--------------- QuickDiag | g3n-h@ckm@n | V3_22.10.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 10/12/2017 10:53:59

Updated 22/10/2017 | 08.35 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[jean- (Administrator)] - [DESKTOP-37KC94K] (S-1-5-21-4265624635-2019933758-61733912-1001)

System: Microsoft Windows 10 Famille - - (10.0.16299) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1709)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : SafeMode with network
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Extended


---------- | SoundDevice

HD Webcam C310 - Status: Unknown - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_081B&MI_02\8&4D0A220&0&0002
Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001
WsAudioDevice_383 - Status: OK - Manufacturer: WsAudioDevice_383 - PNPDeviceID: ROOT\MEDIA\0003

---------- | Video

AMD Radeon HD 7310 Graphics - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184
Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25400 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 -  Manufacturer: Logitech Inc. - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33296 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34864 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:75 %
CPU #2 value:93 %
Total Overall CPU Usage value:84 %

---------- | Network


Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9
WAN Miniport (SSTP) - - - Status: - PnPID : 
WAN Miniport (IKEv2) - - - Status: - PnPID : 
WAN Miniport (L2TP) - - - Status: - PnPID : 
WAN Miniport (PPTP) - - - Status: - PnPID : 
WAN Miniport (PPPOE) - - - Status: - PnPID : 
WAN Miniport (IP) - - - Status: - PnPID : 
WAN Miniport (IPv6) - - - Status: - PnPID : 
WAN Miniport (Network Monitor) - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 3748 | Free (MB) : 1841
Pagefile = Total (MB) : 5976 | Free (MB) : 4158
Virtual = Total (MB) : 4194 | Free (MB) : 3914

Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron       - PartNumber: 8JTF51264AZ-1G6E1 - S/N: DEA02E9

---------- | SID Users

Administrateur : [S-1-5-21-4265624635-2019933758-61733912-500]
DefaultAccount : [S-1-5-21-4265624635-2019933758-61733912-503]
InvitÃ© : [S-1-5-21-4265624635-2019933758-61733912-501]
jean- : [S-1-5-21-4265624635-2019933758-61733912-1001]
WDAGUtilityAccount : [S-1-5-21-4265624635-2019933758-61733912-504]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion Ã  distance : [S-1-5-32-580]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]
AMD FUEL : [S-1-5-21-4265624635-2019933758-61733912-1004]
SQLServer2005SQLBrowserUser$DESKTOP-37KC94K : [S-1-5-21-4265624635-2019933758-61733912-1003]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [OS] | Total : 929.8 Go | Free : 769.14 Go -> NTFS [SATA]
D:\ -> [Removable] | [SANDISK CON] | Total : 183.32 Go | Free : 183 Go -> exFAT [USB]
E:\ -> [CDROM] | [SFR] | Total : 0.07 Go | Free : 0 Go -> CDFS [USB]
G:\ -> [Removable] | [samsung fit] | Total : 119.5 Go | Free : 111.79 Go -> NTFS [USB]
H:\ -> [Removable] | [64G SD FUTU] | Total : 59.5 Go | Free : 59.49 Go -> exFAT [USB]
I:\ -> [Removable] | [UBUNTU MATE] | Total : 14.42 Go | Free : 0.63 Go -> FAT32 [USB]
J:\ -> [Removable] | [FOLD-ISARDU] | Total : 14.9 Go | Free : 12.02 Go -> FAT32 [USB]
K:\ -> [Removable] | [SYSTEMRESCU] | Total : 14.42 Go | Free : 5.18 Go -> FAT32 [USB]
L:\ -> [Removable] | [SANDISK CON] | Total : 119.06 Go | Free : 119.05 Go -> exFAT [USB]
M:\ -> [Removable] | [XUBUNTU SFC] | Total : 115.66 Go | Free : 114.46 Go -> FAT32 [USB]
N:\ -> [Removable] | [] | Total : 30.03 Go | Free : 3.09 Go -> NTFS [USB]
O:\ -> [Removable] | [CLONEZILLA] | Total : 7.24 Go | Free : 0.22 Go -> FAT32 [USB]
P:\ -> [Removable] | [] | Total : 0.05 Go | Free : 0.04 Go -> FAT [USB]
Q:\ -> [Removable] | [CARBIDE] | Total : 30.84 Go | Free : 9.17 Go -> FAT32 [USB]
R:\ -> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 288.32 Go -> NTFS [USB]
S:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 2.55 Go -> FAT32 [USB]
T:\ -> [Removable] | [ULTIM BOOT] | Total : 7.45 Go | Free : 6.36 Go -> FAT32 [USB]
V:\ -> [Removable] | [] | Total : 1.83 Go | Free : 0 Go -> FAT [USB]
W:\ -> [Removable] | [] | Total : 0.96 Go | Free : 0 Go -> FAT [USB]
X:\ -> [Removable] | [AUDIO PLAYE] | Total : 59.47 Go | Free : 59.47 Go -> exFAT [USB]
Y:\ -> [Removable] | [] | Total : 0.1 Go | Free : 0.09 Go -> FAT [USB]

Disk Usage Information [21 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [T:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [V:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #\ [DESKTOP-37KC94K\Disque, physique(3)\Ãcritures, disque,, octets/s] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #4 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #5 [R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #6 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #7 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #8 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #9 [N:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, P:, Y:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, X:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [, W:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #\ [DESKTOP-37KC94K\Disque, physique(19)\Ãcritures, disque,, octets/s] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [, S:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE13 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_WIRELESS_STICK&REV_1\D0E40BF4E788&0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&0
DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_WIRELESS_STICK&REV_1\D0E40BEC99E0&0
DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_MULTIPLE&PROD_CARD__READER&REV_1.00\058F63666438&0
DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1.00\05077900000000F6&0
DeviceID: \\.\PHYSICALDRIVE17 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_FT01\000000000001&0
DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&2
DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE_FIT&REV_1100\0363316010027335&0
DeviceID: \\.\PHYSICALDRIVE16 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_ISTORAGE&PROD_DATASHUR&REV_1.00\20095032145150130849&0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10EZEX-60ZF5A0\4&32E8E4A0&0&000000
DeviceID: \\.\PHYSICALDRIVE11 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001050902110312&0
DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\001A4D5E84E6B05079526B2F&0
DeviceID: \\.\PHYSICALDRIVE14 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP\1C6F654E572CEF31E90E474C&0
DeviceID: \\.\PHYSICALDRIVE18 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_REALSIL&PROD_RTSUERLUN0&REV_1.00\0000
DeviceID: \\.\PHYSICALDRIVE12 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00\C860008863DBC0B0CA0B3B01&0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&1
DeviceID: \\.\PHYSICALDRIVE15 - Status: OK - USB - Removable Media - 2 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\07014791E2C22032&0
DeviceID: \\.\PHYSICALDRIVE19 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_FT01\000000000001&1
DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1100\0116000000008682&0
DeviceID: \\.\PHYSICALDRIVE20 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\6&368B17D4&0

---------- | Windows updates


---------- | Browsers

IE : 11.0.16299.98     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)

Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" 

---------- | FlashPlayer

FlashPlayer ActiveX : 27.0.0.187

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

608 | [Owner : SystÃ¨me | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16299.15) = C:\Windows\System32\smss.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
744 | [Owner : SystÃ¨me | Parent : 732() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
816 | [Owner : SystÃ¨me | Parent : 732() | ?????] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (10.0.16299.15) = C:\Windows\System32\wininit.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
832 | [Owner : SystÃ¨me | Parent : 808() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
908 | [Owner : SystÃ¨me | Parent : 808() | 10.02 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (10.0.16299.15) = C:\Windows\System32\winlogon.exe     [29/09/2017 14:41:44]    CPU Usage:0 % --> Command Line : 
944 | [Owner : SystÃ¨me | Parent : 816(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (10.0.16299.98) = C:\Windows\System32\services.exe     [01/12/2017 05:27:41]    CPU Usage:0 % --> Command Line : 
956 | [Owner : SystÃ¨me | Parent : 816(wininit.exe) | 13.58 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16299.15) = C:\Windows\System32\lsass.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
664 | [Owner : UMFD-1 | Parent : 908(winlogon.exe) | 12.54 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.98) = C:\Windows\System32\fontdrvhost.exe     [01/12/2017 05:28:09]    CPU Usage:0 % --> Command Line : 
660 | [Owner : UMFD-0 | Parent : 816(wininit.exe) | 4.09 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.98) = C:\Windows\System32\fontdrvhost.exe     [01/12/2017 05:28:09]    CPU Usage:0 % --> Command Line : 
648 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 4 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
748 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 20.07 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1032 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 10.17 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1076 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1156 | [Owner : DWM-1 | Parent : 908(winlogon.exe) | 95.2 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (10.0.16299.15) = C:\Windows\System32\dwm.exe     [29/09/2017 14:41:41]    CPU Usage:0 % --> Command Line : 
1256 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 10.4 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1300 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 8.62 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1320 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 13.13 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1328 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 6.47 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1336 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 18.69 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1408 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1456 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 7.18 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1480 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 5.9 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1644 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 8.16 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1792 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 11.34 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1800 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 7.43 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1808 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 11.2 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1828 | [Owner : SystÃ¨me | Parent : 944(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.17007.17123) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe     [09/12/2017 05:44:33]    CPU Usage:35 % --> Command Line : 
1840 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 15.36 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1992 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 6.93 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1568 | [Owner : SERVICE LOCAL | Parent : 944(services.exe) | 8.13 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
2192 | [Owner : SystÃ¨me | Parent : 944(services.exe) | 11.86 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
2316 | [Owner : jean- | Parent : 1300(svchost.exe) | 25.38 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe     [29/09/2017 14:41:31]    CPU Usage:0 % --> Command Line : 
2416 | [Owner : jean- | Parent : 2392() | 109.46 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.98) = C:\Windows\explorer.exe     [01/12/2017 05:28:12]    CPU Usage:0 % --> Command Line : 
2096 | [Owner : jean- | Parent : 748(svchost.exe) | 93.95 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.98) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [01/12/2017 05:28:30]    CPU Usage:0 % --> Command Line : 
2212 | [Owner : jean- | Parent : 748(svchost.exe) | 97.54 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.98) = C:\Windows\explorer.exe     [01/12/2017 05:28:12]    CPU Usage:0 % --> Command Line : 
140 | [Owner : jean- | Parent : 2972() | 17.27 Mo] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\SysWOW64\notepad.exe     [29/09/2017 14:42:22]    CPU Usage:0 % --> Command Line : 
4236 | [Owner : jean- | Parent : 2416(explorer.exe) | 6.89 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe     [04/09/2016 14:23:39]    CPU Usage:0 % --> Command Line : 
4624 | [Owner : jean- | Parent : 748(svchost.exe) | 71.53 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.15) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [29/09/2017 14:41:18]    CPU Usage:0 % --> Command Line : 
4832 | [Owner : jean- | Parent : 748(svchost.exe) | 21.47 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe     [29/09/2017 14:41:25]    CPU Usage:0 % --> Command Line : 
1376 | [Owner : jean- | Parent : 748(svchost.exe) | 11.6 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16299.15) = C:\Windows\System32\dllhost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
4572 | [Owner : jean- | Parent : 2416(explorer.exe) | 163.31 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
364 | [Owner : jean- | Parent : 4572(opera.exe) | 7.21 Mo] - (.Opera Software - Opera crash-reporter.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera_crashreporter.exe     [01/12/2017 09:39:07]    CPU Usage:0 % --> Command Line : 
3828 | [Owner : jean- | Parent : 4572(opera.exe) | 45.04 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
3296 | [Owner : jean- | Parent : 4572(opera.exe) | 61.22 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
2172 | [Owner : jean- | Parent : 4572(opera.exe) | 26.39 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
2136 | [Owner : jean- | Parent : 4572(opera.exe) | 92.92 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
2188 | [Owner : jean- | Parent : 4572(opera.exe) | 45.27 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
3300 | [Owner : jean- | Parent : 4572(opera.exe) | 70.46 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:4 % --> Command Line : 
3488 | [Owner : jean- | Parent : 2212(explorer.exe) | 18.24 Mo] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe     [29/09/2017 14:41:56]    CPU Usage:0 % --> Command Line : 
2772 | [Owner : jean- | Parent : 748(svchost.exe) | 25.01 Mo] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.29.1.2) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe     [06/10/2017 17:17:04]    CPU Usage:0 % --> Command Line : 
2684 | [Owner : jean- | Parent : 2772(IDMan.exe) | 8.96 Mo] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.22.1.1) = C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe     [06/10/2017 17:17:03]    CPU Usage:0 % --> Command Line : 
2700 | [Owner : SERVICE RÃSEAU | Parent : 944(services.exe) | 7.73 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 14:41:43]    CPU Usage:0 % --> Command Line : 
1236 | [Owner : jean- | Parent : 748(svchost.exe) | 10.8 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe     [29/09/2017 14:41:25]    CPU Usage:0 % --> Command Line : 
4308 | [Owner : jean- | Parent : 3868() | 15.22 Mo] - (.Onesafe Software - OneSafe PC Cleaner automatic scan and notifications.) - (5.1.3.0) = M:\NMSDCID\OneSafe PC Cleaner\OSPCNotifications.exe     [10/12/2017 10:34:34]    CPU Usage:0 % --> Command Line : 
4436 | [Owner : jean- | Parent : 3868() | 60.95 Mo] - (.Onesafe Software - OneSafe PC Cleaner.) - (5.1.2.0) = M:\NMSDCID\OneSafe PC Cleaner\OneSafePCCleaner.exe     [10/12/2017 10:34:28]    CPU Usage:0 % --> Command Line : 
4296 | [Owner : jean- | Parent : 2328(quickdiag_3_22.10.17.1.exe) | 10.19 Mo] - (.Avanquest - OneSafe Driver Manager Tray.) - (4.0.0.2401) = M:\PHOTO FAMILY\OneSafe Driver Manager\SDMTray.exe     [10/12/2017 10:34:40]    CPU Usage:0 % --> Command Line : 
3332 | [Owner : jean- | Parent : 2328(quickdiag_3_22.10.17.1.exe) | 55.12 Mo] - (.Avanquest - OneSafe Driver Manager.) - (4.0.0.2577) = M:\PHOTO FAMILY\OneSafe Driver Manager\OneSafeDriverManager.exe     [10/12/2017 10:34:35]    CPU Usage:0 % --> Command Line : 
2424 | [Owner : jean- | Parent : 2848() | 28.7 Mo] - (.-.) - (0.0.0.0) = M:\NMSDCID\OneSafe PC Cleaner\WinSweeper\WinSweeper.exe     [10/12/2017 10:42:59]    CPU Usage:0 % --> Command Line : 
4428 | [Owner : jean- | Parent : 748(svchost.exe) | 35.1 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.98) = C:\Windows\System32\smartscreen.exe     [01/12/2017 05:27:31]    CPU Usage:0 % --> Command Line : 
2328 | [Owner : jean- | Parent : 4572(opera.exe) | 42.4 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = C:\Users\jean-\AppData\Local\Temp\scoped_dir4572_13617\quickdiag_3_22.10.17.1.exe     [10/12/2017 10:52:41]    CPU Usage:0 % --> Command Line : 
4560 | [Owner : jean- | Parent : 4572(opera.exe) | 111.84 Mo] - (.Opera Software - Opera Internet Browser.) - (49.0.2725.47) = C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe     [01/12/2017 09:37:44]    CPU Usage:0 % --> Command Line : 
3412 | [Owner : SystÃ¨me | Parent : 748(svchost.exe) | 8.26 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.15) = C:\Windows\System32\wbem\WmiPrvSE.exe     [29/09/2017 14:42:05]    CPU Usage:0 % --> Command Line : 
3944 | [Owner : SERVICE RÃSEAU | Parent : 748(svchost.exe) | 9.14 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.15) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [29/09/2017 14:42:18]    CPU Usage:0 % --> Command Line : 

