/2017 16:06:12] - |A| - [361104] - C:\WINDOWS\system32\tsmf.dll [MD5.334078E3E40A2D7945D083BE50C29D36] - [11/05/2017 16:06:11] - |A| - [783360] - C:\WINDOWS\system32\TSWorkspace.dll [MD5.9E0525AF0F0D2962959C530DC2BD6E28] - [11/05/2017 16:05:45] - |A| - [975744] - C:\WINDOWS\system32\twinapi.appcore.dll [MD5.4512A6C66410147EA47ABD1648E802A8] - [03/05/2017 10:00:47] - |A| - [827904] - C:\WINDOWS\system32\twinui.appcore.dll [MD5.51EDA14D49D1E8EF4DA609A88D158BA6] - [11/05/2017 16:05:38] - |A| - [7626752] - C:\WINDOWS\system32\twinui.dll [MD5.515A46FFA9CB37F28649A8F48064CB0E] - [11/05/2017 16:06:53] - |A| - [214528] - C:\WINDOWS\system32\ubpm.dll [MD5.A475A5CF88B93517B01F9BAF74F3D498] - [11/05/2017 16:06:13] - |A| - [584192] - C:\WINDOWS\system32\UIRibbonRes.dll [MD5.EEEB028A37BECACD3500FBAC9B047731] - [11/05/2017 16:04:04] - |A| - [83968] - C:\WINDOWS\system32\umpoext.dll [MD5.07D5DE6FDCB28355EF73F88578E4B78A] - [11/05/2017 16:06:34] - |A| - [255488] - C:\WINDOWS\system32\unimdm.tsp [MD5.991930832D4ED357BEB0232D8EF57B47] - [11/05/2017 16:06:08] - |A| - [258048] - C:\WINDOWS\system32\updatehandlers.dll [MD5.0743D094B1E672DEDF88A6AC476D2E23] - [11/05/2017 16:06:08] - |A| - [75776] - C:\WINDOWS\system32\updatepolicy.dll [MD5.D8363E0A99BDA0C1AF3AB76327ABC8E2] - [11/05/2017 16:06:13] - |A| - [1600000] - C:\WINDOWS\system32\urlmon.dll [MD5.47C1E6F5D945A0F9D7AC8EF042C172E8] - [11/05/2017 16:05:40] - |A| - [1228288] - C:\WINDOWS\system32\usercpl.dll [MD5.25A5CF415A1C909023CF20AD9DD0851C] - [11/05/2017 16:06:17] - |A| - [95232] - C:\WINDOWS\system32\UserDataTimeUtil.dll [MD5.7BBE0CBF3E6DFEDA109C8C0E449E232C] - [11/05/2017 16:06:22] - |A| - [156672] - C:\WINDOWS\system32\UserDeviceRegistration.dll [MD5.82FD023D8528E2E696A3E0F6CC18ECC5] - [11/05/2017 16:05:50] - |A| - [822272] - C:\WINDOWS\system32\usermgr.dll [MD5.313FEA709E62CA2486C1A900ED4EA5E5] - [11/05/2017 16:06:02] - |A| - [184320] - C:\WINDOWS\system32\UserMgrProxy.dll [MD5.81CA8AC0830E825BDC267DED4E6A9D9E] - [03/05/2017 10:00:04] - |A| - [51712] - C:\WINDOWS\system32\usoapi.dll [MD5.6CAD1ABCC83124034772F1B81C20BCFF] - [11/05/2017 16:05:57] - |A| - [425472] - C:\WINDOWS\system32\usocore.dll [MD5.68A2F362511551756E8CB333994CFE72] - [11/05/2017 16:06:02] - |A| - [206336] - C:\WINDOWS\system32\vaultcli.dll [MD5.583A4D13CC3DB4D5DCD52CDD04838070] - [11/05/2017 16:07:26] - |A| - [509440] - C:\WINDOWS\system32\vbscript.dll [MD5.980F8F5A499EE760CF8D7868D14FE01D] - [11/05/2017 16:07:26] - |A| - [44032] - C:\WINDOWS\system32\virtdisk.dll [MD5.B203C558C7A2453205FA3604FA78867C] - [11/05/2017 16:07:17] - |A| - [1017856] - C:\WINDOWS\system32\VSSVC.exe [MD5.3D2A2D921135801835073451F002480F] - [03/05/2017 15:33:53] - |A| - [1629040] - C:\WINDOWS\system32\WdfCoInstaller01011.dll [MD5.56495F4C33D0A73FA3B170A0E6956177] - [11/05/2017 16:05:56] - |A| - [846336] - C:\WINDOWS\system32\WebcamUi.dll [MD5.6FCC76BFEF65899349C66CA9877DC9F0] - [11/05/2017 16:06:01] - |A| - [236544] - C:\WINDOWS\system32\webcheck.dll [MD5.7E70CFA3079F9C79EAF04130C777AFD7] - [03/05/2017 09:59:00] - |A| - [576408] - C:\WINDOWS\system32\wer.dll [MD5.FF995CF1A820F752E05061D531032DD2] - [11/05/2017 16:07:10] - |A| - [518656] - C:\WINDOWS\system32\wiaservc.dll [MD5.A65918786F06B1D156F9705083F9C1BA] - [11/05/2017 16:07:21] - |A| - [1235456] - C:\WINDOWS\system32\win32kbase.sys [MD5.918A6663E99E7CE032362B8640A7003D] - [11/05/2017 16:06:53] - |A| - [2994176] - C:\WINDOWS\system32\win32kfull.sys [MD5.109E849743CE73FDF099AD9796677276] - [11/05/2017 16:06:17] - |A| - [653312] - C:\WINDOWS\system32\Windows.AccountsControl.dll [MD5.23B3799114DE567D992929ED76FC4974] - [03/05/2017 10:00:24] - |A| - [92672] - C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll [MD5.12B422AF729874E4F36FE774DCD52CEF] - [03/05/2017 10:00:50] - |A| - [115712] - C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll [MD5.79BE654CD7260B9E171EDE31844C63DC] - [11/05/2017 16:06:02] - |A| - [284672] - C:\WINDOWS\system32\Windows.ApplicationModel.dll [MD5.E7C1F8F49FE630A9B51A00A04E84B7F9] - [11/05/2017 16:06:16] - |A| - [231936] - C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll [MD5.7E71DA235CFA8317C35704462AFDB356] - [11/05/2017 16:06:21] - |A| - [1431232] - C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll [MD5.95FEECB4FF13B52A68DE9503FBF04183] - [11/05/2017 16:06:18] - |A| - [426496] - C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll [MD5.58F988DFDAA73BAB6BFCC947CC7CADA0] - [03/05/2017 09:58:48] - |A| - [332800] - C:\WINDOWS\system32\Windows.Cortana.Desktop.dll [MD5.82742E199A5ADBB7CB643CE7E57D5A63] - [11/05/2017 16:06:59] - |A| - [5685760] - C:\WINDOWS\system32\Windows.Data.Pdf.dll [MD5.7394D0FCFD0FFEBC306F23FD1EFBA16D] - [11/05/2017 16:06:17] - |A| - [483840] - C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll [MD5.77A44C31529A0FA0480422E95D59C10D] - [11/05/2017 16:06:05] - |A| - [901120] - C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll [MD5.8F704989CEC337E6347AE372F4EE4D4A] - [11/05/2017 16:04:28] - |A| - [352256] - C:\WINDOWS\system32\Windows.Devices.Enumeration.dll [MD5.3BAD64269CEBF9153D251CBD5E6E91DB] - [11/05/2017 16:06:14] - |A| - [202752] - C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll [MD5.AD2BACA371BE34DB5D65227B344312E4] - [11/05/2017 16:06:20] - |A| - [113152] - C:\WINDOWS\system32\Windows.Devices.Lights.dll [MD5.43FCEF2B976978B35DF080645C09D5A0] - [03/05/2017 10:00:50] - |A| - [374784] - C:\WINDOWS\system32\Windows.Devices.LowLevel.dll [MD5.0A8B13563D577E94893C64DFE301A5E5] - [03/05/2017 09:58:57] - |A| - [348160] - C:\WINDOWS\system32\Windows.Devices.Midi.dll [MD5.55083F5E7563C8BC8E9D30B5754D8E94] - [11/05/2017 16:05:54] - |A| - [1656320] - C:\WINDOWS\system32\Windows.Devices.Perception.dll [MD5.9A65E2A52CC1B27FB21411C877C798EE] - [11/05/2017 16:06:21] - |A| - [262144] - C:\WINDOWS\system32\Windows.Devices.Picker.dll [MD5.395350E85E400D8F98B2F1824088B85C] - [11/05/2017 16:06:17] - |A| - [670208] - C:\WINDOWS\system32\Windows.Devices.PointOfService.dll [MD5.1B882B1A1B24256FE00C78B75A372988] - [11/05/2017 16:06:18] - |A| - [141824] - C:\WINDOWS\system32\Windows.Devices.Radios.dll [MD5.5229AFC6DD8B4B0471CCA5FC82A06FAD] - [11/05/2017 16:06:18] - |A| - [175616] - C:\WINDOWS\system32\Windows.Devices.Scanners.dll [MD5.350DDA8B7EBB0B1BC24C99762E5E1E21] - [11/05/2017 16:07:33] - |A| - [589312] - C:\WINDOWS\system32\Windows.Devices.Sensors.dll [MD5.2DCD12E3D5BFFFE5E4A4A6E43B21D088] - [03/05/2017 10:00:51] - |A| - [129024] - C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll [MD5.6B2E7676383D5CA9F44C39874FA487DA] - [03/05/2017 10:00:50] - |A| - [562176] - C:\WINDOWS\system32\Windows.Devices.SmartCards.dll [MD5.FC0347A20B3483C908DA8BAA7A0476A6] - [03/05/2017 10:00:49] - |A| - [271872] - C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll [MD5.8469FE76641B5AEB7FAC32CFEA362FBD] - [11/05/2017 16:06:20] - |A| - [314368] - C:\WINDOWS\system32\Windows.Devices.Usb.dll [MD5.625F8DC533C47C0B2C181857E011E6EE] - [11/05/2017 16:06:14] - |A| - [142336] - C:\WINDOWS\system32\Windows.Devices.WiFi.dll [MD5.12CEE5B347C7B3D554B15905F0A6C0F5] - [11/05/2017 16:06:20] - |A| - [386048] - C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll [MD5.B77B949B7077121DFA14530CA878F009] - [11/05/2017 16:04:03] - |A| - [134656] - C:\WINDOWS\system32\Windows.Energy.dll [MD5.6F50DABBEF79B08160C39F296757707E] - [11/05/2017 16:06:14] - |A| - [392192] - C:\WINDOWS\system32\Windows.Gaming.Input.dll [MD5.3CDD22C36FE98699593E7AD4F6211AC5] - [03/05/2017 10:00:59] - |A| - [315904] - C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll [MD5.2ED59B51162004FAB573089E8B1B9428] - [11/05/2017 16:06:12] - |A| - [1247232] - C:\WINDOWS\system32\Windows.Globalization.dll [MD5.D651CEDAC3592B28D6E421AD8AC67862] - [11/05/2017 16:06:15] - |A| - [1534464] - C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll [MD5.D138C3AA0253B3B111105DD18ADFA96E] - [03/05/2017 10:00:51] - |A| - [332288] - C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll [MD5.AFBC6BD66ADBFA583F531F9B5517D436] - [11/05/2017 16:06:05] - |A| - [298496] - C:\WINDOWS\system32\Windows.Internal.Management.dll [MD5.BFA299E2BAD11455768B606BD0B13E0D] - [11/05/2017 16:05:51] - |A| - [685440] - C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll [MD5.B17A3682935331DCDFEB8C6C809C1DB4] - [11/05/2017 16:07:27] - |A| - [1221120] - C:\WINDOWS\system32\Windows.Media.Audio.dll [MD5.64D906EC140C44B91D733C6A53BB9DF0] - [11/05/2017 16:06:22] - |A| - [103936] - C:\WINDOWS\system32\Windows.Media.Devices.dll [MD5.144F8D17FFB67ECA98B2038CE3E41824] - [11/05/2017 16:05:56] - |A| - [4614656] - C:\WINDOWS\system32\Windows.Media.dll [MD5.443562FD361A13CAF246F2F3E4BFC097] - [11/05/2017 16:06:07] - |A| - [1077760] - C:\WINDOWS\system32\Windows.Media.Editing.dll [MD5.971A421D98939976CE2773F49DE2F252] - [11/05/2017 16:06:16] - |A| - [1243136] - C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll [MD5.5BB920D2E79A633C50A48DC4E8C78002] - [03/05/2017 10:00:45] - |A| - [609280] - C:\WINDOWS\system32\Windows.Media.Import.dll [MD5.885992815E8293A989A10319A6519D0B] - [03/05/2017 09:58:36] - |A| - [306800] - C:\WINDOWS\system32\Windows.Media.MediaControl.dll [MD5.66386F62916B6651F10DDA89EC246BFE] - [11/05/2017 