---------- | MD5

[MD5.302F451BF9FAD6BC69E76D98CDBCA2BC] - [01/12/2017 05:28:12] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3811.79 Ko] - (10.0.16299.98) : C:\WINDOWS\Explorer.exe
[MD5.E08FE2DE3DDD22123247D49A11B4F53D] - [29/09/2017 14:41:33] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - InterprÃ©teur de commandes Windows.) - [266.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\cmd.exe
[MD5.4E043FE41901F1EA1B0FCCEF3C077C56] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus dÂexÃ©cution client-serveur.) - [17.27 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\csrss.exe
[MD5.5D94FA288F4BB230FE77BC67DE506257] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. - COM Surrogate.) - [20.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\dllhost.exe
[MD5.222A8E8EA615529B5025DE5782830AF1] - [29/09/2017 14:42:04] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL du client API BASE Windows NT.) - [686.1 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Kernel32.dll
[MD5.94E06D509D50807774F35BEE3163E806] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\lsass.exe
[MD5.79BDBB684629A526CCD958F06B9D6FAD] - [29/09/2017 14:41:44] - (.Â© Microsoft Corporation. - Distributed COM Services.) - [1091 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rpcss.dll
[MD5.731A783A36A8E69A6434D19D98B12A09] - [29/09/2017 14:41:58] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te Windows (Rundll32).) - [69.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rundll32.exe
[MD5.A219989791DDE8880B048E2214867E6A] - [01/12/2017 05:27:41] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Applications Services et ContrÃ´leur.) - [601.34 Ko] - (10.0.16299.98) : C:\WINDOWS\System32\services.exe
[MD5.440684C4F823AAE2CC587363F9C477A6] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te pour les services Windows.) - [47.55 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\svchost.exe
[MD5.3A4B2BBB3DA12E9DF2FE07D834026485] - [01/12/2017 04:58:03] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL client de lÂAPI uilisateur de Windows multi-utilisateurs.) - [1595.98 Ko] - (10.0.16299.64) : C:\WINDOWS\System32\user32.dll
[MD5.755ED4FDBD7D6C3980610E26E527E2F5] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Userinit.) - [31.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\userinit.exe
[MD5.BF3E1D9B2360C6BE4CC3094CD2DDC617] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application de dÃ©marrage de Windows.) - [351.16 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Wininit.exe
[MD5.8B67C13E6C000B14C1551FF07F15242E] - [29/09/2017 14:41:44] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Windows.) - [696 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Winlogon.exe
[MD5.6FB5A2026B16D596DEABF550E7A4BD82] - [29/09/2017 14:41:44] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de fonction connexe pour WinSock.) - [599.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.6191B9B2EE0E8CB957C683B9B341CC86] - [29/09/2017 14:41:03] - (.Â© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.D180C7FB83CB30387EFF061B49E323E6] - [29/09/2017 14:41:03] - (.Â© Microsoft Corporation. - ATAPI Driver Extension.) - [189.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.9E82A95D77AC78C84BA75FF896B060BF] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.6D83565C1652E80447EDEA6947FA89D7] - [29/09/2017 14:41:02] - (.Â© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.9910E9CFF5ECDCB225F82E72CE9DE459] - [29/09/2017 14:41:44] - (.Â© Microsoft Corporation. - DFS Namespace Client Driver.) - [147.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.99A34FD1F6431A10D8C3BB50E170D0F2] - [29/09/2017 14:40:59] - (.Â© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.56FF074E50F9042FD2856AB3418F4B18] - [29/09/2017 14:41:08] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port i8042.) - [103.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.7BEC2AF23F586EFF0DB4DBF4331B0C70] - [29/09/2017 14:41:33] - (.Â© Microsoft Corporation. - IP Network Address Translator.) - [209 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.34898F29BF0E9A84E183046318D17814] - [01/12/2017 05:28:08] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Minirdr SMB Windows NT.) - [483.4 Ko] - (10.0.16299.98) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.44071DC1A957B2062E0C2EE14E05A607] - [01/12/2017 05:27:52] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - NDIS (Network Driver Interface Specification).) - [1247.9 Ko] - (10.0.16299.98) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.401C17200AA0433D94EA61695F111DC3] - [29/09/2017 14:41:56] - (.Â© Microsoft Corporation. - MBT Transport driver.) - [309.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.70750B27A72427B0ACAE2D6CD161946A] - [01/12/2017 05:27:52] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote du systÃ¨me de fichiers NT.) - [2338.9 Ko] - (10.0.16299.98) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2E07EC2C1622F5E7B535D62DCD61F3AB] - [29/09/2017 14:41:03] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port parallÃ¨le.) - [96.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.E0220BB6580D34001D4D1D133052DAA4] - [29/09/2017 14:41:58] - (.Â© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.DF83769C92527DB50653F8FB57D001FF] - [29/09/2017 14:42:31] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Redirecteur de pÃ©riphÃ©rique de Microsoft RDP.) - [178.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.420A2A36A7E04D137DB35126C0C451A3] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote TCP/IP.) - [2708.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.571D82ABAC428D902ACA0CF60373C039] - [29/09/2017 14:41:43] - (.Â© Microsoft Corporation. - TDI Translation Driver.) - [118.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.6AF9BCB1FFD127B8F4E7E7B9FF9351EA] - [29/09/2017 14:42:03] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de clichÃ© instantanÃ© du volume.) - [391.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll
(.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
(.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\Program Files\Rebit\REBITP~1\REBIT-~1.DLL
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtCore4.dll
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtNetwork4.dll
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtSql4.dll
(.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\Program Files\Rebit\REBITP~1\cqt.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Rebit\REBITP~1\LIBEAY32.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Rebit\REBITP~1\SSLEAY32.dll
(.Tonec Inc..-.Internet Download Manager module.) - (6.28.14.20) -- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
(.Tonec Inc..-.Internet Download Manager module.) - (6.29.1.146) -- C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.DLL
(..-..) - (0.0.0.0) -- : 2212
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll
(.Acronis.-.Acronis True Image Shell Extensions.) - (17.0.0.3100) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
(.Rebit, Inc..-.Rebit Pro Namespace Extension.) - (5.1.3001.14505) -- C:\Program Files\Rebit\REBITP~1\REBIT-~1.DLL
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtCore4.dll
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtNetwork4.dll
(..-..) - (4.7.3.0) -- C:\Program Files\Rebit\REBITP~1\QtSql4.dll
(.Rebit, Inc..-.Rebit Pro Translations.) - (5.1.3001.14505) -- C:\Program Files\Rebit\REBITP~1\cqt.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Rebit\REBITP~1\LIBEAY32.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Rebit\REBITP~1\SSLEAY32.dll
(.Rebit, Inc..-.Rebit Pro Shell Extension.) - (5.1.3001.14505) -- C:\Program Files\Rebit\REBITP~1\REBIT-~2.DLL
(.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files (x86)\KillSoft\KillCopy\killcopy_amd64.dll
(..-..) - (0.0.0.0) -- C:\Program Files\TeraCopy\TeraCopy64.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Unlocker\UnlockerCOM.dll
(.Nero AG.-.Nero Burning ROM Shell Extension.) - (17.0.8.0) -- C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\NeroShellExt.dll
(.Nero AG.-.Nero Solution Explorer Dynamic Link Library.) - (17.0.0.3) -- C:\Program Files (x86)\Common Files\Nero\NeroShellExt\x64\SolutionExplorer.dll
(..-..) - (0.0.0.0) -- C:\Program Files\TeraCopy\TERACO~2.DLL
(.IObit.-.IObit Smart Defrag Extension.) - (1.0.0.25) -- C:\WINDOWS\System32\IObitSmartDefragExtension.dll
(.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
(..-..) - (0.0.0.0) -- :\PHOTO FAMILY\PC Optimizer Pro\PCOptProCtxMenu.dll
(..-..) - (1.0.0.2) -- C:\WINDOWS\SysWoW64\ISCM64.dll
(.CHENGDU Yiwo Tech Development Co., Ltd..-.EverySync.) - (1.0.0.1) -- C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EUSyncExtMenux64.dll
(.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (10.0.0.1409) -- C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt10.dll
(..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt64.dll
(.Tonec Inc..-.Internet Download Manager module.) - (6.28.14.20) -- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
(.Advanced Micro Devices, Inc..-.AMD Desktop Control Panel.) - (6.14.10.2001) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
(.Advanced Micro Devices, Inc..-.AMD Desktop Control Panel.) - (6.14.10.2001) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)


---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÃSEAU
PortableApps.com Platform - (PortableApps.com Platform.lnk [Startup]) - User: DESKTOP-37KC94K\jean-
TweakBit\Internet Optimizer\Start Internet Optimizer ?n logon - ("C:\Program Files (x86)\TweakBit\Internet Optimizer\InternetOptimizer.exe" /UseTray [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\...\Run]) - User: DESKTOP-37KC94K\jean-
Web Companion - (C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\...\Run]) - User: DESKTOP-37KC94K\jean-
WinSweep - (M:\NMSDCID\OneSafe PC Cleaner\WinSweeper\WinSweeper.exe [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\...\Run]) - User: DESKTOP-37KC94K\jean-
IDMan - (C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\...\Run]) - User: DESKTOP-37KC94K\jean-
 - ( [HKLM\SOFTWARE\...\Run]) - User: Public
WebDiscoverBrowser - (C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe --docked [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"TweakBit\Internet Optimizer\Start Internet Optimizer ?n logon"="C:\Program Files (x86)\TweakBit\Internet Optimizer\InternetOptimizer.exe" /UseTray   
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize    
"WinSweep"=M:\NMSDCID\OneSafe PC Cleaner\WinSweeper\WinSweeper.exe   [10/12/2017 10:42:59]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"DAEMON Tools Pro Agent"=0x03000000F795B3572305D201   
"EPLTarget\P0000000000000000"=0x020000000000000000000000   
"OneDrive"=0x020000000000000000000000   
"COS"=0x03000000C0B2466C5B0AD201   
"KillCopy"=0x030000001076476C5B0AD201   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"MRUList"=bihgfedac   
"a"=explorer\1   
"b"=iexplore\1   
"c"="L:\1er gotd apr mini-afpaawt~gift rec. Afpaawt~go app\FastSitemapMaker13-vm36dt\readme.txt"\1   
"d"="L:\LFS Hyper-100% SÃ©curisÃ©-CewbÃ©-Widen Suite 19.550\reg-organizer-setup.exe"\1   
"e"="L:\LFS Hyper-100% SÃ©curisÃ©-CewbÃ©-Widen Suite 19.550\logon-disclaimer.exe"\1   
"f"="L:\LFS Hyper-100% SÃ©curisÃ©-CewbÃ©-Widen Suite 19.550\google-drive-migrator.exe"\1   
"g"="L:\LFS Hyper-100% SÃ©curisÃ©-CewbÃ©-Widen Suite 19.550\GTPRSetup.exe"\1   
"h"="L:\LFS Hyper-100% SÃ©curisÃ©-CewbÃ©-Widen Suite 19.550\PRM_VMBackup_6.3.2058.312394_20171004.exe"\1   
"i"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe"\1   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Microsoft Print to PDF,winspool,Ne01:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
""=   
"WebDiscoverBrowser"=C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe --docked   

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x040000000000000000000000   
"ZAM"=0x040000000000000000000000   
"RTHDVCPL"=0x040000000000000000000000   
"WindowsDefender"=0x040000000000000000000000   
"Rebit Pro Dashboard"=0x03000000F047956C5B0AD201   
"Rebit 5 Dashboard"=0x0300000030AF896C5B0AD201   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"CLMLServer_For_P2G10"=0x040000000000000000000000   
"iSkysoft Helper Compact.exe"=0x040000000000000000000000   
"DelaypluginInstall"=0x040000000000000000000000   
"StartCCC"=0x060000000000000000000000   
"BingDesktop"=0x020000000000000000000000   
"EEventManager"=0x030000004055606C5B0AD201   
"Wondershare Helper Compact.exe"=0x020000000000000000000000   
"MalTray"=0x0300000070CA606C5B0AD201   
"Nero BackItUp"=0x03000000B0D0796C5B0AD201   
"VMXPLXService"=0x03000000C05AA86C5B0AD201   
"YouCam Service7"=0x03000000F004B56C5B0AD201   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(2).dll   [29/11/2017 17:10:57]
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=1   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D33928A8E92551   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anvi AD Blocker"="J:\Anvi AD Blocker\ADBlockerTray.exe" -tray   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Anvi AD Blocker Ultimate
CreateExplorerShellUnelevatedTask
EPSON XP-710 Series Invitation {0122C21E-3E2C-462D-85AB-284BF6878C30}
EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7}
EPSON XP-710 Series Update {0122C21E-3E2C-462D-85AB-284BF6878C30}
EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7}
Nero TuneItUp PRO

---------- | Startings up registry ? Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=AcrSch2Svc
UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= FLIGHTSIGNING  NOEXECUTE=OPTIN  SAFEBOOT:NETWORK  BOOTLOG  NOGUIBOOT  BOOTLOGO   
"SystemBootDevice"=multi(0)disk(0)rdisk(5)partition(3)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(5)partition(1)   
"LastBootSucceeded"=0   
"LastBootShutdown"=0   
"DirtyShutdownCount"=2   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [10/12/2017 10:53:23]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"fullprivilegeauditing"=0x80   
"LsaPid"=956   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   
"PendingFileRenameOperations"=\??\C:\Users\jean-\AppData\Local\Temp\_iu14D2N.tmp

\??\C:\Users\jean-\AppData\Local\Temp\nsf49DD.tmp\nsProcess.dll

\??\C:\Users\jean-\AppData\Local\Temp\nsf49DD.tmp\

\??\C:\Users\jean-\AppData\Local\Temp\nsx513.tmp\nsProcess.dll

\??\C:\Users\jean-\AppData\Local\Temp\nsx513.tmp\

\??\C:\Users\jean-\AppData\Local\Temp\nsr7069.tmp\

\??\C:\Users\jean-\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

\??\C:\Users\jean-\AppData\Local\Temp\IDM_Setup_Temp\
   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=629054ee-16a0-4ffd-8627-aab6e6b   
"GlassSessionId"=1   


---------- | .LNK with Arguments

c:\hp\hpqware\dtshortcuts\ca-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\da_dk\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\aut\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_at\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_ch\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_de\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\hkg\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\mys\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\phl\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\sgp\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_au\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_gb\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_ie\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_in\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_nz\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_sg\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_us\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es_es\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\eu-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_be\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_ch\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_fr\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\gl-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\hi-in\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it_ch\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it_it\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\ja_jp\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nb_no\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl_be\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl_nl\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\pt_pt\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\sv_se\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-hk\hkg\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh_cn\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\ca-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\da_dk\music, photos and videos\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\shopping and services\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_at\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_ch\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_de\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\hkg\shopping and services\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=EN_IE&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\mys\shopping and services\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\phl\shopping and services\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\sgp\shopping and services\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_au\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_gb\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_ie\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_in\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_nz\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_sg\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_us\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es_es\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\eu-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_be\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_ch\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_fr\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\gl-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\hi-in\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it_ch\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it_it\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\ja_jp\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nb_no\music, photos and videos\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl_be\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl_nl\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\pt_pt\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\sv_se\music, photos and videos\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-hk\hkg\shopping and services\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh_cn\music, photos and videos\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK
c:\users\jean-\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretTimeout"=5000   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\Users\jean-\AppData\Local\Microsoft\BingDesktop\themes\2017-12-09.jpg   [09/12/2017 09:04:09]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"DragFullWindows"=0   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0xD912038010000000   
"MaxVirtualDesktopDimension"=1280   
"MaxMonitorDimension"=1280   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC301002DC8090080070000B004000000157A4BC470D30143003A005C00550073006500720073005C006A00650061006E002D005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00420069006E0067004400650073006B0074006F0070005C007400680065006D00650073005C0032003000310037002D00310032002D00300039002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoColorization"=1   
"ImageColor"=2939911621   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=200   
"AutoEndTasks"=1   
"HungAppTimeout"=200   
"ActiveWndTrkTimeout"=0   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003F28010000000000000000000000000001000000130000000000000063000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SlowContextMenuEntries"=0xEE21215E0003D4118D3B444553540000A38E0000FB9A790967ADD111ABCD00C04FC30936B86E0000F05A64A7E8D6AF488DFA023B1CF660A786E100000114020000000000C00000000000004672B504000D24645B365B9F4BA75F4925B6A53D5BD46B7100   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=3   
"GlobalAssocChangedCounter"=42   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"Browse For Folder Width"=347   
"Browse For Folder Height"=328   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=1   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=0   
"StoreAppsOnTaskbar"=1   
"EnableStartMenu"=1   
"StartMenuInit"=13   
"TaskbarSizeMove"=1   
"DisablePreviewDesktop"=0   
"TaskbarGlomLevel"=0   
"HideDrivesWithNoMedia"=0   
"ReindexedProfile"=1   
"TaskbarStateLastRun"=0xF58A2B5A00000000   
"NoNetCrawling"=1   
"DesktopLivePreviewHoverTime"=0   
"ExtendedUIHoverTime"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"EnableFirstLogonAnimation"=0   
"EnableLinkedConnections"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   
"NoDriveTypeAutoRun"=   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=21   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"EnableFirstLogonAnimation"=0   
"EnableLinkedConnections"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   
"NoDriveTypeAutoRun"=   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=32   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=16299   
"FirstLogon"=0   
"PUUActive"=0x82E4F33F0100030006002A00C5F400003F9D01003F9D0100D2000000020008007D7FADC446C4050046C40500D1430000453D00005507000000000000990D03007C1300001D010000E6A007609971D301C5F400000000000001000000C5F40000AB3F000000000000   
"ParseAutoexec"=1   
"DP"=0xD200E800100003000600000082E4F33F00000000000000005E68EFBF8971D3015E68EFBF8971D301000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100B4490180D0149A18D8149A18814600C0E8020061E8960071EABA00C0BD88581BBDA8787B124101804200020062120A30682900804101015C4187015E99C500C014548408747685089F280180400001004C080100A04E0180140840449D68F5444B3E0140989A0611D89A16117CA60080C01D9121D0DD91630EA1008001C1251001C96530   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=262923483584   
"ShutdownFlags"=2147483687   
"Userinit"=C:\Windows\system32\userinit.exe,   
"AutoRestartShell"=0   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-4265624635-2019933758-61733912-1001   
"LastUsedUsername"=jean-   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command]
""="C:\Program Files (x86)\Opera\Launcher.exe"   
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand"="C:\Users\jean-\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [01/12/2017 05:29:06]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [01/12/2017 05:29:06]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\jean-\AppData\Local\Programs\Opera\Launcher.exe"=32

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=71D3B PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=0x534143500100000000000000070000002800000060870300A90004000100000000000000000001060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000002000000000000000000000000000058280000000000000100000001000000
"SIGN.MEDIA=61294E0 free download manager\FreeDownloadManagerPortable_3.9.7.1627.paf.exe"=0x5341435001000000000000000700000028000000002BA8006EF5A80001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000035260000000000000100000001000000
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe"=0x5341435001000000000000000700000028000000E00C9200363D920001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000079AB0200000000000100000001000000
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe"=0x5341435001000000000000000700000028000000E8C62601C886270101000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000441B9500000000000300000003000000
"SIGN.MEDIA=64FFE PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x53414350010000000000000007000000280000005837030086C803000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002A623A00000000000100000001000000
"C:\Users\jean-\Downloads\filmora_setup_full1084.exe"=0x534143500100000000000000070000002800000090B612009B88130001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F6420300000000000200000002000000
"C:\Program Files\Windows Journal\Journal.exe"=0x534143500100000000000000070000002800000000B0200054AE210001000000010000000000000A7322000059193B14E312D1010000000000000000
"C:\Users\jean-\Downloads\UsbFix_8.263.exe"=0x534143500100000000000000070000002800000066892F00000000000100000000000000000001060001000019B4C529E312D1010000000000000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\Unlocker1.9.2.exe"=0x5341435001000000000000000700000028000000DF250600000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009D8F0000000000000100000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\KCinst.exe"=0x534143500100000000000000070000002800000011220900000000000100000000000000000001057100000019B4C529E312D10100000000000000000200000028000000000000000008004000000000000000000000000000000000793A0000000000000100000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\xpsolive.exe"=0x53414350010000000000000007000000280000001B970000000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000E6130000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\wood.exe"=0x534143500100000000000000070000002800000068D40100000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400004200000000000000020000000000012240000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\steam.exe"=0x5341435001000000000000000700000028000000CBAA0100000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000042000000000000000200000000000A1140000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\mac_os_x.exe"=0x534143500100000000000000070000002800000091310200000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400004200000000000000020000000000030120000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\kill_xp.exe"=0x5341435001000000000000000700000028000000602C0200000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000002000000000000000200000000000A61B0000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\kclite.exe"=0x5341435001000000000000000700000028000000AEA20100000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000042000000000000000200000000000CA150000000000000100000001000000010000000400000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\army.exe"=0x53414350010000000000000007000000280000003F930100000000000100000000000000000001057100000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000078130000000000000100000001000000010000000400000001000000
"E:\PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000019B4C529E312D1010000000000000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\filmora_setup_full1084.exe"=0x5341435001000000000000000700000028000000906812003E4D130001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F0380700000000000100000001000000
"E:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sÃ©curisÃ©\Rebit 5 & Daemon Tools Pro 7 aout 2016\DTPro710-0595_paid.exe"=0x53414350010000000000000007000000280000002811C5012D0BC6010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B1080200000000000100000001000000
"E:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sÃ©curisÃ©\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\rebitpro-setup-5.1.3001.14505.exe"=0x53414350010000000000000007000000280000005854F703DC7AF70301000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000C530100000000000100000001000000
"E:\barrow 2 & widen 100% sÃ©curisÃ©\efm du musÃ©e de l'homme & power2go 11 essentials managers\filmora_resource.exe"=0x5341435001000000000000000700000028000000C0665116434752160100000000000000000001060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000004B260200000000000100000001000000
"SIGN.MEDIA=272F660 PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005150A506000000000400000004000000
"C:\Program Files\Wondershare\Filmora\Filmora.exe"=0x534143500100000000000000070000002800000090003101F122310101000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000ADB7BC03000000000200000002000000
"C:\Users\jean-\AppData\Local\Temp\SoftwareUpdate_Temp\Data\Setup.exe"=0x5341435001000000000000000700000028000000685905004D4706000100000000000000000003060021000019B4C529E312D10100000080000000000200000028000000000000000000004000000000000000000000000000000000C13B0000000000000100000001000000
"C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE"=0x534143500100000000000000070000002800000018DE2900D53E2A000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000028939304000000000100000001000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C0723C01E3C13C0101000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Program Files (x86)\KillSoft\KillCopy\killme.exe"=0x5341435001000000000000000700000028000000DCBA0000000000000100000000000000000001057100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000040000000000000000000000000000BA150000000000000100000001000000
"SIGN.MEDIA=3DB5FE resizer-free.exe"=0x5341435001000000000000000700000028000000FEB53D00000000000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000D740200000000000100000001000000
"SIGN.MEDIA=1090E298 Backup data\Windows10Upgrade28084.exe"=0x5341435001000000000000000700000028000000805D5800B4CA580001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F3A56300000000000100000001000000
"C:\Users\jean-\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files\IM-Magic\Partition Resizer\dm.resizer.exe"=0x534143500100000000000000070000002800000000BA8E000000000001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009A170B00000000000200000002000000
"G:\Diskeeper15-Professional-30day.exe"=0x53414350010000000000000007000000280000008810C102D624C1020100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000F1720600000000000100000001000000
"C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe"=0x534143500100000000000000070000002800000010A92000E5E5200001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000040040000100000000000000000000000000B952B00000000000200000002000000
"C:\Program Files (x86)\Wondershare\1-Click PC Care\BoostSpeed.exe"=0x534143500100000000000000070000002800000090AA34006BA2350001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D0432801000000000600000006000000
"C:\Program Files\Unlocker\Unlocker.exe"=0x534143500100000000000000070000002800000000E801000000000001000000000000000000020673220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008F0A0000000000000100000001000000
"G:\PortableApps\AntRenamerPortable\AntRenamerPortable.exe"=0x5341435001000000000000000700000028000000406C030029CC03000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000AFD70400000000000100000001000000
"G:\barrow 2 & widen 100% sÃ©curisÃ©\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CC830C00000000000100000001000000
"G:\100% sÃ©curisÃ© finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000DAC80400000000000200000002000000
"G:\LFS Ultra & 100% SÃ©curisÃ©\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003CF50A00000000000100000001000000
"G:\LFS Ultra & 100% SÃ©curisÃ©\hidefolder\hide_pro\LFS Ultra & 100% SÃ©curisÃ©\LFS Ultra\lfs ultimate\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000009F930800000000000100000001000000
"C:\Program Files (x86)\Wondershare\TidyMyMusic\TidyMyMusic.exe"=0x5341435001000000000000000700000028000000386D0D0047C80D0001000000000000000000000AF122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7530800000000000200000002000000
"C:\Program Files (x86)\Reason\Security\rsUI.exe"=0x5341435001000000000000000700000028000000F8C21D00DAD31D0001000000000000000000000AF5220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000005FB67D00000000000200000002000000
"C:\Program Files\Condusiv Technologies\Diskeeper\Diskeeper.exe"=0x5341435001000000000000000700000028000000F03A4900F0F2490001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000988B0300000000000100000001000000
"SIGN.MEDIA=64F9E PortableApps\FirefoxPortable\FirefoxPortable.exe"=0x534143500100000000000000070000002800000068370300683204000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FECD2100000000000200000002000000
"C:\Program Files (x86)\Auslogics\Disk Defrag Professional\DiskDefragPro.exe"=0x5341435001000000000000000700000028000000B0752900139F290001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006E140100000000000200000002000000
"C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe"=0x5341435001000000000000000700000028000000B0F40F005C5610000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003C800000000000000100000001000000
"C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe"=0x5341435001000000000000000700000028000000207A1F00A70120000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BA370000000000000100000001000000
"C:\Program Files (x86)\NCH Software\Switch\switch.exe"=0x5341435001000000000000000700000028000000A07613006952140001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000461E0000000000000100000001000000
"C:\Program Files (x86)\NCH Software\Prism\prism.exe"=0x5341435001000000000000000700000028000000E0481600891B17000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002D1D0000000000000100000001000000
"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"=0x534143500100000000000000070000002800000020B01700585718000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ED240000000000000100000001000000
"C:\Program Files (x86)\Folder Marker\FolderMarker.exe"=0x534143500100000000000000070000002800000008430E004D0C0F000100000000000000000002060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000008000000000000000000000000CDBD0100000000000200000002000000
"C:\Program Files (x86)\Reason\herdProtect\Scanner\herdProtectScan.exe"=0x5341435001000000000000000700000028000000101510008E741000010000000000000000000306F5020000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000621C0000000000000100000001000000
"C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe"=0x5341435001000000000000000700000028000000D0392200A6E2220001000000000000000000000A7122000033504C2B57DFD1010000000000000000020000005000000000000000000000400000000000000000000000000000000090718C0C000000000100000001000000000000000000000000000000000000000000000000000000D41C2701000000000300000000000000
"C:\Windows10Upgrade\Windows10UpgraderApp.exe"=0x5341435001000000000000000700000028000000C0D2120023FA120001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F0190000000000000100000001000000
"C:\Users\jean-\OneDrive\avanquest achats 05_08_2016\FI_PRO_14.0.34.73_FRA.exe"=0x5341435001000000000000000700000028000000289E8603923D87030100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000008338000000000000200000002000000
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000068550500221B06000100000000000000000000067102000033504C2B57DFD1010000000100000000
"C:\UsbFix\UsbFix.exe"=0x534143500100000000000000070000002800000000EE1B0036681C0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000009A686A00000000000100000001000000
"SIGN.MEDIA=EAE23D02 filmora-80s-effect-pack.exe"=0x5341435001000000000000000700000028000000D8721A13C9641B130100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000BC570500000000000200000002000000
"SIGN.MEDIA=EAE23D02 ThunderbirdPortable_45.3.0_English.paf.exe"=0x5341435001000000000000000700000028000000D83441022C53410201000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000084062500000000000300000003000000
"G:\processclose_1.0.0.3.exe"=0x534143500100000000000000070000002800000000140F0001DC0F0001000000000000000000000A0021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001B070200000000000200000002000000
"SIGN.MEDIA=EAE23D02 filmora-fashion-effect-pack.exe"=0x5341435001000000000000000700000028000000F8B19406C7AF95060100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000F91E0500000000000100000001000000
"C:\Users\jean-\Downloads\1-click-pc-care_full821.exe"=0x53414350010000000000000007000000280000006D3CDA000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000073B39700000000000100000001000000
"C:\Users\jean-\Downloads\tidymymusic_full1686.exe"=0x534143500100000000000000070000002800000000E22701519828010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002FB51200000000000100000001000000
"C:\Program Files (x86)\FileMarker.NET\FileMarker.NET.exe"=0x534143500100000000000000070000002800000008B50D0042A00E000100000000000000000002060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002B8F0100000000000100000001000000
"C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe"=0x5341435001000000000000000700000028000000B0DF0A00266C0B00010000000000000000000106F102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000081BA0100000000000100000001000000
"K:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sÃ©curisÃ©\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\bitdefender, surfright, glary machin\susetupPro.exe"=0x5341435001000000000000000700000028000000783E6500AA1266000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A41A0500000000000100000001000000
"K:\PortableApps\PortableApps.com\PortableAppsPlatform.exe"=0x534143500100000000000000070000002800000000D1290044D9290001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000073832200000000000100000001000000
"K:\events nouveau logo blini\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000124C0C00000000000100000001000000
"K:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sÃ©curisÃ©\Start.exe"=0x534143500100000000000000070000002800000000CD1500A021160001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004EB00800000000000100000001000000
"K:\PortableApps\FreeFileSyncPortable\FreeFileSyncPortable.exe"=0x534143500100000000000000070000002800000078240300966303000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007E510600000000000300000003000000
"SIGN.MEDIA=4843E PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe"=0x534143500100000000000000070000002800000008C10400DFB905000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000089951700000000000100000001000000
"C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe"=0x5341435001000000000000000700000028000000C0342400BB6724000100000000000000000003067102000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BAEEF900000000000100000001000000
"SIGN.MEDIA=EAE23D02 Nero_BurningROM2016-21.09.2015_stub_trial.exe"=0x5341435001000000000000000700000028000000000E27004FA327000100000000000000000001067100000033504C2B57DFD101000000000000000002000000280000000000000000080040000000000000000000000000000000008B230C00000000000100000001000000
"C:\Program Files (x86)\Nero\Nero 2016\Nero Launcher\NeroLauncher.exe"=0x5341435001000000000000000700000028000000F0F335013C78360101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000080000000000000000000000000000000000000002F230500000000000200000002000000
"C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUpStart.exe"=0x5341435001000000000000000700000028000000082A070095CF070001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000057870200000000000100000001000000
"C:\Users\jean-\Downloads\everysync_trial.exe"=0x5341435001000000000000000700000028000000A87F91014209920101000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000009510100000000000100000001000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{d4ddb963-d51e-11e7-b8fa-4c72b9f956a2}] : "Q:\SFR_Setup.exe"      (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131565872227460937

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=0
"ProductType"=2
"InstallTime"=0xA18ABA5F1701D201
"ManagedDefenderProductType"=0
"ProductStatus"=0
"OOBEInstallTime"=0x0AC7A994786AD301
"DisableAntiVirus"=0
"InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.17123-0\
"PassiveMode"=0
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

0.0.0.0 pagead2.googlesyndication.com
0.0.0.0 googleadservices.com
0.0.0.0 www.googleadservices.com
0.0.0.0 partner.googleadservices.com
0.0.0.0 doubleclick.net
0.0.0.0 g.doubleclick.net
0.0.0.0 googleads.g.doubleclick.net
0.0.0.0 securepubads.g.doubleclick.net
0.0.0.0 ad.doubleclick.net
[86] More lines

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:80f::200e] avec 32 octets de donn?es?:
R?ponse de 2a00:1450:4007:80f::200e?: temps=30 ms 
R?ponse de 2a00:1450:4007:80f::200e?: temps=31 ms 
R?ponse de 2a00:1450:4007:80f::200e?: temps=29 ms 
R?ponse de 2a00:1450:4007:80f::200e?: temps=30 ms 

Statistiques Ping pour 2a00:1450:4007:80f::200e:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 29ms, Maximum = 31ms, Moyenne = 30ms

---------- | @

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\WINDOWS\System32\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://www.bing.com/?pc=COSP&ptag=D120917-ABB8A6EC868&form=CONMHP&conlogo=CT3334484
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"ImageStoreRandomFolder"=uhftd4b
"OperationalData"=13
"EdgeSwitchingOSBuildNumber"=10586.th2_release.151029-1700
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C00000002000000010000000083FFFFD682FFFFFFFFFFFFFFFFFFFF24000000000000004403000080020000
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xCA40E2D8516AD301
"IE10TourShown"=1
"IE10TourShownTime"=0xCA40E2D8516AD301
"Start Page_TIMESTAMP"=0x2314EC904908D201
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF10010000D400000090030000B4020000
"Use FormSuggest"=no
"TabShutdownDelay"=0
"SearchBandMigrationVersion"=1
"IE11EdgeNotifyTime"=0xE22438D0116CD301
"EdgeReminderRemainingCount"=5
"News Feed First Run Experience"=0
"FormSuggest Passwords"=no
"FormSuggest PW Ask"=no

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0xCA40E2D8516AD301
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"DnsCacheTimeout"=7200
"KeepAliveTimeout"=300000
"MaxConnectionsPer1_0Server"=8
"MaxConnectionsPerServer"=8
"ReceiveTimeout"=60000
"ServerInfoTimeOut"=300000
"EnableHttp1_1"=1
"ProxyHttp1.1"=1
"ProxyOverride"=*.local
"AutoConfigProxy"=wininet.dll
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1
"TcpAutotuning"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts











---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\			IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D} --  C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll   [06/10/2017 17:17:03]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [04/09/2016 14:23:42]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [04/09/2016 14:23:42]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlayX64.dll   [04/09/2016 14:23:42]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncError] - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncInProgress] - {00F848DC-B1D4-4892-9C25-CAADC86A215D} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncOk] - {71573297-552E-46fc-BE3D-3DFAF88D47B7} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [11/11/2015 12:02:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSDriveIconOverlay] - {5FDACB62-6B7B-4116-9403-C5E0D3852A57} --  C:\Program Files\COMODO\COMMON\ShellExtension.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemInSyncIconOverlay] - {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} --  C:\Program Files\COMODO\COMMON\ShellExtension.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemModifiedIconOverlay] - {AE67D273-7253-4236-B55E-D40055B305D6} --  C:\Program Files\COMODO\COMMON\ShellExtension.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemNewIconOverlay] - {022F23E9-DA0F-4A86-A728-CAF6150C0B63} --  C:\Program Files\COMODO\COMMON\ShellExtension.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\COSSyncItemUnsynchronizedIconOverlay] - {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} --  C:\Program Files\COMODO\COMMON\ShellExtension.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [29/09/2017 14:41:47]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\       EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} --  C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000000700005E01000006000000490300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030F11C209CE25C4EA73FCD197DEFA6AE0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=0   

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"KnownProvidersUpgradeTime"=0xCA40E2D8516AD301   
"Version"=5   
"UpgradeTime"=0xCA40E2D8516AD301   
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=E-Web Print   


---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (&Ajout Direct dans Windows Live Writer) -       []

---------- | SearchScopes

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | ElevationPolicy

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}] - (C:\Program Files (x86)\Internet Download Manager) - idmBroker.exe : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}] - (C:\Program Files (x86)\Internet Download Manager) - IEMonitor.exe : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118}] - (C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\) - nero.exe : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] - (C:\Program Files (x86)\Internet Download Manager) - IDMan.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\5.1.50907.0\) - Silverlight.Configuration.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\5.1.50907.0\) - agcp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7481187c-dc80-4938-b27a-ac7e9f789dd1}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IPRELPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eb9906ed-9926-4092-94fc-dc57ddba4f7a}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IARNLPE.EXE : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\) - Silverlight.Configuration.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0}] - (C:\Program Files (x86)\Common Files\Adobe\Updater6) - Adobe_Updater.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader\) - AcroBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\) - agcp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34372DD3-19BF-454f-BF23-8761F26CFFD2}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewps.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AcroRd32Info.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files (x86)\Windows Live\Mail\) - wlmail.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886D9852-A9A8-4b88-83D4-50FC6616C21D}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewpsbw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AdobeCollabSync.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files (x86)\Adobe\Reader 9.0\Reader) - AcroRd32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files (x86)\Windows Live\Messenger\) - msnmsgr.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files (x86)\Windows Live\Writer\) - WindowsLiveWriter.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD41E1A5-99E5-41BA-8703-6BE974416118}] - (C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\) - nero.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}] - (C:\Program Files (x86)\Internet Download Manager) - IDMan.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{067DF9EC-26B7-40DC-8DB8-CD8BE85AE367}] :  : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] :  : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] :  : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] :  : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] :  : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] :  : C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll

---------- | Ext\Stats

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] :  : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] :  : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] :  : C:\Windows\SysWOW64\mshtml.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] :  : C:\Windows\SysWOW64\ieframe.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A05-F192-11D4-A65F-0040963251E5}] :  : C:\Windows\SysWOW64\msxml6.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A0A-F192-11D4-A65F-0040963251E5}] :  : C:\Windows\SysWOW64\msxml6.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] :  : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] :  : 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] :  : C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] :  : %SystemRoot%\System32\msxml3.dll

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [06/10/2017 17:17:03]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [06/10/2017 17:17:03]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] -> (Adobe PDF Link Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll  [02/09/2016 15:12:01]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] -> (E-Web Print) : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll  [27/11/2014 10:38:00]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll  [02/09/2016 15:23:23]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] -> (iSkysoft iMedia Converter Deluxe 5.1.0) : C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll  [07/09/2016 13:08:08]

---------- | Chrome


[HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]

---------- | Opera

C:\Users\jean-\AppData\Roaming\Opera Software\Opera Stable\extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl =  :     __MSG_description__ -     __MSG_name__ - permissions:[tabs\u003Call_urls>nativeMessagingstorageactiveTabcookies] - https://extension-updates.opera.com/api/omaha/update/

---------- | Firefox


[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"e-webprint@epson.com"=C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
"ISVCU@iSkysoft.com"=C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{a778058e-ddb3-4e56-a8fe-5582c6425c94}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a778058e-ddb3-4e56-a8fe-5582c6425c94}]
"DhcpNameServer"=192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4FC4FAB8-DD2C-3F8B-B378-F6EF65C0EC05}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> U
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{54BDBDCB-ED26-30CA-BFFC-5B5E414C3793}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 