16:06:17] - |A| - [747520] - C:\WINDOWS\system32\Windows.Media.Ocr.dll [MD5.02E53BC414A2978D528277204335B5AC] - [11/05/2017 16:07:16] - |A| - [6665952] - C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll [MD5.317AC175012305E58F38351784A0137B] - [03/05/2017 10:00:47] - |A| - [1170944] - C:\WINDOWS\system32\Windows.Media.Speech.dll [MD5.FFCA42AEA06FC229F5639AF3CE210C7A] - [03/05/2017 10:00:54] - |A| - [895488] - C:\WINDOWS\system32\Windows.Media.Streaming.dll [MD5.061405A91F67C9D1BEDCE1C24E759B1A] - [11/05/2017 16:06:06] - |A| - [751104] - C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll [MD5.17F68882050748862F113F430512A0CF] - [03/05/2017 10:00:53] - |A| - [542208] - C:\WINDOWS\system32\Windows.Networking.Connectivity.dll [MD5.386C7AB3A28D7ED13D0BE25CD0E1A1E1] - [11/05/2017 16:06:15] - |A| - [675840] - C:\WINDOWS\system32\Windows.Networking.dll [MD5.B32E788809A42E646E7689CC5F0BD9C4] - [03/05/2017 10:00:50] - |A| - [123904] - C:\WINDOWS\system32\Windows.Networking.HostName.dll [MD5.20FD55FE1AE54E25BD4F98A1FB792746] - [03/05/2017 10:00:54] - |A| - [87040] - C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll [MD5.EC5D7C33F34BE48ACD96DAB62D6BEE45] - [11/05/2017 16:06:14] - |A| - [445952] - C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll [MD5.DFFF98F926EB590DA8A0001DCEFA25AF] - [11/05/2017 16:06:15] - |A| - [185856] - C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll [MD5.D766ECC07E5DA37B3E2928625F49E40F] - [11/05/2017 16:06:19] - |A| - [584192] - C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll [MD5.2837B167960DDF32901CE3022E47A39A] - [11/05/2017 16:06:18] - |A| - [94208] - C:\WINDOWS\system32\Windows.StateRepositoryClient.dll [MD5.D46A93D20F99BF4CC0CE234775094570] - [11/05/2017 16:06:02] - |A| - [263472] - C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll [MD5.7971E88F515A70BEA46C30B150DCEA7E] - [11/05/2017 16:05:36] - |A| - [5722320] - C:\WINDOWS\system32\windows.storage.dll [MD5.2697FFC3B4F8D243E288CD02986FA251] - [03/05/2017 10:00:45] - |A| - [59904] - C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll [MD5.9C28F056F49BBA04CA1DA476E0322403] - [11/05/2017 16:06:14] - |A| - [285184] - C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll [MD5.6E0A7D752D452394FD1EC1CF9E0B6C2F] - [11/05/2017 16:06:07] - |A| - [621056] - C:\WINDOWS\system32\Windows.UI.dll [MD5.CDCDAF502F5313CC8F00EBB2727CE2AB] - [11/05/2017 16:06:20] - |A| - [1004544] - C:\WINDOWS\system32\Windows.UI.Input.Inking.dll [MD5.CC229D947D84A080EF0B47636F134AE4] - [11/05/2017 16:05:18] - |A| - [1883648] - C:\WINDOWS\system32\Windows.UI.Logon.dll [MD5.D98B841A60F01B2CAC4A28378FD14C7A] - [11/05/2017 16:07:02] - |A| - [13873664] - C:\WINDOWS\system32\Windows.UI.Xaml.dll [MD5.0A26876AFBDFC1DF1123FAD9A46D3250] - [11/05/2017 16:07:31] - |A| - [1232384] - C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll [MD5.5507E96C8EC64D41BF7E1A9343F476E7] - [11/05/2017 16:07:22] - |A| - [1170944] - C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll [MD5.A31440102705E415443FB796AE729958] - [11/05/2017 16:04:39] - |A| - [1631232] - C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll [MD5.60F137DEC0B49554AAF5B1EBB2DA9739] - [03/05/2017 10:00:05] - |A| - [177664] - C:\WINDOWS\system32\Windows.Web.Diagnostics.dll [MD5.1DBA21590B2D4A2069AE5943E02862D8] - [11/05/2017 16:06:15] - |A| - [598528] - C:\WINDOWS\system32\Windows.Web.dll [MD5.DE7BB15EBB851EB79D0B034075A2D4FB] - [11/05/2017 16:06:07] - |A| - [1013248] - C:\WINDOWS\system32\Windows.Web.Http.dll [MD5.3932D5010202B0D34F792A7F9005F6AD] - [11/05/2017 16:31:33] - |A| - [95808] - C:\WINDOWS\system32\WindowsAccessBridge.dll [MD5.3A3C490155EFAC0EECE928BDD407D17F] - [11/05/2017 16:05:02] - |A| - [1504056] - C:\WINDOWS\system32\WindowsCodecs.dll [MD5.51DD03D515DAAC9113B4D350D63C5229] - [11/05/2017 16:07:10] - |A| - [2483200] - C:\WINDOWS\system32\wininet.dll [MD5.307573EA60EAC5AFBAB358F80D066047] - [11/05/2017 16:04:30] - |A| - [578560] - C:\WINDOWS\system32\winlogon.exe [MD5.6B0E7506BD3313EB88A8851523859939] - [11/05/2017 16:04:31] - |A| - [784064] - C:\WINDOWS\system32\winresume.exe [MD5.F7A8DF398950B6621B41903DAE729F1B] - [11/05/2017 16:06:20] - |A| - [136192] - C:\WINDOWS\system32\WinRtTracing.dll [MD5.4753D7103C53A62586510823631359B7] - [11/05/2017 16:05:07] - |A| - [277856] - C:\WINDOWS\system32\WinSetupUI.dll [MD5.C6C97C145E9E18CB754A4779F5E683A5] - [11/05/2017 16:05:43] - |A| - [846560] - C:\WINDOWS\system32\WinTypes.dll [MD5.A763FDA649B8C3D54B5CFDED050A7CAC] - [11/05/2017 16:05:47] - |A| - [1584128] - C:\WINDOWS\system32\wlidsvc.dll [MD5.9138014EEA11A936A2FD8E1A66D62D09] - [11/05/2017 