---------- | Applications

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\jean-\AppData\Local\Programs\Opera\Launcher.exe" "%1"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: Local Service Credential UI Broker - AppID: {00944ad3-b2ad-4bcf-9202-59bf4662d521}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CLWFLService7 - AppID: {03C200E3-11BC-49ea-8BAB-3B09120AC3AE}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: Microsoft SQL Server Replication Remote Merge Agent 11.0 - AppID: {042A4340-A4D7-44DD-A22E-93278FB52475}
Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B}
Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323}
Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: IDM Elevated FS Assistant - AppID: {0F947660-8606-420A-BAC6-51B84DD22A47}
Name: NeroShellExt - AppID: {10EBE05D-77B3-4C15-9080-6002AFD08B48}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: RuntimeBroker - AppID: {15c20b67-12e7-4bb6-92bb-7aff07997402}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A}
Name: WsDrvInst - AppID: {1909e113-997e-4759-baa3-bcb780797176}
Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: NAUpdate - AppID: {1AC9CDC0-9D87-4371-9DE7-65C3F39AE5E6}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: MyEpson Portal Service - AppID: {1EA8AE6B-3E49-4C56-B4F6-91BC83604BEB}
Name: TIManagersProxy Class Application - AppID: {1EF75F33-893B-4E8F-9655-C3D602BA4897}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97}
Name: Experimentation Broker - AppID: {2568BFC5-CDBE-4585-B8AE-C403A2A5B84A}
Name: Update Notification Component Com Handler - AppID: {25d6d937-1fa3-4a22-8875-8680943b3f29}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: CMSVSWrap Object - AppID: {2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}
Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: DTS Package Host (32-bit) - AppID: {2CB1C2AA-A8EA-41CD-B439-25F4F4C846A9}
Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37}
Name: Windows Security Health Service - AppID: {2EB6D15C-5239-41CF-82FB-353D20B816CF}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: UiaManagerCrossMachineProxyAppId - AppID: {31b965c2-d4a3-4d8e-ac40-a76d466cd0b7}
Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B}
Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F}
Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90}
Name: TrayAppIdentityResolver - AppID: {35BC523D-8BE9-496E-8257-026E8B4750FC}
Name: CoreDpusSvr - AppID: {36234D6F-D9B8-404B-91C9-736BD2EE3040}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: Microsoft SQL Server Replication Logreader Agent 11.0 - AppID: {368C2E48-7E89-4970-94C9-6757E96C49AF}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Security Health Agent Activate As Activator Host - AppID: {37096FBE-2F09-4FF6-8507-C6E4E1179893}
Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B}
Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}
Name: idmBroker - AppID: {3C085E26-7DF6-4A34-ADA6-877D06BAE9A8}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: NaturalAuthentication - AppID: {412E0F20-6C5B-43EC-879F-DA444A416EAC}
Name: Core Shell Broker Provider - AppID: {41928E27-7275-491C-A5A1-4FDC791BF609}
Name: BDUpdateServiceCom - AppID: {419E484A-F3EB-43DC-A622-C7B069FED362}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: PIFUAC - AppID: {45CB30B1-B453-488a-9E8F-CE3C2ABFAAA7}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: AszBrowseHelper - AppID: {4D0EF64C-71D3-4A05-93B1-8EC58AE8D6D9}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: DTS Task Host (32-bit) - AppID: {4D3E4495-4A1C-4AB6-BFCB-E4056EB546D0}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: Security Health Agent Interactive User Host for WDSP only - AppID: {4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: SRS_APO_Universal - AppID: {553C48B2-BA6B-412B-9F8D-2B62B1B912AA}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: Docking.VirtualInput Create Object Server - AppID: {5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}
Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B}
Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6}
Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: CoreShellHost - AppID: {64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: SEMgrSvc - AppID: {6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23}
Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A}
Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: AcroIEHelperShim - AppID: {77AB4812-5411-4EA9-8437-77AD0F230302}
Name: WebPlatStorageBrokerServer - AppID: {7966b4d8-4fdc-4126-a10b-39a3209ad251}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: CLMLSvc_P2G10 - AppID: {7AF75464-3A22-4BB6-A2A0-F9ED5B72DD77}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: Security Health Agent Interactive User Host - AppID: {7E55A26D-EF95-4A45-9F55-21E52ADF9887}
Name: Battery Notification Manager - AppID: {7EAD5C10-8B3F-11E6-AE22-56B6B6499611}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E}
Name: CnxtDSPdll - AppID: {81D6AA8D-5401-4EE7-A7A2-95133649C977}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: wlcsdk - AppID: {83B16523-1802-47EF-A9A6-2B3C8B796A6F}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
Name: UACObject - AppID: {8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}
Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2}
Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: SQLTaskConnections - AppID: {91A708A7-D12F-4B03-B8D0-DDE814119454}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: UiaManager - AppID: {94a38670-983b-459c-87c8-bb6ad617fd74}
Name: PenIMC4v2 - AppID: {953E4863-7AD1-4DAE-B2BD-108F1D57967B}
Name: WebPlatformStorageServer - AppID: {973d20d7-562d-44b9-b70b-5a0f49ccdf3f}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE}
Name: Microsoft SQL Server Replication Remote Dist Agent 11.0 - AppID: {99434DAB-0F08-4F30-8CCF-B3E80296C907}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: CommonToolkit2 - AppID: {9D5DF630-D2C3-40A5-830E-4BA4322A0107}
Name: MalwareHunterContextHandler - AppID: {9D8C0710-8D32-4A42-84E5-210927BC6CB0}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Xhr2OOP - AppID: {a3a81ee7-be13-4dd8-89f7-26aba705d81d}
Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D}
Name: Virtual Factory for Windows Defender Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: PDFShellInfo - AppID: {A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: Core Shell Service Provider - AppID: {A67168DB-418E-4087-B63E-852E822BB1ED}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: IA3DUtility - AppID: {A7D71146-EBCD-4E6C-916C-E77865BCC53B}
Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A}
Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
Name: Core Shell COM Server Registrar - AppID: {AA8F1F23-D819-4E95-9B36-7FD68D5218F9}
Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: PaymentsSvc - AppID: {AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}
Name: IDMan - AppID: {AC746233-E9D3-49CD-862F-068F7B7CCCA4}
Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E}
Name: VSSCOM - AppID: {B3E2C31B-A5EB-406C-890D-04D23EC4E315}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755}
Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: ewpsie_tb - AppID: {BBFE69BB-2EA4-49A6-99F3-9408974D0684}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF}
Name: Spectrum - AppID: {C0E1CE99-C981-44A2-AC4C-41036FAC6593}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412}
Name: RetailCoreSystemAgent Service - AppID: {C2EA2356-994C-45AF-BDAE-10796F73BC47}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497}
Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}
Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5}
Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad}
Name: EPTBL - AppID: {CACC252F-95A7-4741-BBE8-FB1F18C2826F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: ShellExtension - AppID: {CB65493D-4F92-4301-8EDB-0C93266A3B51}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: Dispatch - AppID: {CD9DD8FF-5FE5-44AB-AA3E-646052717FFF}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: SwapAPODll - AppID: {CF85F74A-E465-4fb6-898F-8F72C2B84D8E}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Windows.Internal.Security.SmartScreen.NetworkFiltering.NetworkFilter - AppID: {d339785e-44b3-4ce6-b01f-83a55a1b7da0}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Microsoft SQL Server Replication Distribution Agent 11.0 - AppID: {D41192E9-AB13-4A23-AB3B-A5FED98306DB}
Name: URLReqService - AppID: {D4859CE9-3B25-4235-8973-A74F5D9A04F2}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: Microsoft Volumetric Audio Compositor - AppID: {DD7B2C49-A779-4055-BBD5-7C96F502F97F}
Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}
Name: Exchange Active Sync Policy Manager Broker - AppID: {E9DD849F-B3CF-4614-94BB-CB2696BD34FB}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Convert VHD - AppID: {eae61b75-98d8-4af9-94e6-84b1c6f77c8a}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: ImagXpr7 - AppID: {ED512BE6-6629-4FB4-953D-D0C353847163}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: BitDefender Threat Scanner - AppID: {EF436DD1-6449-4F19-83C2-CF546175C7BF}
Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F}
Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09}
Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Microsoft SQL Server Replication Queuereader Agent 11.0 - AppID: {FD737704-43CB-4791-B4DB-EE8CDBC64450}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: Microsoft SQL Server Replication Merge Agent 11.0 - AppID: {FDF7E044-456E-46C5-A396-807479AAFB4D}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00944ad3-b2ad-4bcf-9202-59bf4662d521}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-3-3215430884-1339816292-89257616-1145831019"
Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522"
Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-5-84-0-0-0-0-0"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-1"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-2"
Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-3"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187"
Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-503"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-80-4155767994-3874329934-3800885181-2130851812-726865888"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-3859068477-1314311106-1651661491-1685393560"
Win32_DCOMApplication.AppID="{92940059-57cc-41bc-a042-80a6247ffce6}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-2385269614-3243675-834220592-3047885450"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-2165721414-884371012-2773947476-2437641138-4209659587-972658821-4033014341-190168586"
Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-2152139330-3124897132-671935159-3762809077-3273429135-2233686478-1435376800-2420532691"
Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-3167453650-624722384-889205278-321484983-714554697-3592933102-807660695-1632717421"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{AA8F1F23-D819-4E95-9B36-7FD68D5218F9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA8F1F23-D819-4E95-9B36-7FD68D5218F9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA8F1F23-D819-4E95-9B36-7FD68D5218F9}" - Win32_SID.SID="S-1-15-3-1024-2165721414-884371012-2773947476-2437641138-4209659587-972658821-4033014341-190168586"
Win32_DCOMApplication.AppID="{AA8F1F23-D819-4E95-9B36-7FD68D5218F9}" - Win32_SID.SID="S-1-15-3-1024-2152139330-3124897132-671935159-3762809077-3273429135-2233686478-1435376800-2420532691"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-3-1024-2922296261-1647482768-2017091146-3858667068-4135663662-2931985894-1627820925-818366431"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-80-3246321066-2451215914-3422911474-2201726393-166328789"
Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD9DD8FF-5FE5-44AB-AA3E-646052717FFF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD9DD8FF-5FE5-44AB-AA3E-646052717FFF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{DD7B2C49-A779-4055-BBD5-7C96F502F97F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-5-7"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950"
Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-1"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-2"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-3"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"diagnostics"=DiagSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"DevicesFlow"=DevicesFlowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"smbsvcs"=lanmanserver
browser
"bdx"=scan
sysagent

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Acronis]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Adobe]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Aimersoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Akeo Consulting]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Alexander Avdonin]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Anvisoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\AOMEI]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Apowersoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\AppDataLow]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ArcticLine]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Ashampoo]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ASProtect]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ATI]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Auslogics]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BitTorrent]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BitTorrentPlus]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BSD]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BugSplat]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\BVRP Software]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Caphyon]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ChemTable Software]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Chromium]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Clients]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Code Sector]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ComodoGroup]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\csastats]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\CyberLink]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Disc Soft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\DMGR1.25]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\DownloadManager]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EaseUS]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ej-technologies]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EPSON]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\EPSON Software Updater]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\giveawayoftheday.com]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Google]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\IMSIDesign]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\iMusic]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\iSkysoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\JavaSoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\KillSoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Lavasoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Leadertech]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\LiberKey]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Licenses]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\LogiShrd]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Logitech]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Macromedia]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Magnet]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Mozilla]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\NCH Software]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\NCH Swift Sound]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Nero]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\OneSafe Driver Manager]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\OneSafe PC Cleaner]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Opera Software]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Paragon Software]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ParetoLogic]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\PC Optimizer Pro]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\PC Speed Maximizer]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Policies]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ProductSetup]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Realtek]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Reason]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Rebit]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SafelyRemove]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SEIKO EPSON CORPORATION]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SFR]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\SyncEngines]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\sysinternals]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\systweak]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\TechWorld]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Trolltech]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\TunesKit]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\UsbFix]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\UsbFix Standard]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\uTorrentPlus]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WebDiscoverBrowser]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Windscribe]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WinSweeper]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WinSweeper2]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Wondershare]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Wow6432Node]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\WSVCUPlugin]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Zemana]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\ZHP]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\{6487FE51-5D05-4253-8338-2B2FAF2E0214}]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Acronis]
[HKLM\Software\AdsFix]
[HKLM\Software\AMD]
[HKLM\Software\Ashampoo]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVC3]
[HKLM\Software\Bitdefender]
[HKLM\Software\Clients]
[HKLM\Software\Code Sector]
[HKLM\Software\ComodoGroup]
[HKLM\Software\Condusiv Technologies]
[HKLM\Software\CyberLink]
[HKLM\Software\Disc Soft]
[HKLM\Software\Diskeeper Corporation]
[HKLM\Software\ej-technologies]
[HKLM\Software\EPSON]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\KeyCryptSDK]
[HKLM\Software\Khronos]
[HKLM\Software\Lavasoft]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NoVirusThanks]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Paragon Software]
[HKLM\Software\Partner]
[HKLM\Software\PC Optimizer Pro]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\Reason]
[HKLM\Software\Rebit]
[HKLM\Software\Rebit 5]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SafelyRemove]
[HKLM\Software\Softwin]
[HKLM\Software\Solvusoft Corporation]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\WebDiscoverBrowser]
[HKLM\Software\Wondershare]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\bdx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Acronis]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Aimersoft]
[HKLM\Software\WOW6432Node\Alexander Avdonin]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\Anvisoft]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Ashampoo]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Auslogics]
[HKLM\Software\WOW6432Node\BDServices]
[HKLM\Software\WOW6432Node\BSD]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\EaseUS]
[HKLM\Software\WOW6432Node\EaseUS Todo Backup]
[HKLM\Software\WOW6432Node\EPSON]
[HKLM\Software\WOW6432Node\g3n-h@ckm@n]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\iMusic]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Internet Download Manager]
[HKLM\Software\WOW6432Node\iSkysoft]
[HKLM\Software\WOW6432Node\iSkysoftSysMenuDATA]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\KillSoft]
[HKLM\Software\WOW6432Node\Lavasoft]
[HKLM\Software\WOW6432Node\logishrd]
[HKLM\Software\WOW6432Node\Logitech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\NCH Software]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\ParetoLogic]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Reason]
[HKLM\Software\WOW6432Node\Rebit]
[HKLM\Software\WOW6432Node\SafelyRemove]
[HKLM\Software\WOW6432Node\SecurityXploded]
[HKLM\Software\WOW6432Node\Seiko Epson Corporation]
[HKLM\Software\WOW6432Node\SFR]
[HKLM\Software\WOW6432Node\SOSVirus]
[HKLM\Software\WOW6432Node\Systweak]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\Turbo View & Convert]
[HKLM\Software\WOW6432Node\TweakBit]
[HKLM\Software\WOW6432Node\Usbfix]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WafCX]
[HKLM\Software\WOW6432Node\WebDiscoverBrowser]
[HKLM\Software\WOW6432Node\WiseCleaner]
[HKLM\Software\WOW6432Node\Wondershare]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Zemana]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | FeatureControl

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"ServiceProvider.exe"="8000"
"TuneItUp.exe"="8000"
"utorrentie.exe"="11000"
"bittorrentie.exe"="11000"
"Azureus.exe"="11001"
"iMusic.exe"="11000"
"burningstudio19.exe"="10001"
"OneDrive.exe"="11000"
"UI7.exe"="10001"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801]
"burningstudio19.exe"="1"
"UI7.exe"="1"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION]
"utorrentie.exe"="0"
"bittorrentie.exe"="0"
"burningstudio19.exe"="1"
"UI7.exe"="1"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
"iMusic.exe"="1"
"burningstudio19.exe"="1"
"UI7.exe"="1"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"burningstudio19.exe"="10"
"UI7.exe"="10"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"burningstudio19.exe"="10"
"UI7.exe"="10"
[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"utorrentie.exe"="1"
"bittorrentie.exe"="1"
"burningstudio19.exe"="1"
"UI7.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"UNPUXHost.exe"="11000"
"Filmora.exe"="9999"
"sllauncher.exe"="8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
"sllauncher.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"BackItUp.exe"="1"
"BackItUpUpdate.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
"sllauncher.exe"="8000"
"BackItUp.exe"="9000"
"BackItUpUpdate.exe"="9000"
"Power2Go10.exe"="8000"
"YouCam7.exe"="9000"
"WiseJetSearch.exe"="11000"
"TBConsoleUI.exe"="9999"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGUI.exe"="0"
"SAPGuiIT.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
"sllauncher.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"PresentationHost.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"cs.exe"="1"
"waol.exe"="1"
"wm.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"prevhost.exe"="1"
"winmail.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
"WindowsLiveWriter.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
"sllauncher.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"msimn.exe"="1"
"outlook.exe"="1"
"winmail.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"excel.exe"="1"
"infopath.exe"="1"
"powerpnt.exe"="1"
"winword.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"PresentationHost.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"

---------- | The Created last ones ? Modified

[MD5.00000000000000000000000000000000] - [07/12/2017 09:36:39] - |D| - [115540982] - C:\Program Files (x86)\360
[MD5.00000000000000000000000000000000] - [09/12/2017 12:59:34] - |D| - [0] - C:\Program Files (x86)\Acer
[MD5.00000000000000000000000000000000] - [01/12/2017 14:14:04] - |D| - [280025586] - C:\Program Files (x86)\Acronis
[MD5.00000000000000000000000000000000] - [07/12/2017 11:12:14] - |D| - [21894608] - C:\Program Files (x86)\Adguard
[MD5.00000000000000000000000000000000] - [08/12/2017 10:30:35] - |D| - [578782] - C:\Program Files (x86)\Anvisoft
[MD5.00000000000000000000000000000000] - [08/12/2017 10:07:29] - |D| - [2534746] - C:\Program Files (x86)\BOINC
[MD5.00000000000000000000000000000000] - [07/12/2017 10:22:48] - |D| - [155871] - C:\Program Files (x86)\CDBurnerXP
[MD5.00000000000000000000000000000000] - [05/12/2017 08:37:05] - |D| - [40457] - C:\Program Files (x86)\CheckPoint
[MD5.00000000000000000000000000000000] - [07/12/2017 10:01:03] - |D| - [50334257] - C:\Program Files (x86)\Comodo
[MD5.00000000000000000000000000000000] - [09/12/2017 13:00:00] - |D| - [0] - C:\Program Files (x86)\EasyAppSoft
[MD5.00000000000000000000000000000000] - [07/12/2017 10:24:03] - |D| - [1409121] - C:\Program Files (x86)\Executor
[MD5.00000000000000000000000000000000] - [01/12/2017 10:43:36] - |D| - [3381004] - C:\Program Files (x86)\Fast Sitemap Maker
[MD5.00000000000000000000000000000000] - [07/12/2017 10:12:56] - |D| - [4439] - C:\Program Files (x86)\FDRLab
[MD5.00000000000000000000000000000000] - [09/12/2017 13:00:14] - |D| - [0] - C:\Program Files (x86)\Google
[MD5.00000000000000000000000000000000] - [07/12/2017 10:27:05] - |D| - [332107] - C:\Program Files (x86)\ImgBurn
[MD5.00000000000000000000000000000000] - [10/12/2017 08:47:12] - |D| - [15446630] - C:\Program Files (x86)\Internet Download Manager
[MD5.00000000000000000000000000000000] - [09/12/2017 13:01:11] - |D| - [0] - C:\Program Files (x86)\IObit
[MD5.00000000000000000000000000000000] - [09/12/2017 10:57:16] - |D| - [102769700] - C:\Program Files (x86)\jtrent238
[MD5.00000000000000000000000000000000] - [07/12/2017 10:24:29] - |D| - [6727] - C:\Program Files (x86)\Lanmisoft
[MD5.00000000000000000000000000000000] - [09/12/2017 16:35:43] - |D| - [0] - C:\Program Files (x86)\Lavasoft
[MD5.00000000000000000000000000000000] - [07/12/2017 10:16:32] - |D| - [766235] - C:\Program Files (x86)\Microsoft Office
[MD5.00000000000000000000000000000000] - [02/12/2017 12:44:56] - |D| - [1836176] - C:\Program Files (x86)\Microsoft SDKs
[MD5.00000000000000000000000000000000] - [07/12/2017 10:12:08] - |D| - [267932] - C:\Program Files (x86)\Mozilla Maintenance Service
[MD5.00000000000000000000000000000000] - [07/12/2017 10:11:38] - |D| - [96026216] - C:\Program Files (x86)\Mozilla Thunderbird
[MD5.00000000000000000000000000000000] - [08/12/2017 17:45:39] - |D| - [45099] - C:\Program Files (x86)\MP3jam
[MD5.00000000000000000000000000000000] - [02/12/2017 13:51:09] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[MD5.00000000000000000000000000000000] - [07/12/2017 10:16:23] - |D| - [110883841] - C:\Program Files (x86)\MSECache
[MD5.00000000000000000000000000000000] - [05/12/2017 08:33:23] - |D| - [20745823] - C:\Program Files (x86)\muvee Technologies
[MD5.00000000000000000000000000000000] - [07/12/2017 10:30:11] - |D| - [2678459] - C:\Program Files (x86)\NetSetMan
[MD5.00000000000000000000000000000000] - [07/12/2017 10:30:41] - |D| - [265110] - C:\Program Files (x86)\Network Stumbler
[MD5.00000000000000000000000000000000] - [04/12/2017 09:38:28] - |D| - [12735790] - C:\Program Files (x86)\OneSafe Driver Manager
[MD5.00000000000000000000000000000000] - [04/12/2017 09:51:58] - |D| - [0] - C:\Program Files (x86)\ParetoLogic
[MD5.00000000000000000000000000000000] - [07/12/2017 09:58:53] - |D| - [721659] - C:\Program Files (x86)\Phoenix360
[MD5.00000000000000000000000000000000] - [04/12/2017 17:12:20] - |D| - [0] - C:\Program Files (x86)\ProtectStar
[MD5.00000000000000000000000000000000] - [02/12/2017 13:51:17] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[MD5.00000000000000000000000000000000] - [02/12/2017 11:35:31] - |D| - [39211634] - C:\Program Files (x86)\Reg Organizer
[MD5.00000000000000000000000000000000] - [01/12/2017 12:12:59] - |D| - [13186888] - C:\Program Files (x86)\SecurityXploded
[MD5.00000000000000000000000000000000] - [07/12/2017 10:13:41] - |D| - [20391] - C:\Program Files (x86)\SPlayer
[MD5.00000000000000000000000000000000] - [07/12/2017 11:05:40] - |D| - [132553] - C:\Program Files (x86)\SysTools AD Browser
[MD5.00000000000000000000000000000000] - [07/12/2017 11:05:50] - |D| - [961744] - C:\Program Files (x86)\SysTools E01 Viewer
[MD5.00000000000000000000000000000000] - [07/12/2017 11:08:07] - |D| - [703691] - C:\Program Files (x86)\SysTools EPUB to PDF Converter
[MD5.00000000000000000000000000000000] - [02/12/2017 14:07:09] - |D| - [4787448] - C:\Program Files (x86)\SysTools Logon Disclaimer
[MD5.00000000000000000000000000000000] - [02/12/2017 11:43:08] - |D| - [1969093] - C:\Program Files (x86)\Top Password
[MD5.00000000000000000000000000000000] - [01/12/2017 09:17:36] - |D| - [5544209] - C:\Program Files (x86)\TunesKit Spotify Converter
[MD5.00000000000000000000000000000000] - [09/12/2017 13:02:51] - |D| - [0] - C:\Program Files (x86)\TweakBit
[MD5.00000000000000000000000000000000] - [01/12/2017 08:21:17] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[MD5.00000000000000000000000000000000] - [01/12/2017 09:19:32] - |D| - [16705907] - C:\Program Files (x86)\USB Safely Remove
[MD5.00000000000000000000000000000000] - [03/12/2017 10:57:18] - |D| - [9960546] - C:\Program Files (x86)\UsbFix
[MD5.00000000000000000000000000000000] - [07/12/2017 10:15:05] - |D| - [40705624] - C:\Program Files (x86)\VideoLAN
[MD5.00000000000000000000000000000000] - [09/12/2017 14:04:15] - |D| - [39917254] - C:\Program Files (x86)\Windscribe
[MD5.00000000000000000000000000000000] - [07/12/2017 09:55:19] - |D| - [4364879] - C:\Program Files (x86)\XnView
[MD5.B4161BD032671CEE716424781521A5AD] - [01/12/2017 08:05:34] - |AS| - [67584] - C:\WINDOWS\bootstat.dat
[MD5.00000000000000000000000000000000] - [01/12/2017 20:52:57] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [01/12/2017 08:30:00] - |A| - [11433] - C:\WINDOWS\diagerr.xml
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [01/12/2017 08:30:00] - |A| - [11433] - C:\WINDOWS\diagwrn.xml
[MD5.302F451BF9FAD6BC69E76D98CDBCA2BC] - [01/12/2017 05:28:12] - |A| - [3903272] - C:\WINDOWS\explorer.exe
[MD5.00000000000000000000000000000000] - [08/12/2017 19:00:49] - |D| - [0] - C:\WINDOWS\Minidump
[MD5.DE54E40D3A033FC81456CFCE10954CA8] - [10/12/2017 07:47:33] - |A| - [240890] - C:\WINDOWS\ntbtlog.txt
[MD5.943D21573E96F0806119180471DBF071] - [08/12/2017 21:19:46] - |A| - [9238] - C:\WINDOWS\PFRO.log
[MD5.00000000000000000000000000000000] - [01/12/2017 08:04:55] - |D| - [40227036] - C:\WINDOWS\Prefetch
[MD5.00000000000000000000000000000000] - [01/12/2017 05:40:54] - |D| - [41287136] - C:\WINDOWS\ServiceProfiles
[MD5.E11D5FA94F540F914A59DDB608F3772E] - [09/12/2017 05:36:11] - |A| - [1273] - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/12/2017 05:36:11] - |A| - [0] - C:\WINDOWS\setuperr.log
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [08/12/2017 21:25:12] - |A| - [276] - C:\WINDOWS\WindowsUpdate.log
[MD5.36F5D3FFC3332B3F3A48CF1F1DCF05C2] - [09/12/2017 05:34:55] - |A| - [467565] - C:\WINDOWS\ZAM.krnl.trace
[MD5.C4F85351FD70DC758983E01E1A6DC697] - [09/12/2017 05:34:55] - |A| - [480719] - C:\WINDOWS\ZAM_Guard.krnl.trace
[MD5.0EA1BEC4A29DD4C5A387C96CB2B6B7E9] - [01/12/2017 14:11:54] - |A| - [389709824] - C:\WINDOWS\Installer\14312de.msi
[MD5.CF4BD0F8A5D1CFC63EC5759D4DFC4811] - [01/12/2017 20:48:03] - |RA| - [53350400] - C:\WINDOWS\Installer\2aaee7.msp
[MD5.C5369CF71DE1B59363F8046FA852D1C3] - [01/12/2017 12:11:36] - |A| - [1573376] - C:\WINDOWS\Installer\d55bc2.msi
[MD5.E89CE7AEAAA47023A7CCC59335A6CF80] - [01/12/2017 12:10:31] - |A| - [1641472] - C:\WINDOWS\Installer\d55bc5.msi
[MD5.252DBE5F758EF69DE87018F7DF1A696B] - [01/12/2017 12:14:11] - |A| - [1619456] - C:\WINDOWS\Installer\d55bc8.msi
[MD5.F556B7F4ABE8D129AAD99076001A4DED] - [01/12/2017 12:30:56] - |A| - [1623040] - C:\WINDOWS\Installer\d55bce.msi
[MD5.07B31F421CD273021EA6A0463650ABDE] - [09/12/2017 13:47:29] - |A| - [761072] - C:\WINDOWS\Installer\MSI3780.tmp
[MD5.09331E4FDC23ABEE0D287856DD02E9EE] - [02/12/2017 14:08:04] - |A| - [43476480] - C:\WINDOWS\Installer\MSICE08.tmp
[MD5.09331E4FDC23ABEE0D287856DD02E9EE] - [01/12/2017 11:47:10] - |A| - [43476480] - C:\WINDOWS\Installer\MSIE57F.tmp
[MD5.4EE41BC989F02E10493438BFD83054E7] - [01/12/2017 11:31:02] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.A2874465B6AACF11360EF6D03F082CEC] - [01/12/2017 11:30:03] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.6F9C86B84C819E3A30BAB8961930AABC] - [01/12/2017 11:29:32] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.1DE2EE8C2C7FBD2E26A3564BA5F2EE9D] - [02/12/2017 12:41:58] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}
[MD5.D41857E397F54A3B3A4E134F29EB3A93] - [01/12/2017 11:28:43] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.3124D08BA9A0530BD8908A775156CCA3] - [01/12/2017 11:28:49] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.73BD8A33BA32A9DD08E104C1AD05AD46] - [01/12/2017 11:29:20] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.7D419C28F4F9432A540945B22EAC7022] - [01/12/2017 11:29:37] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.1A7B0D334BE64F087643DBC7F50302F7] - [02/12/2017 12:48:23] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}
[MD5.B076861A90D5845AA08D2A070E81B00F] - [01/12/2017 11:30:30] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.EBE20DD86C5BB9156C037AD6A18B0194] - [01/12/2017 20:44:57] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2B9EE1FE-105F-4093-A40E-C1BF12F873B7}
[MD5.FDDACA1B402DBC97589B8B6A1495A497] - [01/12/2017 11:29:43] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.0C31C06B43BFABEA6E4461C0CC4D226D] - [02/12/2017 13:22:42] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2DE5D297-346C-4E9F-8ADE-50B96237787A}
[MD5.F0EFBBFA0407AE547948884D9F1E8FB7] - [02/12/2017 13:25:12] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2ED94916-04E5-4136-AB55-771C315EFE14}
[MD5.C780FBC0F4375102A9AE745BAE479CEC] - [01/12/2017 11:28:21] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
[MD5.E7A353DE2D1CE03B02707FE0868634C0] - [02/12/2017 10:46:20] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{3361D415-BA35-4143-B301-661991BA6219}
[MD5.271B1BFB1C10D59B558EAA193072332E] - [01/12/2017 11:29:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.7ADD1B98D556F11613C7D1898AB4E5CB] - [01/12/2017 11:30:51] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.429B0E0AD94308A6C03EA67A91B34B7D] - [02/12/2017 12:43:46] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00}
[MD5.E91E138ECAE73DF30C5C7EDBB28D32FE] - [02/12/2017 13:20:30] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{4D92F057-1E63-47B3-821E-A5A923502993}
[MD5.361953F61C12903E783A06AE527C9191] - [01/12/2017 12:31:28] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{58548A8C-122B-4889-A7B8-316ADB5B7C47}
[MD5.EAC89A07528FE465D9D47DCEAA55ED88] - [02/12/2017 13:23:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{5BDA045F-B759-4C82-8973-CF4A0D1F0565}
[MD5.302FAB91CD3C06DA580B0554BE97041D] - [01/12/2017 12:14:27] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{6853AF43-F703-4727-9359-1DCFE9B5C689}
[MD5.C023F2FDE9EC4024DD9CCB96BF4C7928] - [02/12/2017 13:19:39] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{6F859524-FD84-42FA-ABA6-D3C464692D31}
[MD5.F145E8B0696CB6A42EEBEDB88B0B3C87] - [02/12/2017 13:18:56] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{6F86D809-5B05-4B61-9131-36FBF692D039}
[MD5.30002FE3BA5C984079DFB85A841623EA] - [01/12/2017 11:29:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.DBB7482D7655F80D784321927251B118] - [01/12/2017 11:30:57] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.568B020633EFEA65E4D217EE0613D245] - [02/12/2017 13:24:03] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7EB60864-1338-4A87-AECF-CB03A4E7E3EC}
[MD5.00A807434733EDE6244D01F68EC425E2] - [02/12/2017 13:21:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{7F88AB75-5493-4F34-B55B-0D03338D317A}
[MD5.F636B51E5746B16AF3F74AD185811757] - [01/12/2017 11:29:50] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.DFF8E7910EFDE712B46957CCC206AE1D] - [02/12/2017 12:44:45] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8C06D6DB-A391-4686-B050-99CC522A7843}
[MD5.549D42613AF8DC9F7AB66CA7AD9C7E47] - [01/12/2017 20:40:16] - |A| - [135168] - C:\WINDOWS\Installer\SourceHash{8C5F8558-39DE-4903-B55A-4DF790090CB3}
[MD5.88BCB6650B1A072AE7BC0134BF4B5A51] - [01/12/2017 11:30:46] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.05CF97189669ADFA48DA4D9EC68F0A7E] - [02/12/2017 13:18:43] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8EB1B142-EA26-4B77-A5A3-89734F6FA6A0}
[MD5.CEED81054A617AD7B74279E404D2EB50] - [01/12/2017 11:30:35] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.53711361C2FFC955F5243F39A2578450] - [02/12/2017 13:22:59] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{9F4703F5-B4C0-4899-B359-17D360E17637}
[MD5.A1E18392073ACB8010F4FE4AA93EBC59] - [01/12/2017 11:30:14] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.FBE117FA3F721983DC17AA26B46809A2] - [01/12/2017 11:30:40] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.3081ECA8565BCADC5EEF35D892446807] - [01/12/2017 11:31:19] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.095F6AE0F5312B8A5AAA12709A264DF3] - [02/12/2017 07:51:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B55DB65D-EF6E-4E04-89D5-B03603BF681B}
[MD5.31604895DCCC72C6663CB061EE9A1C8E] - [01/12/2017 11:30:25] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.E780108C7A3C04DFF5A1BE9B1E7A731B] - [02/12/2017 12:42:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}
[MD5.031A2678C296ED262450C38D4FA16D76] - [01/12/2017 11:29:57] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.D353E465CFCD38386A57E9F915B72137] - [01/12/2017 11:28:57] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.0A51F6ACA00E97D4629669D1D0917AB8] - [02/12/2017 13:19:28] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{C9E748DF-6F58-4C7F-8062-A252EFD3E72D}