16:06:49] - |A| - [12349440] - C:\WINDOWS\system32\wmp.dll [MD5.31ADADDBD9B56FD39D5180AA48811783] - [11/05/2017 16:06:56] - |A| - [322048] - C:\WINDOWS\system32\WpAXHolder.dll [MD5.6A0DAEBB6A72E153FDD127FFE948C13A] - [11/05/2017 16:04:48] - |A| - [661504] - C:\WINDOWS\system32\WpcWebFilter.dll [MD5.4B9FC4732C9FAA863BF98E20D39F7AC5] - [03/05/2017 09:59:38] - |A| - [713216] - C:\WINDOWS\system32\wpnapps.dll [MD5.3A149D08F66FEAF31A65A4D87BB4875E] - [11/05/2017 16:05:55] - |A| - [1136128] - C:\WINDOWS\system32\wpncore.dll [MD5.ABCE430B59A976072D6F4AA83CEDE203] - [03/05/2017 09:59:54] - |A| - [167848] - C:\WINDOWS\system32\wscapi.dll [MD5.D821355D5952174D195AEC6A9AAD9977] - [03/05/2017 09:59:43] - |A| - [1196544] - C:\WINDOWS\system32\wscui.cpl [MD5.E817D5CD472818622ACB58BC07D20E35] - [11/05/2017 16:07:14] - |A| - [2333184] - C:\WINDOWS\system32\WsmSvc.dll [MD5.BD77514D3DD4C489EECF74E47E25D572] - [11/05/2017 16:04:55] - |A| - [1323008] - C:\WINDOWS\system32\wsp_fs.dll [MD5.0F508CE96D4FA0AF0B41021ABBBDBA3F] - [11/05/2017 16:04:56] - |A| - [1137152] - C:\WINDOWS\system32\wsp_health.dll [MD5.1E7BC98886D2AD95B301E12CB74A953D] - [11/05/2017 16:04:56] - |A| - [719872] - C:\WINDOWS\system32\wsp_sr.dll [MD5.3C0FE8A6ABA01044AB5284B4CC8A89A6] - [03/05/2017 10:00:59] - |A| - [711680] - C:\WINDOWS\system32\wuapi.dll [MD5.CDC5BB1A7631D6D005916B843A2578BB] - [11/05/2017 16:06:28] - |A| - [1887232] - C:\WINDOWS\system32\wuaueng.dll [MD5.F335F725CFC2AC99A81426F2D7E1D53D] - [11/05/2017 16:06:52] - |A| - [296960] - C:\WINDOWS\system32\wuuhext.dll [MD5.8EF5C96132242A8594EC8F81188761DB] - [11/05/2017 16:06:12] - |A| - [218624] - C:\WINDOWS\system32\WwaApi.dll [MD5.AAD3F85A354F53848A3755162E618895] - [11/05/2017 16:07:06] - |A| - [781144] - C:\WINDOWS\system32\WWAHost.exe [MD5.7FE0AF7A34715EDCC416BE5E68BE28BB] - [11/05/2017 17:19:07] - |A| - [558080] - C:\WINDOWS\system32\zipfldr.dll [MD5.AE1AF67FFA1F95A048863E4949A35A42] - [03/05/2017 10:00:59] - |A| - [46080] - C:\WINDOWS\system32\Drivers\BasicDisplay.sys [MD5.85E0D0FB1C5963A79B5807F71BF039ED] - [03/05/2017 10:00:59] - |A| - [31232] - C:\WINDOWS\system32\Drivers\BasicRender.sys [MD5.C568B71BF3B61C4AE8355D8EDCA3BA95] - [11/05/2017 16:06:54] - |A| - [94208] - C:\WINDOWS\system32\Drivers\bridge.sys [MD5.C55AF5A280DEBD3F6FDF05C80A9EA276] - [11/05/2017 16:04:29] - |A| - [203776] - C:\WINDOWS\system32\Drivers\BthLEEnum.sys [MD5.3D104B5F1025B33677E767C3CD220013] - [11/05/2017 16:06:26] - |A| - [755712] - C:\WINDOWS\system32\Drivers\bthport.sys [MD5.869842C0026B54A09465FF185D048186] - [03/05/2017 15:06:59] - |A| - [87816] - C:\WINDOWS\system32\Drivers\CLVirtualBus01.sys [MD5.101B5B84FB2A04D1507E023754F244B0] - [03/05/2017 18:05:16] - |A| - [43800] - C:\WINDOWS\system32\Drivers\clwvd7.sys [MD5.00773FEE113E60CD88E26559AD83D2C7] - [11/05/2017 16:07:05] - |A| - [1896288] - C:\WINDOWS\system32\Drivers\dxgkrnl.sys [MD5.92C7C3A38163D5B958EA602C64409B16] - [11/05/2017 16:06:53] - |A| - [342880] - C:\WINDOWS\system32\Drivers\dxgmms1.sys [MD5.6F5C1B283EBBA5D259BE1576EE9A793B] - [09/05/2017 09:02:33] - |A| - [51752] - C:\WINDOWS\system32\Drivers\eubakup.sys [MD5.7CB31C4CB830F8817D65F14A16AC18C3] - [09/05/2017 09:02:32] - |A| - [41512] - C:\WINDOWS\system32\Drivers\EUBKMON.sys [MD5.B5A5751F8A7CF9D6744D941D00C69C6D] - [09/05/2017 09:02:33] - |A| - [15912] - C:\WINDOWS\system32\Drivers\eudskacs.sys [MD5.10528A270F2FED01A13328DFF812367A] - [09/05/2017 09:02:33] - |A| - [189992] - C:\WINDOWS\system32\Drivers\EuFdDisk.sys [MD5.FA17EC51C7BB8A43FDBE6B700E74ADC1] - [05/05/2017 14:12:07] - |A| - [249184] - C:\WINDOWS\system32\Drivers\file_tracker.sys [MD5.3232D86D817D1E081C30B13B47E3EFDD] - [05/05/2017 14:11:51] - |A| - [123744] - C:\WINDOWS\system32\Drivers\fltsrv.sys [MD5.F61E1A36D0D6173D3DE5F4A8DF815E34] - [11/05/2017 16:04:49] - |A| - [53080] - C:\WINDOWS\system32\Drivers\fsdepends.sys [MD5.4004657E385E6C714825EB9031ED2062] - [16/05/2017 11:11:19] - |A| - [23840] - C:\WINDOWS\system32\Drivers\HWiNFO32.SYS [MD5.CB31CE598C718A9F081A5B4A3C08A4E9] - [16/05/2017 11:15:42] - |A| - [88568] - C:\WINDOWS\system32\Drivers\IntelBatteryManagement.sys [MD5.B7F9DB871DC4FAAAFF3E9F37F213D790] - [03/05/2017 16:32:47] - |A| - [49680] - C:\WINDOWS\system32\Drivers\isedrv.sys [MD5.5C10141EEE9AB117400002250EF26F09] - [03/05/2017 10:01:05] - |A| - [240992] - C:\WINDOWS\system32\Drivers\msiscsi.sys [MD5.D05756943783CC83F38EDD5678B720A2] - [03/05/2017 09:59:32] - |A| - [950624] - C:\WINDOWS\system32\Drivers\ndis.sys [MD5.6F254CF9C44B29FBD36F7D0C1BDC901A] - [11/05/2017 16:07:19] - |A| - [1956704] - C:\WINDOWS\system32\Drivers\ntfs.sys [MD5.8B46929527141AA37AA318E2208AD282] - [11/05/2017 