[MD5.7D6C0B9F96954C256EDA3B2EBA1CB5E7] - [01/12/2017 11:30:08] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.CF30F38BAA2F123326E2A7F3382DC123] - [01/12/2017 14:13:16] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
[MD5.006FF8472F6BB458188B4A2030087D11] - [02/12/2017 12:43:26] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
[MD5.764BE4BDEE55DC6895012AEA31CEC472] - [01/12/2017 12:12:53] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{DD3D64A7-3165-458D-96D4-06FBC609C22A}
[MD5.F3B27383C88D2C0FE3FDB8B6E5CD3CEE] - [02/12/2017 13:27:59] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E2897A12-7C03-4678-A339-AFA3CDC51DC4}
[MD5.0458854BF82295757FFC184E46025384] - [02/12/2017 13:16:44] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E58F0C9C-2DEA-4AD1-8548-B3CB08A61CE9}
[MD5.FED8E0981628E8F50EF4341931A7B554] - [01/12/2017 11:31:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.CB05C74A0EC422D1B5816CAD7F3E3422] - [01/12/2017 11:30:19] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.7AEFB1E8A326F73209D748C841A19000] - [02/12/2017 13:20:09] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{ED2D4617-0645-4D0A-968F-2FC018921103}
[MD5.1A06F08889F0C927F4C6D3B47A56D0AD] - [01/12/2017 11:29:14] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.5113478C348F75F4363A654ACF9B816F] - [01/12/2017 12:15:40] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}
[MD5.6F440FAE720E4FD7BBB27BD74E9606DF] - [01/12/2017 11:29:03] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.D9BABEA12AD9EC32BB04234E8FF5AEAE] - [01/12/2017 11:28:27] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/12/2017 13:23:54] - |A| - [0] - C:\WINDOWS\Installer\wix{5BDA045F-B759-4C82-8973-CF4A0D1F0565}.SchedServiceConfig.rmi
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/12/2017 13:23:06] - |A| - [0] - C:\WINDOWS\Installer\wix{9F4703F5-B4C0-4899-B359-17D360E17637}.SchedServiceConfig.rmi
[MD5.00000000000000000000000000000000] - [01/12/2017 11:31:03] - |D| - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:04] - |D| - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:32] - |D| - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:28:44] - |D| - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}
[MD5.00000000000000000000000000000000] - [01/12/2017 14:25:09] - |D| - [1990064] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:28:52] - |D| - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:21] - |D| - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:38] - |D| - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}
[MD5.00000000000000000000000000000000] - [02/12/2017 12:49:52] - |D| - [5430] - C:\WINDOWS\Installer\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:31] - |D| - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}
[MD5.00000000000000000000000000000000] - [01/12/2017 20:45:49] - |D| - [5430] - C:\WINDOWS\Installer\{2B9EE1FE-105F-4093-A40E-C1BF12F873B7}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:45] - |D| - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:27] - |D| - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:52] - |D| - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}
[MD5.00000000000000000000000000000000] - [01/12/2017 12:31:30] - |D| - [339913] - C:\WINDOWS\Installer\{58548A8C-122B-4889-A7B8-316ADB5B7C47}
[MD5.00000000000000000000000000000000] - [01/12/2017 12:14:31] - |D| - [357735] - C:\WINDOWS\Installer\{6853AF43-F703-4727-9359-1DCFE9B5C689}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:09] - |D| - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:57] - |D| - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:51] - |D| - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}
[MD5.00000000000000000000000000000000] - [02/12/2017 09:07:05] - |D| - [72888] - C:\WINDOWS\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}
[MD5.00000000000000000000000000000000] - [02/12/2017 12:45:00] - |D| - [5430] - C:\WINDOWS\Installer\{8C06D6DB-A391-4686-B050-99CC522A7843}
[MD5.00000000000000000000000000000000] - [01/12/2017 20:43:35] - |D| - [5430] - C:\WINDOWS\Installer\{8C5F8558-39DE-4903-B55A-4DF790090CB3}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:47] - |D| - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:36] - |D| - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:15] - |D| - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:41] - |D| - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:31:31] - |D| - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}
[MD5.00000000000000000000000000000000] - [02/12/2017 07:51:33] - |D| - [50659] - C:\WINDOWS\Installer\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:25] - |D| - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:58] - |D| - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:28:58] - |D| - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:09] - |D| - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}
[MD5.00000000000000000000000000000000] - [01/12/2017 14:14:33] - |D| - [1862565] - C:\WINDOWS\Installer\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
[MD5.00000000000000000000000000000000] - [01/12/2017 12:13:00] - |D| - [290826] - C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:31:11] - |D| - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:30:20] - |D| - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:15] - |D| - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}
[MD5.00000000000000000000000000000000] - [01/12/2017 12:15:53] - |D| - [336110] - C:\WINDOWS\Installer\{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}
[MD5.00000000000000000000000000000000] - [01/12/2017 11:29:04] - |D| - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}
[MD5.15F695BDE38A22C16F0A102C06A26A25] - [01/12/2017 05:27:49] - |A| - [59392] - C:\WINDOWS\system32\aadjcsp.dll
[MD5.DC7A7BAA6D4A55E76AD36F3540158104] - [01/12/2017 05:27:44] - |A| - [329728] - C:\WINDOWS\system32\AcGenral.dll
[MD5.5AAD481C94F657CC91C82A165CD25D18] - [01/12/2017 05:27:45] - |A| - [301056] - C:\WINDOWS\system32\AcLayers.dll
[MD5.4B95F733A1EC08B761CCD3CE5075620A] - [01/12/2017 05:27:44] - |A| - [198888] - C:\WINDOWS\system32\acmigration.dll
[MD5.BF43A32C27A158EDFDADFFA0CFC4D15F] - [01/12/2017 05:27:47] - |A| - [79360] - C:\WINDOWS\system32\acppage.dll
[MD5.3C6C3224C34034C0595DA106161DEC7D] - [01/12/2017 04:58:09] - |A| - [56320] - C:\WINDOWS\system32\AcSpecfc.dll
[MD5.4F30CAF7AAE8F252F18B67841B628681] - [01/12/2017 05:27:30] - |A| - [516096] - C:\WINDOWS\system32\ActivationManager.dll
[MD5.F43ABDFA47E5BE7140257E5446F4D46D] - [01/12/2017 05:28:11] - |A| - [588288] - C:\WINDOWS\system32\actxprxy.dll
[MD5.C89276EA06E8685178068119C86D2EA4] - [01/12/2017 04:58:11] - |A| - [612760] - C:\WINDOWS\system32\aeinv.dll
[MD5.CAEB6AF3A134352BBFD583CA6DF89F2C] - [01/12/2017 05:27:48] - |A| - [534528] - C:\WINDOWS\system32\apphelp.dll
[MD5.22791657F99E041D1CC5C661E8684427] - [01/12/2017 05:27:47] - |A| - [1585376] - C:\WINDOWS\system32\appraiser.dll
[MD5.FC84A32FEC277EAA7A276323A76557DD] - [01/12/2017 05:27:44] - |A| - [1495040] - C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
[MD5.6812FCF6055A55E68335DB3F852C52EB] - [01/12/2017 05:27:44] - |A| - [2208768] - C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
[MD5.CDA40734BCFBDEE943C94E1B7415CB22] - [01/12/2017 05:27:44] - |A| - [3163648] - C:\WINDOWS\system32\AppXDeploymentServer.dll
[MD5.CDF042304DFF146ED181F5FF1C89C53B] - [01/12/2017 05:27:28] - |A| - [603920] - C:\WINDOWS\system32\audiodg.exe
[MD5.E59C82DA87A6772DD1EDC72785B853B3] - [01/12/2017 05:27:29] - |A| - [685056] - C:\WINDOWS\system32\AudioEndpointBuilder.dll
[MD5.CCAD2D6BEF87987081BC611ED249799E] - [01/12/2017 05:27:29] - |A| - [1426160] - C:\WINDOWS\system32\AudioEng.dll
[MD5.F864CF52F6255E902350C3A938E20C73] - [01/12/2017 05:27:29] - |A| - [1170008] - C:\WINDOWS\system32\AudioSes.dll
[MD5.CC58B65C787EFD705655CE041F9E3E71] - [01/12/2017 05:27:29] - |A| - [1485824] - C:\WINDOWS\system32\audiosrv.dll
[MD5.F00DE456857C158E6DF1D65EA829F1CF] - [01/12/2017 05:28:08] - |A| - [464408] - C:\WINDOWS\system32\bcryptprimitives.dll
[MD5.F4F0537191AAF36A7C2BC13774E12662] - [01/12/2017 04:58:03] - |A| - [362176] - C:\WINDOWS\system32\BioIso.exe
[MD5.E2C8EE32C053892E685A989071AAE333] - [01/12/2017 04:58:00] - |A| - [227328] - C:\WINDOWS\system32\CapabilityAccessManager.dll
[MD5.134302655123A6CB305DD5C446508E26] - [01/12/2017 04:58:00] - |A| - [95744] - C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
[MD5.05130FE5EAA59700376A6D4192AD382E] - [01/12/2017 05:28:36] - |A| - [8099328] - C:\WINDOWS\system32\Chakra.dll
[MD5.C4054E51FD78F7A1A3B8F429E4A17E4D] - [01/12/2017 04:57:56] - |A| - [710920] - C:\WINDOWS\system32\ci.dll
[MD5.699F80ECFF6C90EC54181783F5423338] - [01/12/2017 05:27:48] - |A| - [404888] - C:\WINDOWS\system32\CloudExperienceHost.dll
[MD5.75AC1FF17F1597016609DF5EE56F5EED] - [01/12/2017 05:27:29] - |A| - [436120] - C:\WINDOWS\system32\CloudExperienceHostCommon.dll
[MD5.5527F579BA04F8F4326F75C6FCD881D8] - [01/12/2017 05:27:28] - |A| - [1488792] - C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
[MD5.57A7EC3D2B24DE7E1614EB1C9F487509] - [01/12/2017 05:28:08] - |A| - [126464] - C:\WINDOWS\system32\cryptcatsvc.dll
[MD5.0DC5C28829345B31998AA4A063CF2917] - [01/12/2017 04:58:02] - |A| - [442880] - C:\WINDOWS\system32\cryptngc.dll
[MD5.758C0F703E022BC05CA841D63A955404] - [01/12/2017 04:58:00] - |A| - [7831248] - C:\WINDOWS\system32\d3d10warp.dll
[MD5.20FF9545EBBADF1FDA01388F6FF799B3] - [01/12/2017 05:27:32] - |A| - [3010720] - C:\WINDOWS\system32\d3d11.dll
[MD5.DE99750CF68F639683435AD1375B0F39] - [01/12/2017 05:28:09] - |A| - [1642520] - C:\WINDOWS\system32\d3d9.dll
[MD5.BD22DA95CD4C11BE4FA235D891D63573] - [01/12/2017 05:27:32] - |A| - [830464] - C:\WINDOWS\system32\d3d9on12.dll
[MD5.BB73FD1329739982C2915AB827A01362] - [01/12/2017 05:27:31] - |A| - [238080] - C:\WINDOWS\system32\DeviceSetupManager.dll
[MD5.58111BCE5F69F07BD08ACDEC24AC8A65] - [01/12/2017 05:27:40] - |A| - [84992] - C:\WINDOWS\system32\DeviceUpdateAgent.dll
[MD5.343649413CFA145E33D7B8D6A58F7308] - [01/12/2017 04:58:11] - |A| - [610712] - C:\WINDOWS\system32\devinv.dll
[MD5.9D7CD34F913A13E3A7F21580AD0D9832] - [01/12/2017 05:28:32] - |A| - [666112] - C:\WINDOWS\system32\DHolographicDisplay.dll
[MD5.93AE3D0B61365651158E3C11F0A26228] - [01/12/2017 04:57:58] - |A| - [2633216] - C:\WINDOWS\system32\diagtrack.dll
[MD5.23E935F494FC0407AFF24788CEC40607] - [01/12/2017 05:27:46] - |A| - [474112] - C:\WINDOWS\system32\DictationManager.dll
[MD5.A94E2533A7604E4AA05DCCC675A9F396] - [01/12/2017 04:57:55] - |A| - [739696] - C:\WINDOWS\system32\dnsapi.dll
[MD5.CC0F9BF24C9BD4612823FD5311FE6261] - [01/12/2017 05:27:49] - |A| - [2862080] - C:\WINDOWS\system32\dwmcore.dll
[MD5.46D2F0E302BD88193D3FEDF1FE9EF250] - [01/12/2017 05:27:32] - |A| - [703536] - C:\WINDOWS\system32\dxgi.dll
[MD5.319B2486B1C978B9B29ACC28855A9724] - [01/12/2017 05:28:37] - |A| - [25247744] - C:\WINDOWS\system32\edgehtml.dll
[MD5.25B1EC63B30BC062DA3E6C552B11FDE0] - [01/12/2017 05:28:40] - |A| - [754688] - C:\WINDOWS\system32\evr.dll
[MD5.FC8442D6B1C03CCEC5A16F681DAAF201] - [01/12/2017 05:27:30] - |A| - [292864] - C:\WINDOWS\system32\ExecModelClient.dll
[MD5.CD5EAA9CD5151A97BF5E7747BDBC9290] - [01/12/2017 05:27:41] - |A| - [4772352] - C:\WINDOWS\system32\ExplorerFrame.dll
[MD5.BAC5074667751F72A9CE48CDC31BAC48] - [01/12/2017 07:54:33] - |A| - [10752] - C:\WINDOWS\system32\E_GCINST.DLL
[MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - [01/12/2017 07:54:31] - |A| - [83968] - C:\WINDOWS\system32\E_ID4BLPE.DLL
[MD5.2E21840342850A8A7F28D28D6DD3A1CD] - [01/12/2017 07:54:31] - |A| - [179712] - C:\WINDOWS\system32\E_ILMBLPE.DLL
[MD5.4C3F9C29272215D7C6D07D03BC30E877] - [01/12/2017 04:58:02] - |A| - [975872] - C:\WINDOWS\system32\FaceProcessor.dll
[MD5.9100FDF61D7977FD2C2E1D62589171DC] - [01/12/2017 04:58:02] - |A| - [269696] - C:\WINDOWS\system32\FaceProcessorCore.dll
[MD5.57127DC98DDCF73FA4FFFA853BF7E3E9] - [01/12/2017 04:58:02] - |A| - [542208] - C:\WINDOWS\system32\FirewallAPI.dll
[MD5.55A601C6095888ADC0DF17FC4E59083A] - [01/12/2017 08:03:42] - |A| - [227056] - C:\WINDOWS\system32\FNTCACHE.DAT
[MD5.F8F1C1C77ADFC7F0E253579B06DF2120] - [01/12/2017 05:28:09] - |A| - [779440] - C:\WINDOWS\system32\fontdrvhost.exe
[MD5.E3F90579DF3BB1348A158645508F7645] - [01/12/2017 05:28:10] - |A| - [1636376] - C:\WINDOWS\system32\gdi32full.dll
[MD5.5A8BDA00F165CA0153127463BC5E2480] - [01/12/2017 05:28:10] - |A| - [1664000] - C:\WINDOWS\system32\GdiPlus.dll
[MD5.0C4644CEDC2EF8C9A2825FC097602727] - [01/12/2017 05:27:48] - |A| - [654048] - C:\WINDOWS\system32\generaltel.dll
[MD5.00000000000000000000000000000000] - [10/12/2017 09:44:59] - |HD| - [304] - C:\WINDOWS\system32\GroupPolicy
[MD5.A194E0F19A739DF314FB07F2F1B5E42A] - [01/12/2017 05:27:51] - |A| - [471960] - C:\WINDOWS\system32\hal.dll
[MD5.40DA61D1877834C87F740C1CCB1D123F] - [01/12/2017 05:28:32] - |A| - [17084416] - C:\WINDOWS\system32\HologramCompositor.dll
[MD5.65FA065097604EB009EB7414FA2F84BF] - [01/12/2017 05:28:34] - |A| - [540672] - C:\WINDOWS\system32\HolographicExtensions.dll
[MD5.DCB0DF07F0FE7ECBC2BB612B004318FB] - [01/12/2017 04:58:43] - |A| - [336896] - C:\WINDOWS\system32\HolographicRuntimes.dll
[MD5.A5FCC3239A964FF943E7B3ED56A759B9] - [01/12/2017 05:27:21] - |A| - [1053592] - C:\WINDOWS\system32\hvax64.exe
[MD5.65227BF6EF6408ABAAA6BFF275F817A0] - [01/12/2017 05:27:20] - |A| - [1200536] - C:\WINDOWS\system32\hvix64.exe
[MD5.E5DF1207FAB7058C1358685DADC1BCD2] - [01/12/2017 05:28:33] - |A| - [21754368] - C:\WINDOWS\system32\Hydrogen.dll
[MD5.1E95D45353C18022299A365B3D23D584] - [01/12/2017 05:28:36] - |A| - [12829696] - C:\WINDOWS\system32\ieframe.dll
[MD5.BE2BBB911D1C5053E219197E0AB97D57] - [01/12/2017 05:27:33] - |A| - [1307136] - C:\WINDOWS\system32\InstallService.dll
[MD5.AA12B196E54E327EFF71618AC29097C2] - [01/12/2017 05:27:34] - |A| - [1167360] - C:\WINDOWS\system32\ISM.dll
[MD5.41C4CFCE1467DE655B73DCFF47B2346A] - [01/12/2017 04:58:46] - |A| - [812032] - C:\WINDOWS\system32\jscript.dll
[MD5.A3E9EE2C70270C0E887770529008BF61] - [01/12/2017 05:28:36] - |A| - [4742144] - C:\WINDOWS\system32\jscript9.dll
[MD5.0B7D0E13BC19B17C3D45B249624A7BD8] - [01/12/2017 05:28:36] - |A| - [708096] - C:\WINDOWS\system32\jscript9diag.dll
[MD5.D596AB688F08DC2D27824A53E424AE7D] - [01/12/2017 04:36:30] - |A| - [52937] - C:\WINDOWS\system32\license.rtf
[MD5.A5EEED5BA3DACF7B292C958B70AE87BB] - [01/12/2017 05:28:10] - |A| - [556544] - C:\WINDOWS\system32\LockAppBroker.dll
[MD5.BCECD4F481BEC362D32B3493A029F2A5] - [01/12/2017 05:28:09] - |A| - [720896] - C:\WINDOWS\system32\LogonController.dll
[MD5.495110A3C01BB113FFAE56CB387B6902] - [01/12/2017 04:57:56] - |A| - [1547264] - C:\WINDOWS\system32\lsasrv.dll
[MD5.CD0E783755F962CC3602DDB65759A056] - [09/12/2017 07:57:14] - |A| - [6964] - C:\WINDOWS\system32\lvcoinst.log
[MD5.F90AC6637578CC765F3A7BD886A2FE7D] - [01/12/2017 04:59:10] - |A| - [1970520] - C:\WINDOWS\system32\mfasfsrcsnk.dll
[MD5.555D7153C97851B3F68EEF31698BF6A0] - [01/12/2017 04:59:09] - |A| - [4487968] - C:\WINDOWS\system32\mfcore.dll
[MD5.F6BB9246251CA52B0F014A70E40FD896] - [01/12/2017 05:29:05] - |A| - [4814848] - C:\WINDOWS\system32\MFMediaEngine.dll
[MD5.E1E4D051E301ACC0C2080D3B9D674C3F] - [01/12/2017 04:59:08] - |A| - [2717392] - C:\WINDOWS\system32\mfmp4srcsnk.dll
[MD5.15D8193E2D96068207428D318E1D9BCF] - [01/12/2017 04:59:09] - |A| - [1507736] - C:\WINDOWS\system32\mfmpeg2srcsnk.dll
[MD5.4DDD1E210745B57CD1AACE0E853EE621] - [01/12/2017 04:59:08] - |A| - [2269080] - C:\WINDOWS\system32\mfsrcsnk.dll
[MD5.B8DEEBB581170D5ACD990E0A9BBD297C] - [01/12/2017 05:29:05] - |A| - [1259344] - C:\WINDOWS\system32\mfsvr.dll
[MD5.00000000000000000000000000000000] - [01/12/2017 05:40:55] - |D| - [1125160] - C:\WINDOWS\system32\Microsoft
[MD5.D8E93762140EC925039007F29C09CCE9] - [01/12/2017 04:58:09] - |A| - [3478016] - C:\WINDOWS\system32\mispace.dll
[MD5.A2C216233E8A1CF98315E76EBF69D73D] - [01/12/2017 04:58:02] - |A| - [925184] - C:\WINDOWS\system32\MPSSVC.dll
[MD5.9C07AEE33047FA6E014D3E3BDC311938] - [01/12/2017 20:53:43] - |A| - [127017032] - C:\WINDOWS\system32\MRT-KB890830.exe
[MD5.AC5E46903DC862773FF3F3F309CB0D3A] - [01/12/2017 04:58:09] - |A| - [1463856] - C:\WINDOWS\system32\msctf.dll
[MD5.CCDDB072976ECD5A08B5623CF1A986B2] - [01/12/2017 04:58:12] - |A| - [22528] - C:\WINDOWS\system32\msdtcVSp1res.dll
[MD5.E72416FFF363E385F5468D8099C97DF9] - [01/12/2017 05:28:36] - |A| - [23659008] - C:\WINDOWS\system32\mshtml.dll
[MD5.6BCCF431D6B42441DF3FFB28CC959B77] - [01/12/2017 04:57:56] - |A| - [418712] - C:\WINDOWS\system32\msv1_0.dll
[MD5.9EA584CF32E03ABCDADABCBF953F5398] - [01/12/2017 05:28:08] - |A| - [630752] - C:\WINDOWS\system32\msvcrt.dll
[MD5.4A77337D3A7701CC674AEA86F4395728] - [01/12/2017 05:29:05] - |A| - [1054280] - C:\WINDOWS\system32\msvproc.dll
[MD5.CD642CD7361FFAD82706B36E47C654C6] - [01/12/2017 05:27:35] - |A| - [2412168] - C:\WINDOWS\system32\msxml6.dll
[MD5.EE9671304D235C3D507410288A45BF85] - [01/12/2017 05:27:23] - |A| - [327680] - C:\WINDOWS\system32\MusNotification.exe
[MD5.3CCACB9DB3BDF7D6D71B882568CAE3A5] - [01/12/2017 05:27:23] - |A| - [211456] - C:\WINDOWS\system32\MusNotificationUx.exe
[MD5.1051DD686EE2213686B2A63DE5653C8F] - [01/12/2017 05:27:23] - |A| - [264040] - C:\WINDOWS\system32\MusNotifyIcon.exe
[MD5.57AA44CFEA7DCB22E160EB256AB5EDCB] - [01/12/2017 04:58:02] - |A| - [478208] - C:\WINDOWS\system32\NgcCtnr.dll
[MD5.ECFCE3CDF2A7A2EA3C39F88982C5B931] - [01/12/2017 04:58:14] - |A| - [1954048] - C:\WINDOWS\system32\ntdll.dll
[MD5.DC73C3646FDE6D8170C06496F6DA8C30] - [01/12/2017 05:27:50] - |A| - [8590744] - C:\WINDOWS\system32\ntoskrnl.exe
[MD5.B66CAAFB13686E48A3E5056D2B5C7FD8] - [01/12/2017 04:58:17] - |A| - [768512] - C:\WINDOWS\system32\PCPKsp.dll
[MD5.D6A2B6F83995A467D1D2D51DB7BEF80A] - [01/12/2017 08:24:38] - |A| - [2335684] - C:\WINDOWS\system32\PerfStringBackup.INI
[MD5.2E93D83A7FE47BAC04871BC28A581DFE] - [02/12/2017 13:33:07] - |A| - [124624] - C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
[MD5.6A0F1962F26827AC742E26815BE70546] - [02/12/2017 13:33:08] - |A| - [1166520] - C:\WINDOWS\system32\PresentationNative_v0300.dll
[MD5.86CD2918AE4496B4A71AC1C56AB1DB0C] - [01/12/2017 05:28:11] - |A| - [432640] - C:\WINDOWS\system32\provengine.dll
[MD5.DD499F6338A93B026DE2FA9F944581DE] - [01/12/2017 05:28:11] - |A| - [424960] - C:\WINDOWS\system32\provhandlers.dll
[MD5.00C59F36DBE07A9F4537AD0FA92956E3] - [01/12/2017 05:28:11] - |A| - [204288] - C:\WINDOWS\system32\provisioningcsp.dll
[MD5.16229032FE74102981400083BE23ECA1] - [01/12/2017 05:28:11] - |A| - [73216] - C:\WINDOWS\system32\provtool.exe
[MD5.D4AFC52CE2B2857A57E5B41467B9C97C] - [01/12/2017 04:57:58] - |A| - [46080] - C:\WINDOWS\system32\rdrleakdiag.exe
[MD5.24C716C6A5AA3BEC3180BB15050C75C5] - [01/12/2017 04:57:58] - |A| - [654848] - C:\WINDOWS\system32\RDXService.dll
[MD5.AE7818D055274F4E2D688CDA01C5932B] - [01/12/2017 05:27:40] - |A| - [1570816] - C:\WINDOWS\system32\RecoveryDrive.exe
[MD5.5014918488EE3C1CD6D150AFF0321060] - [01/12/2017 04:57:57] - |A| - [97792] - C:\WINDOWS\system32\runexehelper.exe
[MD5.AB25414E0736EEFA6EE50969A5177AD2] - [01/12/2017 05:27:20] - |A| - [899584] - C:\WINDOWS\system32\samsrv.dll
[MD5.E547FE23C28538B930E1E62BFD2E2366] - [01/12/2017 05:28:12] - |A| - [519152] - C:\WINDOWS\system32\SecurityHealthService.exe
[MD5.A219989791DDE8880B048E2214867E6A] - [01/12/2017 05:27:41] - |A| - [615768] - C:\WINDOWS\system32\services.exe
[MD5.9071FBE8E295AFBB1AD6D72BAA5F4FB7] - [01/12/2017 04:58:00] - |A| - [135168] - C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
[MD5.F6396C9A0D9486D39B28B8EC9AB69227] - [01/12/2017 05:27:48] - |A| - [170496] - C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
[MD5.C402E09AA10A8BEDB85690426A131F32] - [01/12/2017 05:28:11] - |A| - [168448] - C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
[MD5.B4B15912458C54F64C92A29F3837B3A9] - [01/12/2017 05:27:42] - |A| - [21352136] - C:\WINDOWS\system32\shell32.dll
[MD5.DBF290ED70B035753E62AD22E6EF0BBA] - [01/12/2017 05:27:46] - |A| - [266752] - C:\WINDOWS\system32\SIHClient.exe
[MD5.00000000000000000000000000000000] - [01/12/2017 08:03:47] - |D| - [14941909] - C:\WINDOWS\system32\SleepStudy
[MD5.A0A83AAC8F9B6998F536D447BDC71801] - [01/12/2017 05:27:31] - |A| - [2596352] - C:\WINDOWS\system32\smartscreen.exe
[MD5.C230D1E09E95A40A3C7299AE618E9C2D] - [01/12/2017 05:27:31] - |A| - [239104] - C:\WINDOWS\system32\smartscreenps.dll
[MD5.D4F22CDF9E777345B32CEC0501334D1E] - [01/12/2017 05:27:28] - |A| - [361984] - C:\WINDOWS\system32\SpatializerApo.dll
[MD5.5CF28E37F2BF80902DA50CF1A95294CE] - [01/12/2017 04:58:17] - |A| - [956416] - C:\WINDOWS\system32\Spectrum.exe
[MD5.6EC95452A84480049CECFF79E5363EAF] - [01/12/2017 05:27:47] - |A| - [3578368] - C:\WINDOWS\system32\SRH.dll
[MD5.49204FC89B5373816D10DD4E6914512A] - [01/12/2017 05:27:52] - |A| - [184984] - C:\WINDOWS\system32\sspicli.dll
[MD5.68893EE17BDDAF4F73FFDEC5112F341A] - [01/12/2017 04:58:11] - |A| - [5906264] - C:\WINDOWS\system32\StartTileData.dll
[MD5.9624BFBB81E635FCDE5D658D51887287] - [01/12/2017 05:27:39] - |A| - [1425408] - C:\WINDOWS\system32\SystemSettings.Handlers.dll
[MD5.9CBC4888715F91D431D238CDD668CACF] - [01/12/2017 05:28:09] - |A| - [175104] - C:\WINDOWS\system32\t2embed.dll
[MD5.7CCB104FEA72FF7CDE6BDCAC33B01798] - [01/12/2017 05:27:34] - |A| - [568832] - C:\WINDOWS\system32\TileDataRepository.dll
[MD5.DF638470D7027588A19BEA09782422AC] - [01/12/2017 04:58:03] - |A| - [665088] - C:\WINDOWS\system32\TpmCoreProvisioning.dll
[MD5.1554D0AF694A2D82E0CA77F11F2B06E5] - [01/12/2017 04:58:17] - |A| - [58880] - C:\WINDOWS\system32\TpmTasks.dll
[MD5.3F4C120786102E64D970E077886C70FF] - [02/12/2017 13:33:08] - |A| - [35456] - C:\WINDOWS\system32\TsWpfWrp.exe
[MD5.DBEB11161598F1BEA107378F2908B945] - [01/12/2017 04:57:55] - |A| - [1554216] - C:\WINDOWS\system32\twinapi.appcore.dll
[MD5.CC3B15631D550D1CD5703DCE5E0A9CE2] - [01/12/2017 05:27:44] - |A| - [7545344] - C:\WINDOWS\system32\twinui.dll
[MD5.8205BA100F0E443E8E0E993AF8522DFE] - [01/12/2017 04:58:10] - |A| - [2972672] - C:\WINDOWS\system32\twinui.pcshell.dll
[MD5.C0CBC8CD4943DD37D333BAE93164EFE2] - [01/12/2017 04:57:56] - |A| - [2560] - C:\WINDOWS\system32\tzres.dll
[MD5.C5483662773C9745E8D7C340F1093C1F] - [01/12/2017 05:27:19] - |A| - [1003104] - C:\WINDOWS\system32\ucrtbase.dll
[MD5.A3CCFB8A5BD48F56EF2ACB4A427A1AC7] - [01/12/2017 05:27:20] - |A| - [151040] - C:\WINDOWS\system32\umpo.dll
[MD5.CFB1D2F347AEAA30D19CC64CC25AF8ED] - [01/12/2017 05:27:21] - |A| - [2446744] - C:\WINDOWS\system32\UpdateAgent.dll
[MD5.31284183CD4FBBAE4257442DCCA13B34] - [01/12/2017 05:27:23] - |A| - [115200] - C:\WINDOWS\system32\updatepolicy.dll
[MD5.226799D43902E46AC43FFCB43B0CE413] - [01/12/2017 05:28:11] - |A| - [1822208] - C:\WINDOWS\system32\urlmon.dll
[MD5.3A4B2BBB3DA12E9DF2FE07D834026485] - [01/12/2017 04:58:03] - |A| - [1634288] - C:\WINDOWS\system32\user32.dll
[MD5.70549962B15B5238A192787846E123BC] - [01/12/2017 05:27:44] - |A| - [1353728] - C:\WINDOWS\system32\usercpl.dll
[MD5.97575718CA5B619948E4211CD2A57AF9] - [01/12/2017 05:27:23] - |A| - [92160] - C:\WINDOWS\system32\usoapi.dll
[MD5.0DA0636E077688F4CBF740F0A62263E1] - [01/12/2017 05:27:23] - |A| - [1289216] - C:\WINDOWS\system32\usocore.dll
[MD5.57E46CD991719300C065456E021DDFC1] - [01/12/2017 05:27:29] - |A| - [374032] - C:\WINDOWS\system32\vac.exe
[MD5.4518754AFBB0BBE228F05DA7052FAD2F] - [01/12/2017 04:58:08] - |A| - [599040] - C:\WINDOWS\system32\vbscript.dll
[MD5.9239FC7AE85F65BEDD28539AD4EB37AF] - [01/12/2017 05:27:50] - |A| - [705944] - C:\WINDOWS\system32\wimgapi.dll
[MD5.26601A158283CCC086D1362491D0D7A7] - [01/12/2017 05:27:50] - |A| - [525208] - C:\WINDOWS\system32\wimserv.exe
[MD5.9568489CA43AE32C0F8FA03E8B7058B8] - [01/12/2017 05:27:33] - |A| - [2106880] - C:\WINDOWS\system32\win32kbase.sys
[MD5.88A868A4C1A9415BF5A47ECF3064CCD1] - [01/12/2017 05:27:35] - |A| - [3670016] - C:\WINDOWS\system32\win32kfull.sys
[MD5.11DFEF29C58BE1E2B7B85E185B53FFB3] - [01/12/2017 05:28:11] - |A| - [432640] - C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
[MD5.BE3498362CF57B4C6E1FDC1EBB80002B] - [01/12/2017 05:27:30] - |A| - [3186688] - C:\WINDOWS\system32\Windows.CloudStore.dll
[MD5.E5F9A9FD19E09E50D61F6FFF5D6BA703] - [01/12/2017 04:59:09] - |A| - [6791472] - C:\WINDOWS\system32\Windows.Media.dll
[MD5.7317E96426BE914EF33C26CB32DC8B9B] - [01/12/2017 05:27:45] - |A| - [7386664] - C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
[MD5.F081DCD8659706E82AE2D922DB502BA9] - [01/12/2017 04:58:10] - |A| - [1806336] - C:\WINDOWS\system32\Windows.Media.Speech.dll
[MD5.631B99AD97ADDF419A0D152E1B82CBD8] - [01/12/2017 05:28:12] - |A| - [3331520] - C:\WINDOWS\system32\Windows.Mirage.dll
[MD5.D9B8B3EE11639F7610387B3BE74226B9] - [01/12/2017 05:28:11] - |A| - [882688] - C:\WINDOWS\system32\Windows.Mirage.Internal.dll
[MD5.60422C5B6ACD473260D518105C5FAD21] - [01/12/2017 05:27:30] - |A| - [887296] - C:\WINDOWS\system32\Windows.Networking.dll
[MD5.7466B53D8141267FC62A96110A87A852] - [01/12/2017 05:27:30] - |A| - [840440] - C:\WINDOWS\system32\Windows.Perception.Stub.dll
[MD5.1E0C32C48955E92042BFB9E3F38386F0] - [01/12/2017 05:27:35] - |A| - [1012120] - C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
[MD5.C5D926F58DA12E392DADED76E10CD2D1] - [01/12/2017 05:27:18] - |A| - [7676296] - C:\WINDOWS\system32\windows.storage.dll
[MD5.2861BC03C110843A36EFE2FF875D6EFE] - [01/12/2017 05:28:10] - |A| - [1739264] - C:\WINDOWS\system32\Windows.UI.Immersive.dll
[MD5.6E58223D5A5D112A7A0E055DCC058729] - [01/12/2017 04:58:00] - |A| - [1667584] - C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
[MD5.C4A13CF05521B0A2D87982FB229EC213] - [01/12/2017 05:27:30] - |A| - [17159680] - C:\WINDOWS\system32\Windows.UI.Xaml.dll
[MD5.4387605B87D9907EB0A5E31A6FAC9C73] - [01/12/2017 05:27:30] - |A| - [2890240] - C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
[MD5.868756AA8B41520938C889D710A5402F] - [01/12/2017 05:27:19] - |A| - [902416] - C:\WINDOWS\system32\winhttp.dll
[MD5.669D7B448EE4C1C76687CC47A84AAD81] - [01/12/2017 05:28:11] - |A| - [3334144] - C:\WINDOWS\system32\wininet.dll
[MD5.EB09082719CDFEB65EE61F7192C943FE] - [01/12/2017 05:27:49] - |A| - [1413760] - C:\WINDOWS\system32\winload.efi
[MD5.4C6051EE2B8C9891056E6A8D46450626] - [01/12/2017 05:27:49] - |A| - [1208184] - C:\WINDOWS\system32\winload.exe
[MD5.EAD8CB32160907D715D1B970EC6877AB] - [01/12/2017 05:27:21] - |A| - [1694224] - C:\WINDOWS\system32\winmde.dll
[MD5.7CCA21D7BCD6226EFDC876E57B4AF72F] - [01/12/2017 05:27:49] - |A| - [1090440] - C:\WINDOWS\system32\winresume.efi
[MD5.9355F1C702E70200CAB609F6CB4E42CF] - [01/12/2017 05:27:50] - |A| - [924136] - C:\WINDOWS\system32\winresume.exe
[MD5.F15ACBDECD040402F0D0FBA8AAC6E7B9] - [01/12/2017 04:58:17] - |A| - [461312] - C:\WINDOWS\system32\wlansec.dll
[MD5.2CB5E0FA1F16A8B47C4F9F6A071CE07A] - [01/12/2017 04:59:36] - |A| - [13655552] - C:\WINDOWS\system32\wmp.dll
[MD5.B9C486195A5A0B582E1CA81A7A964BD4] - [01/12/2017 05:27:46] - |A| - [319352] - C:\WINDOWS\system32\wow64.dll
[MD5.0B1993730593D4C3AFF14D4C6A6FE5AB] - [01/12/2017 04:58:10] - |A| - [479912] - C:\WINDOWS\system32\wow64win.dll
[MD5.C99CCF3A189A91C26BB40B2E4E224765] - [01/12/2017 05:27:22] - |A| - [1054720] - C:\WINDOWS\system32\wuapi.dll
[MD5.E56EF8F5124E6FEB100C06EA3871A275] - [01/12/2017 05:27:22] - |A| - [48112] - C:\WINDOWS\system32\wuauclt.exe
[MD5.DD6C52E2B4D0EC26FDA19F88515B5311] - [01/12/2017 05:27:22] - |A| - [2783744] - C:\WINDOWS\system32\wuaueng.dll
[MD5.BFAAA171876487DE2B75005A5F033F58] - [01/12/2017 05:27:34] - |A| - [57856] - C:\WINDOWS\system32\wuautoappupdate.dll
[MD5.820A5A47F6E1C4E1AA643328738B35A0] - [01/12/2017 05:27:22] - |A| - [462336] - C:\WINDOWS\system32\wuuhext.dll
[MD5.E366421FA97F1393ED312450477ED78F] - [01/12/2017 05:27:23] - |A| - [169472] - C:\WINDOWS\system32\wuuhosdeployment.dll
[MD5.F6971F263341B8D63D4CF00E84F800E9] - [01/12/2017 05:27:34] - |A| - [354304] - C:\WINDOWS\system32\WwaApi.dll
[MD5.B07458948293D28E4D5FDB2FA929CA95] - [01/12/2017 05:27:34] - |A| - [891800] - C:\WINDOWS\system32\WWAHost.exe
[MD5.0DD11713D5B45921901B5DBF71C32A70] - [01/12/2017 05:28:13] - |A| - [1424896] - C:\WINDOWS\system32\wwansvc.dll
[MD5.B56862D032B30FCADE81422745AB5C9E] - [01/12/2017 04:58:00] - |A| - [86016] - C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
[MD5.7F906B6F61531F3CB0B07622FE6FD70A] - [10/12/2017 08:06:52] - |A| - [19280] - C:\WINDOWS\system32\Drivers\asdnet.sys
[MD5.2E1EE0F10FAF1250D1AC05BFB0E6BD3D] - [01/12/2017 04:57:53] - |A| - [34816] - C:\WINDOWS\system32\Drivers\BasicRender.sys
[MD5.59D46CE57A49353A733D162DBA65A4FA] - [01/12/2017 05:27:21] - |A| - [373656] - C:\WINDOWS\system32\Drivers\clfs.sys
[MD5.83CE170337E6F77350C0FFB055FBC4BF] - [01/12/2017 04:57:56] - |A| - [677280] - C:\WINDOWS\system32\Drivers\cng.sys
[MD5.E02FC3CB42A41EC3D2780005882A9BA9] - [01/12/2017 05:27:16] - |A| - [187288] - C:\WINDOWS\system32\Drivers\dumpsd.sys