16:07:21] - |A| - [69120] - C:\WINDOWS\system32\Drivers\raspppoe.sys [MD5.5250F63D0AA0051EF7850517D514601F] - [11/05/2017 16:07:29] - |A| - [355168] - C:\WINDOWS\system32\Drivers\rdbss.sys [MD5.227564B825D2B3FD4A2BE4FCC30C01D6] - [05/05/2017 14:11:53] - |A| - [245088] - C:\WINDOWS\system32\Drivers\snapman.sys [MD5.6CA2B544733A481EF5AAB720EFD45E37] - [11/05/2017 16:06:55] - |A| - [458592] - C:\WINDOWS\system32\Drivers\spaceport.sys [MD5.50172B62D44E083DB85AED9371DB6671] - [11/05/2017 16:04:48] - |A| - [344576] - C:\WINDOWS\system32\Drivers\srv.sys [MD5.C738885045C0D3C463EF08F152E94B43] - [11/05/2017 16:04:48] - |A| - [626688] - C:\WINDOWS\system32\Drivers\srv2.sys [MD5.598FE0AA4DB1C42281D06C2DD2AC8901] - [03/05/2017 09:59:59] - |A| - [1966944] - C:\WINDOWS\system32\Drivers\tcpip.sys [MD5.79BF9793AEEAF2346EDD55B848CDAA4C] - [05/05/2017 14:11:56] - |A| - [685400] - C:\WINDOWS\system32\Drivers\tib.sys [MD5.873C3BB5A54347B4E54C2DB214BB8FD0] - [05/05/2017 14:11:57] - |A| - [156504] - C:\WINDOWS\system32\Drivers\tib_mounter.sys [MD5.86A764161B3E89ECC29E6B9CF18914BC] - [05/05/2017 14:11:58] - |A| - [398680] - C:\WINDOWS\system32\Drivers\tnd.sys [MD5.803C52EA06BA6AFE4C383523620063FB] - [16/05/2017 11:14:36] - |A| - [130832] - C:\WINDOWS\system32\Drivers\TXEI.sys [MD5.5FE90B1C87A1F49811B8EE67849EC826] - [11/05/2017 16:04:49] - |A| - [545120] - C:\WINDOWS\system32\Drivers\vhdmp.sys [MD5.F5490A21667707267A18EC78DB98C05D] - [05/05/2017 14:11:59] - |A| - [229720] - C:\WINDOWS\system32\Drivers\virtual_file.sys [MD5.406B47A3CB5882B2D273E45B17809474] - [11/05/2017 16:07:21] - |A| - [30720] - C:\WINDOWS\system32\Drivers\vwifimp.sys ---------- | Drives D: E: [22/01/2017 08:50:46] - |A| - (. - .) - [574] - (0.0.0.0) - E:\COMODO TrustConnect (VPN).lnk [21/02/2016 18:04:14] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2015. All rights reserved. - StarBurn CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3235200] - (15.5.1.4144) - E:\StarBurn.dll [15/05/2017 13:15:50] - |A| - (. - .) - [2586880] - (11.15.1046.10613) - E:\Adaware_Installer.exe [10/11/2016 20:48:56] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [3910208] - (6.0.3.0) - E:\adwcleaner_6.030.exe [30/04/2016 19:13:58] - |A| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - E:\BitTorrent (1).exe [30/04/2016 19:17:08] - |A| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - E:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe [12/05/2017 05:22:29] - |A| - (. - FileVoyager Setup .) - [32710943] - (17.4.7.0) - E:\FileVoyager_Setup_17.4.7.0_Full.exe [15/05/2017 13:15:51] - |A| - (.FrostWire LLC 2008 - FrostWire - Search, Download, Play, Share..) - [25158832] - (6.4.9.235) - E:\frostwire-6.4.9.windows.fusion.exe [04/03/2017 09:57:32] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2423808] - (5.3.2017.0) - E:\FRST64.exe [21/04/2017 15:20:30] - |A| - (. - .) - [1974390] - (0.0.0.0) - E:\FyK-6.004.exe [19/04/2017 17:52:22] - |A| - (.Copyright (c) GoPro, Inc.. All rights reserved. - GoPro Studio 2.5.7.) - [121291664] - (2.5.7.549) - E:\GoProStudioPC-2.5.7.549 [1].exe [15/05/2017 13:15:52] - |A| - (.© PCPinpoint Technologies - LikeNEWPC Setup.) - [5703768] - (1.0.3.0) - E:\LikeNEWPCSetup.exe [19/04/2017 17:53:18] - |A| - (.(c) Malwarebytes. All rights reserved. - Malwarebytes Anti-Malware .) - [22851472] - (2.2.1.1043) - E:\mbam-setup-2.2.1.1043.exe [15/05/2017 13:15:53] - |A| - (.© MOVAVI. All rights reserved. - Movavi Video Suite 11.) - [102150320] - (11.3.1.0) - E:\MovaviVideoSuiteSetup_11_3_1.exe [15/05/2017 13:16:15] - |A| - (. - .) - [10927176] - (12.10.8.0) - E:\RogueKillerCMDX64.exe [25/02/2015 14:22:15] - |A| - (.ENC Security Systems BV - SanDisk SecureAccessV3.) - [16024600] - (6.0.9.0) - E:\RunSanDiskSecureAccess_Win.exe [22/01/2017 08:15:29] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [11619360] - (3.7.13.262) - E:\SophosClean_x64.exe [16/12/2016 17:26:35] - |A| - (. - .) - [89589712] - (0.0.0.0) - E:\VideoMeetingPlus_1.0.1711.0_Beta_VMX160226-03.exe [10/11/2016 21:04:11] - |A| - (.Nicolas Coolman - ZHPCleane.) - [2488832] - (2016.11.8.191) - E:\ZHPCleaner.exe [10/11/2016 21:41:19] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2442240] - (2016.11.8.213) - E:\ZHPDiag3.exe [09/12/2016 15:18:19] - |A| - (. - .) - [149] - (0.0.0.0) - E:\autorun (1).inf [24/05/2016 06:32:13] - |A| - (. - .) - [5774] - (0.0.0.0) - E:\a2settings.ini [24/05/2016 08:34:30] - |A| - (. - .) - [64] - (0.0.0.0) - E:\a2whitelist.ini [28/04/2017 05:04:22] - |A| - (. - .) - [410] - (0.0.0.0) - E:\ampa.ini [21/04/2017 16:10:51] - |A| - (. - .) - [4] - (0.0.0.0) - E:\bandeja.ini [21/04/2017 16:10:51] - |A| - (. - .) - [10] - (0.0.0.0) - E:\config.ini [18/04/2026 18:29:05] - |A| - (. - .) - [2054] - (0.0.0.0) - E:\Framakey.ini [21/04/2017 16:10:51] - |A| - (. - .) - [4] - (0.0.0.0) - E:\idioma.ini [09/08/2016 15:00:26] - |A| - (. - .) - [44] - (0.0.0.0) - E:\language.ini [11/07/2016 08:24:15] - |A| - (. - .) - [0] - (0.0.0.0) - E:\LogAnalyZer.ini [25/02/2017 06:34:32] - |A| - (. - .) - [2069] - (0.0.0.0) - E:\rk_config.ini F: [10/05/2017 22:03:43] - |A| - (. - .) - [415] - (0.0.0.0) - F:\SmartClean.ini X: [08/02/2017 01:00:00] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [10640704] - (3.7.14.264) - X:\SophosClean.exe [26/01/2017 01:00:00] - |A| - (. - .) - [1836] - (0.0.0.0) - X:\a2settings.ini ---------- | C: [25/03/2017 19:19:03] - |SHD| - [387] - C:\$RECYCLE.BIN [25/03/2017 17:42:24] - |HD| - [129520134] - C:\$SysReset [16/05/2017 19:05:48] - |D| - [78220710] - C:\AdsFix [MD5.05F666D680360EC25AC52850976C2673] - [16/05/2017 19:06:43] - |A| - (. - .) - [11069] - (0.0.0.0) - C:\AdsFix.txt [17/05/2017 08:50:12] - |D| - [232614356] - C:\AdwCleaner [05/05/2017 13:46:54] - |AD| - [1185] - C:\AeroGlass [19/01/2017 18:12:54] - |D| - [218180851] - C:\boot [MD5.CDF075B70E5F612B4399A54B25D55192] - [10/07/2015 11:53:02] - |RASH| - (. - .) - [395268] - (0.0.0.0) - C:\bootmgr [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [10/07/2015 09:28:25] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys [10/07/2015 10:55:30] - |SHD| - [0] - C:\Documents and Settings [MD5.77FBCD7AC090AC976D7A2887E4CEC2E8] - [09/05/2017 16:50:49] - |ASH| - (. - .) - [469504] - (0.0.0.0) - C:\EUMONBMP.SYS [28/10/2015 11:15:07] - |D| - [61500] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/01/2017 16:46:57] - |ASH| - (. - .) - [2147483648] - (0.0.0.0) - C:\pagefile.sys [26/03/2017 03:01:44] - |D| - [0] - C:\PerfLogs [17/05/2017 09:27:33] - |D| - [74834898] - C:\Pre_Scan [MD5.02B1C9553936EA030CBAF1A38A704A55] - [17/05/2017 09:44:59] - |A| - (. - .) - [12655] - (0.0.0.0) - C:\Pre_Scan.txt [26/03/2017 02:50:55] - |RD| - [8407135331] - C:\Program Files [26/03/2017 03:01:44] - |HD| - [51712597324] - C:\ProgramData [17/05/2017 09:07:15] - |D| - [261693] - C:\QuickDiag [MD5.5A6CCEC398788E3BB306182A8D0A6EC5] - [17/05/2017 09:28:11] - |A| - (. - .) - [299116] - (0.0.0.0) - C:\QuickDiag.txt [13/08/2015 03:24:17] - |RSHD| - [473808738] - C:\Recovery [MD5.45ED4D8B3D86AB6F6E5F3729B06687C7] - [06/05/2017 10:05:24] - |A| - (. - .) - [285522] - (0.0.0.0) - C:\Reflect_Install.log [03/05/2017 18:14:58] - |D| - [54586907] - C:\SkinPack [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/03/2017 02:20:44] - |ASH| - (. - .) - [16777216] - (0.0.0.0) - C:\swapfile.sys [28/10/2015 11:58:36] - |SHD| - [0] - C:\System Volume Information [28/10/2015 11:17:28] - |D| - [57370001] - C:\TEST_TOOL [26/03/2017 02:50:55] - |RD| - [54309868173] - C:\Users [03/05/2017 18:15:35] - |HD| - [28935168] - C:\W7P_Backups [26/03/2017 02:50:55] - |D| - [13299832584] - C:\Windows [26/03/2017 03:16:18] - |D| - [6367504] - C:\Windows.old ---------- | C:\WINDOWS [26/03/2017 03:01:44] - |D| - [802] - C:\WINDOWS\addins [26/03/2017 03:01:44] - |D| - [8554799] - C:\WINDOWS\appcompat [26/03/2017 03:01:44] - |D| - [11468428] - C:\WINDOWS\apppatch [26/03/2017 03:01:44] - |D| - [0] - C:\WINDOWS\AppReadiness [13/08/2015 04:15:13] - |D| - [0] - C:\WINDOWS\ar-SA [26/03/2017 03:01:44] - |RD| - [455118832] - C:\WINDOWS\assembly [26/03/2017 03:01:44] - |D| - [325008] - C:\WINDOWS\bcastdvr [MD5.BFB466B97C831A5A8DC573FF78BBD4BE] - [16/07/2016 09:25:15] - || - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [54272] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [26/03/2017 03:01:44] - |D| - [37613978] - C:\WINDOWS\Boot [MD5.F9DC73EE62162C368FBFFD81363C9648] - [26/03/2017 02:21:53] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [26/03/2017 03:01:44] - |D| - [3724824] - C:\WINDOWS\Branding [26/03/2017 02:52:30] - |D| - [107481162] - C:\WINDOWS\CbsTemp [26/03/2017 03:01:44] - |D| - [9095496] - C:\WINDOWS\Cursors [13/08/2015 03:38:26] - |D| - [0] - C:\WINDOWS\de-DE [26/03/2017 03:01:44] - |D| - [170811] - C:\WINDOWS\debug [10/07/2015 09:28:23] - |RD| - [0] - C:\WINDOWS\DesktopTileResources [MD5.6B084E975FC49AE8CEF9263F3FDC1E3D] - [28/10/2015 11:46:49] - |A| - (. - .) - [10894] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [26/03/2017 03:01:44] - |D| - [4827680] - C:\WINDOWS\diagnostics [MD5.EF82B304067EDCF3CF990A42DE93B695] - [28/10/2015 11:46:49] - |A| - (. - .) - [9510] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [26/03/2017 03:08:18] - |D| - [0] - C:\WINDOWS\DigitalLocker [26/03/2017 03:01:44] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [26/03/2017 03:01:44] - |HD| - [37912] - C:\WINDOWS\ELAMBKUP [26/03/2017 03:08:18] - |D| - [105984] - C:\WINDOWS\en-US [13/08/2015 03:57:39] - |D| - [0] - C:\WINDOWS\es-ES [MD5.6E46F7CBC16009E381015C69F4FA22B1] - [11/05/2017 16:05:37] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4312248] - (10.0.14393.1198) - C:\WINDOWS\explorer.exe [26/03/2017 03:01:44] - |RSD| - [358036504] - C:\WINDOWS\Fonts [26/03/2017 03:11:34] - |D| - [122368] - C:\WINDOWS\fr-FR [26/03/2017 03:01:44] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [26/03/2017 03:01:44] - |D| - [20737866] - C:\WINDOWS\Globalization [26/03/2017 03:01:44] - |D| - [2967996] - C:\WINDOWS\Help [MD5.122B358F4584FF7768CF1BBCAB2F30D9] - [03/05/2017 09:59:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [884224] - (10.0.14393.1066) - C:\WINDOWS\HelpPane.exe [MD5.7AA22C33D8C35E6F59ADB2D02C8702C7] - [16/07/2016 09:25:29] - || - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16384] - (10.0.14393.0) - C:\WINDOWS\hh.exe [26/03/2017 03:01:44] - |D| - [173192488] - C:\WINDOWS\IME [26/03/2017 03:01:44] - |RD| - [4562165] - C:\WINDOWS\ImmersiveControlPanel [26/03/2017 02:58:30] - |D| - [49325513] - C:\WINDOWS\INF [26/03/2017 03:17:23] - |D| - [928646952] - C:\WINDOWS\InfusedApps [26/03/2017 03:01:44] - |D| - [36285422] - C:\WINDOWS\InputMethod [26/03/2017 03:01:44] - |SHD| - [1252842316] - C:\WINDOWS\Installer [16/05/2017 11:11:22] - |D| - [0] - C:\WINDOWS\IObit [13/08/2015 03:45:29] - |D| - [0] - C:\WINDOWS\it-IT [26/03/2017 03:01:44] - |D| - [89407] - C:\WINDOWS\L2Schemas [26/03/2017 03:01:44] - |D| - [558043136] - C:\WINDOWS\LiveKernelReports [26/03/2017 03:01:44] - |D| - [3431762] - C:\WINDOWS\Logs [26/03/2017 03:01:45] - |D| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 09:25:08] - || - (. - .) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [26/03/2017 03:01:44] - |RD| - [493940904] - C:\WINDOWS\Microsoft.NET [26/03/2017 03:01:45] - |D| - [2563] - C:\WINDOWS\Migration [05/05/2017 17:15:59] - |D| - [0] - C:\WINDOWS\Minidump [26/03/2017 03:01:45] - |RD| - [435471] - C:\WINDOWS\MiracastView [26/03/2017 03:01:45] - |D| - [0] - C:\WINDOWS\ModemLogs [13/08/2015 04:22:20] - |D| - [0] - C:\WINDOWS\nl-NL [MD5.AF79F5A331C50CC87F0A5F921AD93B0F] - [16/07/2016 09:26:43] - || - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [232448] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [MD5.DED4C7F2CFED071D87006916F7B303C6] - [16/05/2017 17:17:52] - |A| - (. - .) - [624710] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [26/03/2017 03:12:32] - |D| - [199472] - C:\WINDOWS\OCR [26/03/2017 03:01:45] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [26/03/2017 03:17:15] - |DC| - [578746] - C:\WINDOWS\Panther [26/03/2017 03:01:45] - |D| - [29262726] - C:\WINDOWS\Performance [MD5.567A0B0612F8366ACFDBEAA9919A1C55] - [17/05/2017 09:02:46] - |A| - (. - .) - [832] - (0.0.0.0) - C:\WINDOWS\PFRO.log [26/03/2017 03:01:45] - |D| - [1283900] - C:\WINDOWS\PLA [26/03/2017 03:01:45] - |D| - [3278202] - C:\WINDOWS\PolicyDefinitions [26/03/2017 03:01:45] - |D| - [28936671] - C:\WINDOWS\prefetch [26/03/2017 03:01:45] - |RD| - [1648907] - C:\WINDOWS\PrintDialog [26/03/2017 03:01:45] - |D| - [1421452] - C:\WINDOWS\Provisioning [10/07/2015 09:28:23] - |RD| - [4] - C:\WINDOWS\PurchaseDialog [MD5.2E327F27B5B836D8304DF46E8E20341A] - [25/03/2017 16:58:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [300544] - (10.0.14393.953) - C:\WINDOWS\regedit.exe [26/03/2017 03:01:45] - |D| - [1092288] - C:\WINDOWS\Registration [12/05/2017 15:33:17] - |D| - [3934176] - C:\WINDOWS\rescache [26/03/2017 03:01:45] - |D| - [7153579] - C:\WINDOWS\Resources [13/08/2015 04:07:38] - |D| - [0] - C:\WINDOWS\ru-RU [26/03/2017 03:01:45] - |D| - [0] - C:\WINDOWS\SchCache [26/03/2017 03:01:45] - |D| - [121229] - C:\WINDOWS\schemas [26/03/2017 03:01:45] - |D| - [6316032] - C:\WINDOWS\security [26/03/2017 02:20:53] - |D| - [37894594] - C:\WINDOWS\ServiceProfiles [26/03/2017 02:50:55] - |D| - [101153823] - C:\WINDOWS\servicing [26/03/2017 03:15:09] - |D| - [42] - C:\WINDOWS\Setup [26/03/2017 03:01:45] - |D| - [21440512] - C:\WINDOWS\ShellExperiences [10/07/2015 11:50:35] - |D| - [0] - C:\WINDOWS\ShellNew [26/03/2017 03:01:45] - |D| - [3070736] - C:\WINDOWS\SKB [28/10/2015 11:09:39] - |D| - [293683620] - C:\WINDOWS\SoftwareDistribution [26/03/2017 03:01:45] - |D| - [86045377] - C:\WINDOWS\Speech [26/03/2017 03:01:45] - |D| - [53541356] - C:\WINDOWS\Speech_OneCore [MD5.AEFEACA2FBFBA9EDAF026E39CA3CA175] - [06/01/2017 13:36:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Print driver host for applications.) - [114688] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [26/03/2017 03:01:45] - |D| - [607151] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [10/07/2015 09:28:25] - |A| - (. - .) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [26/03/2017 02:50:55] - |D| - [3366648294] - C:\WINDOWS\System32 [26/03/2017 03:01:45] - |D| - [109959047] - C:\WINDOWS\SystemApps [26/03/2017 03:01:46] - |D| - [18487061] - C:\WINDOWS\SystemResources [26/03/2017 03:01:46] - |D| - [0] - C:\WINDOWS\TAPI [10/07/2015 09:28:24] - |D| - [2246] - C:\WINDOWS\Tasks [26/03/2017 03:01:46] - |D| - [1328838] - C:\WINDOWS\Temp [26/03/2017 03:01:46] - |D| - [0] - C:\WINDOWS\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [16/07/2016 09:26:42] - || - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\WINDOWS\twain.dll [26/03/2017 03:01:46] - |D| - [152936] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 09:26:42] - || - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [16/07/2016 09:26:42] - || - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\WINDOWS\twunk_16.exe [MD5.27E6D03C3E33E9D552ACADC827EA366A] - [16/07/2016 09:26:42] - || - (. - Twain.dll Client's 32-Bit Thunking Server.) - [33280] - (1.7.1.0) - C:\WINDOWS\twunk_32.exe [MD5.F5D3E05E5C7F5D5DD952954DB5E607AE] - [01/03/2015 00:22:50] - |A| - (.Copyright (c) 2014 - Unsigned Themes service executable.) - [19112] - (0.2.4.1) - C:\WINDOWS\unsignedthemes.exe [26/03/2017 03:01:46] - |D| - [12420] - C:\WINDOWS\Vss [MD5.2D836D86E7ECC88D52CB65AF0D7C14D6] - [29/12/2016 09:20:54] - |A| - (. - .) - [86520] - (0.0.0.0) - C:\WINDOWS\vssMgr.exe [26/03/2017 03:01:46] - |D| - [16560831] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [10/07/2015 09:28:25] - |A| - (. - .) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 09:25:47] - |A| - (. - .) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [16/05/2017 18:46:57] - |A| - (. - .) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9A355B75137E8A5F3C384C999CC6DBBC] - [16/07/2016 09:26:41] - || - (.Copyright © Microsoft Corp. 1981-1996 - Windows Win16 Application Launcher.) - [8960] - (3.10.0.103) - C:\WINDOWS\winhelp.exe [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 09:25:28] - || - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [26/03/2017 02:50:55] - |D| - [4555142066] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 09:26:05] - || - (. - .) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.ED73F0253A4C10F6B7C221FF6E8BD8B4] - [16/07/2016 09:25:58] - || - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [10240] - (10.0.14393.0) - C:\WINDOWS\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [16/07/2016 09:26:41] - |N| - (. - .) - [707] - (0.0.0.0) - C:\WINDOWS\_default.pif ---------- | Systemroot\System [16/07/2016 09:26:42] - || - [69584] - C:\WINDOWS\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [16/07/2016 09:26:42] - || - [109456] - C:\WINDOWS\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\lzexpand.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:42] - || - [73376] - C:\WINDOWS\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [16/07/2016 09:26:42] - || - [25264] - C:\WINDOWS\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [16/07/2016 09:26:42] - || - [28160] - C:\WINDOWS\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:42] - || - [126912] - C:\WINDOWS\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\olecli.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\OLESVR.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\stdole.tlb (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\ver.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [16/07/2016 09:26:41] - || - [8960] - C:\WINDOWS\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [11/09/2015 15:21:54] - C:\WINDOWS\Installer\1dcf99.msi : (Jing - TechSmith Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/05/2017 16:26:35] - C:\WINDOWS\Installer\34261c.msi : (Java SE Runtime Environment 8 Update 131 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/05/2017 16:26:11] - C:\WINDOWS\Installer\342620.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2017 12:17:38] - C:\WINDOWS\Installer\39a7d5.msi : (LiteManager Pro - Viewer - LiteManagerTeam) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2017 12:03:32] - C:\WINDOWS\Installer\39a7d8.msi : (LiteManager Pro - Server - LiteManagerTeam) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/03/2017 10:35:20] - C:\WINDOWS\Installer\3b8d0b.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]