[MD5.0DF6B436F579E1DD23C8EBD61EE749E8] - [01/12/2017 05:27:33] - |A| - [2573208] - C:\WINDOWS\system32\Drivers\dxgkrnl.sys
[MD5.DDDAB127C9ED3ADD2CF0F58310C7D10D] - [01/12/2017 05:27:33] - |A| - [749976] - C:\WINDOWS\system32\Drivers\dxgmms2.sys
[MD5.3362EFB9ECE40CF85B0A729F23BAEB7D] - [01/12/2017 14:15:27] - |A| - [339808] - C:\WINDOWS\system32\Drivers\file_tracker.sys
[MD5.8F0A9F3BEBEE86A88BC82B222488B2FD] - [01/12/2017 05:27:52] - |A| - [398744] - C:\WINDOWS\system32\Drivers\fltMgr.sys
[MD5.48E43456C95CE0D73D09CE8FA3E5978A] - [01/12/2017 14:14:54] - |A| - [160600] - C:\WINDOWS\system32\Drivers\fltsrv.sys
[MD5.9AD17A1721E33429AE276396A6F03F0D] - [01/12/2017 05:27:17] - |A| - [129432] - C:\WINDOWS\system32\Drivers\hvsocket.sys
[MD5.09AE3B1F0C0C03EF7EA605DBDB6EAC11] - [01/12/2017 05:28:11] - |A| - [394752] - C:\WINDOWS\system32\Drivers\ks.sys
[MD5.9A497169E145FCE2D8AA7DBC67377F64] - [01/12/2017 04:58:16] - |A| - [124928] - C:\WINDOWS\system32\Drivers\luafv.sys
[MD5.34898F29BF0E9A84E183046318D17814] - [01/12/2017 05:28:08] - |A| - [495000] - C:\WINDOWS\system32\Drivers\mrxsmb.sys
[MD5.6537678DEEA2A5B079052D75E21E46DA] - [01/12/2017 04:59:07] - |A| - [285696] - C:\WINDOWS\system32\Drivers\mrxsmb10.sys
[MD5.87FF93E7420C9068C0D5B2F3109809F4] - [01/12/2017 05:28:09] - |A| - [230296] - C:\WINDOWS\system32\Drivers\mrxsmb20.sys
[MD5.44071DC1A957B2062E0C2EE14E05A607] - [01/12/2017 05:27:52] - |A| - [1277848] - C:\WINDOWS\system32\Drivers\ndis.sys
[MD5.70750B27A72427B0ACAE2D6CD161946A] - [01/12/2017 05:27:52] - |A| - [2395032] - C:\WINDOWS\system32\Drivers\ntfs.sys
[MD5.8A9CD53B0FBE679116638120CCBB201E] - [01/12/2017 05:28:12] - |A| - [529408] - C:\WINDOWS\system32\Drivers\nwifi.sys
[MD5.8A5F23BBC9E8835EF0BEDB2805AE2A0E] - [01/12/2017 05:28:08] - |A| - [166808] - C:\WINDOWS\system32\Drivers\partmgr.sys
[MD5.0945839C334DAAD62EB528F8A5C7F946] - [01/12/2017 05:28:08] - |A| - [428952] - C:\WINDOWS\system32\Drivers\rdbss.sys
[MD5.0FB6CCFA52FE5AD0B8D86E8AB370EF34] - [01/12/2017 05:27:16] - |A| - [285080] - C:\WINDOWS\system32\Drivers\sdbus.sys
[MD5.8C048728D8D4F3B204C18C5379BE7645] - [01/12/2017 14:14:59] - |A| - [339288] - C:\WINDOWS\system32\Drivers\snapman.sys
[MD5.50326BC589E6E261B5E58877BA0A65AD] - [01/12/2017 05:27:15] - |A| - [571288] - C:\WINDOWS\system32\Drivers\spaceport.sys
[MD5.65642DC3A9E30D0A13A0CF70BAE44CBF] - [01/12/2017 05:29:05] - |A| - [422912] - C:\WINDOWS\system32\Drivers\srv.sys
[MD5.C7DAAB9C4A77B3C3C38A7CB6158E82ED] - [01/12/2017 05:28:09] - |A| - [726016] - C:\WINDOWS\system32\Drivers\srv2.sys
[MD5.43480B3EE4D23F5AA8EE7C6D83B09487] - [01/12/2017 05:28:09] - |A| - [259072] - C:\WINDOWS\system32\Drivers\srvnet.sys
[MD5.DD1F00B80DDD12252B7B228ABCE181A9] - [01/12/2017 05:27:16] - |A| - [149400] - C:\WINDOWS\system32\Drivers\storahci.sys
[MD5.5D142E64915981077A8660DD6AEEE964] - [01/12/2017 04:57:57] - |A| - [559512] - C:\WINDOWS\system32\Drivers\storport.sys
[MD5.B59D29E535AF7E82717C2AD2C57EEC67] - [01/12/2017 04:57:53] - |A| - [45464] - C:\WINDOWS\system32\Drivers\storufs.sys
[MD5.3F656867E983E8D9E71E57354383C23A] - [01/12/2017 14:15:03] - |A| - [1049432] - C:\WINDOWS\system32\Drivers\tib.sys
[MD5.DA3BF6E315D2FC2681CB7AE1E745DFDB] - [01/12/2017 14:15:06] - |A| - [202592] - C:\WINDOWS\system32\Drivers\tib_mounter.sys
[MD5.A6C7255A6C95B05E6551538F54248A7F] - [01/12/2017 14:15:08] - |A| - [581464] - C:\WINDOWS\system32\Drivers\tnd.sys
[MD5.E437FC4B1833F6B745184F78C4921FB8] - [01/12/2017 04:58:03] - |A| - [114688] - C:\WINDOWS\system32\Drivers\UcmCx.sys
[MD5.149CBBB74DFC3E52F242029A27B0F8EB] - [01/12/2017 04:57:52] - |A| - [57344] - C:\WINDOWS\system32\Drivers\UcmUcsi.sys
[MD5.ECE40EB976A5ACB366808AECF6B235BA] - [01/12/2017 04:58:03] - |A| - [60824] - C:\WINDOWS\system32\Drivers\urscx01000.sys
[MD5.4FA9C956E569D0D380C2859542361780] - [01/12/2017 04:57:53] - |A| - [555416] - C:\WINDOWS\system32\Drivers\USBHUB3.SYS
[MD5.EA64495B9FAF0052113890184DA57573] - [01/12/2017 05:27:15] - |A| - [713624] - C:\WINDOWS\system32\Drivers\vhdmp.sys
[MD5.0E4BCF8A77A43CBD93C9915619AC3564] - [04/12/2017 10:23:57] - |A| - [39112] - C:\WINDOWS\system32\Drivers\VirtualAudio.sys
[MD5.0C987C7C5A0B710AB2881B3F19DF72F5] - [01/12/2017 14:15:12] - |A| - [301408] - C:\WINDOWS\system32\Drivers\virtual_file.sys
[MD5.DCE032DE20AB85CFA92141F419CFE68E] - [01/12/2017 05:27:15] - |A| - [82840] - C:\WINDOWS\system32\Drivers\volmgr.sys
[MD5.88457246BE3C9DE59DDAA36305C013F4] - [09/12/2017 11:24:26] - |A| - [29808] - C:\WINDOWS\system32\Drivers\vsscanner.sys
[MD5.0D34F98DBDF09D239533AC345C360F03] - [01/12/2017 05:28:12] - |A| - [41472] - C:\WINDOWS\system32\Drivers\vwifimp.sys
[MD5.A8DFD1465C05D9EFBDFD5C3A25B7F496] - [01/12/2017 04:57:55] - |A| - [147864] - C:\WINDOWS\system32\Drivers\wcifs.sys
[MD5.00000000000000000000000000000000] - [10/12/2017 07:47:44] - |D| - [464536] - C:\WINDOWS\system32\Drivers\wd
[MD5.2D50C46EFE924BC24F63A45D2DB1AA3A] - [01/12/2017 05:28:12] - |A| - [770048] - C:\WINDOWS\system32\Drivers\WdiWiFi.sys
[MD5.291EA48554E8BA422D0DF3555176EE2A] - [01/12/2017 05:28:27] - |A| - [2393600] - C:\WINDOWS\syswow64\AcGenral.dll
[MD5.4CFAC6FF65901C763DF22E2DEF7557FF] - [01/12/2017 05:27:18] - |A| - [372224] - C:\WINDOWS\syswow64\AcLayers.dll
[MD5.04182E0E5ACC0E8D6990AECC508B7F0D] - [01/12/2017 05:28:17] - |A| - [68096] - C:\WINDOWS\syswow64\acppage.dll
[MD5.A90BC8766301F62BE0571F678B396755] - [01/12/2017 04:58:40] - |A| - [487424] - C:\WINDOWS\syswow64\AcSpecfc.dll
[MD5.52C8C83DAC71B215D459277608A7C07B] - [01/12/2017 05:28:14] - |A| - [444928] - C:\WINDOWS\syswow64\ActivationManager.dll
[MD5.DABDEB5CB015D20493D08B209347C0E1] - [01/12/2017 05:28:19] - |A| - [261632] - C:\WINDOWS\syswow64\actxprxy.dll
[MD5.00000000000000000000000000000000] - [05/12/2017 12:24:28] - |SHD| - [0] - C:\WINDOWS\syswow64\AI_RecycleBin
[MD5.27392A93FA251F6A90DF876F99CD648C] - [01/12/2017 05:28:18] - |A| - [614912] - C:\WINDOWS\syswow64\apphelp.dll
[MD5.ABB365C921052937B5DB0D4299B98E5C] - [01/12/2017 05:28:13] - |A| - [1246432] - C:\WINDOWS\syswow64\AudioEng.dll
[MD5.5E300DD1F12A5D4D49A4D0954A963297] - [01/12/2017 05:28:13] - |A| - [982016] - C:\WINDOWS\syswow64\AudioSes.dll
[MD5.D52C6DA1740AD01132A11E5CC609AFD2] - [01/12/2017 05:27:51] - |A| - [353848] - C:\WINDOWS\syswow64\bcryptprimitives.dll
[MD5.1BE759881A973B038B0EA11F334B9581] - [01/12/2017 04:58:18] - |A| - [64512] - C:\WINDOWS\syswow64\CapabilityAccessManagerClient.dll
[MD5.6B0E06E904F8E58CA2D5FC274379A33F] - [01/12/2017 05:28:39] - |A| - [6036480] - C:\WINDOWS\syswow64\Chakra.dll
[MD5.539C10C3A511B49F6330F407F0928C27] - [01/12/2017 05:28:14] - |A| - [354200] - C:\WINDOWS\syswow64\CloudExperienceHostCommon.dll
[MD5.56312A0ADABDB0FEF3F31956BBF177B1] - [01/12/2017 05:28:14] - |A| - [1124760] - C:\WINDOWS\syswow64\ContentDeliveryManager.Utilities.dll
[MD5.6F80DEA8B38F12A21E5C67B1E18B4934] - [01/12/2017 04:58:19] - |A| - [326144] - C:\WINDOWS\syswow64\cryptngc.dll
[MD5.167C21D3D8E0F7CA222F74B9C3C88C42] - [01/12/2017 04:58:19] - |A| - [5615968] - C:\WINDOWS\syswow64\d3d10warp.dll
[MD5.2E0F4AE35FC980F86B12441ABCEAA8A1] - [01/12/2017 05:28:15] - |A| - [2339296] - C:\WINDOWS\syswow64\d3d11.dll
[MD5.DA426B074E12B3A47B848D2A31E66E1C] - [01/12/2017 05:28:18] - |A| - [1474680] - C:\WINDOWS\syswow64\d3d9.dll
[MD5.32BEFC02B90C23EF2D04E945790AFA85] - [01/12/2017 05:28:14] - |A| - [557056] - C:\WINDOWS\syswow64\d3d9on12.dll
[MD5.46FEF9525AD7BB9CC6E56774082640BA] - [01/12/2017 05:28:17] - |A| - [351232] - C:\WINDOWS\syswow64\DictationManager.dll
[MD5.0A821BF024E347943D6F5C5180FAEA31] - [01/12/2017 04:57:56] - |A| - [597160] - C:\WINDOWS\syswow64\dnsapi.dll
[MD5.6404F38BF850FF7961E41F3E055ADFDB] - [01/12/2017 05:28:18] - |A| - [2467840] - C:\WINDOWS\syswow64\dwmcore.dll
[MD5.066CB398DDE5E6A30DBAE15A1FC881C4] - [01/12/2017 05:28:15] - |A| - [590944] - C:\WINDOWS\syswow64\dxgi.dll
[MD5.10C9240D99AAF2BA5E46DEDF50E66B63] - [01/12/2017 05:28:38] - |A| - [18915840] - C:\WINDOWS\syswow64\edgehtml.dll
[MD5.E559750678D132E8702E3D818EC93947] - [01/12/2017 05:28:40] - |A| - [661664] - C:\WINDOWS\syswow64\evr.dll
[MD5.D0DA38CCFF3CD23F74842E9350F4CC0A] - [01/12/2017 05:28:14] - |A| - [242176] - C:\WINDOWS\syswow64\ExecModelClient.dll
[MD5.EE1258224916C55F4251ACE1153620A9] - [01/12/2017 05:28:27] - |A| - [3484848] - C:\WINDOWS\syswow64\explorer.exe
[MD5.067B09C89BD0C843F0A8BF0EA8BBD7CA] - [01/12/2017 05:28:24] - |A| - [4385280] - C:\WINDOWS\syswow64\ExplorerFrame.dll
[MD5.C96D2E623DB21A582155CFFB0F3E12FA] - [01/12/2017 04:57:54] - |A| - [374784] - C:\WINDOWS\syswow64\FirewallAPI.dll
[MD5.CCDF94128D177CFA1A60A3FB27A8EDCC] - [01/12/2017 20:53:16] - |A| - [835568] - C:\WINDOWS\syswow64\FlashPlayerApp.exe
[MD5.AAD21074E226CDF33D4E42DE1E032869] - [01/12/2017 20:53:16] - |A| - [177648] - C:\WINDOWS\syswow64\FlashPlayerCPLApp.cpl
[MD5.502774FF31D9D096FD42BAAA9FDF277E] - [01/12/2017 05:28:18] - |A| - [649304] - C:\WINDOWS\syswow64\fontdrvhost.exe
[MD5.74E1538125727BCE5427CAFA10596838] - [01/12/2017 05:28:19] - |A| - [1432816] - C:\WINDOWS\syswow64\gdi32full.dll
[MD5.C273B41C4F3452CF0A77E01DFB4C459A] - [01/12/2017 05:28:18] - |A| - [1470976] - C:\WINDOWS\syswow64\GdiPlus.dll
[MD5.F24308FCF39D170EE5421D327A54A01A] - [01/12/2017 05:28:37] - |A| - [11923456] - C:\WINDOWS\syswow64\ieframe.dll
[MD5.45AB341FF22E76DD95D75C40C0813C87] - [01/12/2017 05:28:15] - |A| - [1005568] - C:\WINDOWS\syswow64\InstallService.dll
[MD5.F0645CCFEB9A393B53120F803BF4EC9B] - [01/12/2017 04:58:48] - |A| - [664576] - C:\WINDOWS\syswow64\jscript.dll
[MD5.689759E4CE04775AEAC889F30F8DBD68] - [01/12/2017 05:28:39] - |A| - [3679232] - C:\WINDOWS\syswow64\jscript9.dll
[MD5.F960409C14213BED7808C66AA79BDE0F] - [01/12/2017 05:28:39] - |A| - [559104] - C:\WINDOWS\syswow64\jscript9diag.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/12/2017 09:29:35] - |A| - [0] - C:\WINDOWS\syswow64\License.rdat
[MD5.D596AB688F08DC2D27824A53E424AE7D] - [01/12/2017 04:36:30] - |A| - [52937] - C:\WINDOWS\syswow64\license.rtf
[MD5.5EE61AF78EF3CF7DE7812C8EDCE0A9D8] - [09/12/2017 09:29:35] - |A| - [48] - C:\WINDOWS\syswow64\License_Time.rdat
[MD5.C0760F89F3F50BAE03171E8F6F930B12] - [01/12/2017 05:28:20] - |A| - [456704] - C:\WINDOWS\syswow64\LockAppBroker.dll
[MD5.414F5CA9CEC131EB4D75F3F039EC1A38] - [01/12/2017 04:59:10] - |A| - [1377080] - C:\WINDOWS\syswow64\mfasfsrcsnk.dll
[MD5.6285C2C36350EFF38A2182092FEFF43A] - [01/12/2017 04:59:12] - |A| - [4648528] - C:\WINDOWS\syswow64\mfcore.dll
[MD5.67D647C6809880B85971D2EA9E80C81F] - [01/12/2017 05:29:06] - |A| - [4249600] - C:\WINDOWS\syswow64\MFMediaEngine.dll
[MD5.9171B86D2EB83639F97B40B91AE2EAD6] - [01/12/2017 04:59:11] - |A| - [2465848] - C:\WINDOWS\syswow64\mfmp4srcsnk.dll
[MD5.3776C8BCDEA440320E17240CE35AADFA] - [01/12/2017 04:59:11] - |A| - [1015008] - C:\WINDOWS\syswow64\mfmpeg2srcsnk.dll
[MD5.E2BFFDC9AB40B0907673930CBBA51ABB] - [01/12/2017 04:59:11] - |A| - [1454568] - C:\WINDOWS\syswow64\mfsrcsnk.dll
[MD5.36E30F45265931E7ACC2F95BC1339B76] - [01/12/2017 05:29:06] - |A| - [1148216] - C:\WINDOWS\syswow64\mfsvr.dll
[MD5.C019642673FE93AAE36959798D56229A] - [01/12/2017 04:58:17] - |A| - [2864640] - C:\WINDOWS\syswow64\mispace.dll
[MD5.2722206F81662C41552BE1996C1B0F63] - [01/12/2017 04:57:54] - |A| - [1323840] - C:\WINDOWS\syswow64\msctf.dll
[MD5.6DEC72C89A29417CD6122DD4AEA70E7F] - [01/12/2017 04:58:20] - |A| - [22528] - C:\WINDOWS\syswow64\msdtcVSp1res.dll
[MD5.73A4FA2DE976A63B26BE2B96449A2594] - [01/12/2017 04:58:22] - |A| - [339968] - C:\WINDOWS\syswow64\msexcl40.dll
[MD5.98A520AC8B35494D04D7ECFA7876E50C] - [01/12/2017 05:28:40] - |A| - [19339776] - C:\WINDOWS\syswow64\mshtml.dll
[MD5.417BB0E54DB7B7208520A8E71255CECC] - [01/12/2017 04:58:36] - |A| - [8704] - C:\WINDOWS\syswow64\msjint40.dll
[MD5.2B6C88422279A7F69F8F536A2FF52828] - [01/12/2017 04:57:55] - |A| - [353688] - C:\WINDOWS\syswow64\msv1_0.dll
[MD5.00FD1D5A8A2028B8EAD79C0760CFD2BD] - [01/12/2017 05:28:28] - |A| - [769096] - C:\WINDOWS\syswow64\msvcrt.dll
[MD5.C3280B9D21648F208B68AE6626A698FB] - [01/12/2017 05:29:06] - |A| - [1057824] - C:\WINDOWS\syswow64\msvproc.dll
[MD5.AC81B22606B50A61B02F2082EA2CE187] - [01/12/2017 04:58:22] - |A| - [640512] - C:\WINDOWS\syswow64\mswstr10.dll
[MD5.E0F7961B69EB0F0B525BC1C54AC32739] - [01/12/2017 05:27:17] - |A| - [1990160] - C:\WINDOWS\syswow64\msxml6.dll
[MD5.2636AEDF7AFF659E2B07FB04974C3F4E] - [01/12/2017 04:58:20] - |A| - [1615720] - C:\WINDOWS\syswow64\ntdll.dll
[MD5.A8B96BD1EEF1F9DF78B79E5CE25C49FF] - [01/12/2017 04:57:54] - |A| - [591872] - C:\WINDOWS\syswow64\PCPKsp.dll
[MD5.C38824F0406EAEE7651E13022AFCC1EF] - [02/12/2017 13:36:23] - |A| - [103120] - C:\WINDOWS\syswow64\PresentationCFFRasterizerNative_v0300.dll
[MD5.5A4293122BA3F0731AC97E43C2597577] - [02/12/2017 13:36:24] - |A| - [778936] - C:\WINDOWS\syswow64\PresentationNative_v0300.dll
[MD5.B0800F9A7A76580C91F75714C806FC26] - [01/12/2017 08:07:04] - |A| - [2241024] - C:\WINDOWS\syswow64\PrintConfig.dll
[MD5.5EE61AF78EF3CF7DE7812C8EDCE0A9D8] - [09/12/2017 09:29:36] - |A| - [48] - C:\WINDOWS\syswow64\RB.rdat
[MD5.DE824A63C32DE3CCD7B5E61C79D90DF2] - [01/12/2017 04:57:58] - |A| - [41984] - C:\WINDOWS\syswow64\rdrleakdiag.exe
[MD5.AAA97AE2556FD2083A8D62F0D2AF5B9C] - [01/12/2017 05:28:25] - |A| - [20286120] - C:\WINDOWS\syswow64\shell32.dll
[MD5.2DAA0B5C0D2B5A1ED496627F819E6BB6] - [01/12/2017 05:28:14] - |A| - [160256] - C:\WINDOWS\syswow64\smartscreenps.dll
[MD5.9EB21EE497A716717E015B17DD38636C] - [01/12/2017 05:28:13] - |A| - [271872] - C:\WINDOWS\syswow64\SpatializerApo.dll
[MD5.8511BA65DEF723B675980497186448B6] - [01/12/2017 05:28:17] - |A| - [2859520] - C:\WINDOWS\syswow64\SRH.dll
[MD5.7422C3656AD7BBF3182E7EC7E214957D] - [01/12/2017 05:28:28] - |A| - [123520] - C:\WINDOWS\syswow64\sspicli.dll
[MD5.495EB98289D03D5B251D7E2B1DE8CDF9] - [01/12/2017 05:28:19] - |A| - [133632] - C:\WINDOWS\syswow64\t2embed.dll
[MD5.28CB31045AA713C52BEE01F09D556984] - [01/12/2017 05:28:16] - |A| - [450048] - C:\WINDOWS\syswow64\TileDataRepository.dll
[MD5.48F07A2BBBDB3CDE0BC107BF3AA266D8] - [01/12/2017 04:57:54] - |A| - [566272] - C:\WINDOWS\syswow64\TpmCoreProvisioning.dll
[MD5.6CC030FC00B5A227F16479D5A8BA143C] - [02/12/2017 13:36:24] - |A| - [35456] - C:\WINDOWS\syswow64\TsWpfWrp.exe
[MD5.1662C1095E46D3DD3E67C821980E2064] - [01/12/2017 04:58:18] - |A| - [1261864] - C:\WINDOWS\syswow64\twinapi.appcore.dll
[MD5.2EFDFC3D585CA9793DDED04AF5DE522D] - [01/12/2017 05:28:27] - |A| - [6466560] - C:\WINDOWS\syswow64\twinui.dll
[MD5.5189555927758976E49486E012637185] - [01/12/2017 04:57:57] - |A| - [2560] - C:\WINDOWS\syswow64\tzres.dll
[MD5.7513984DEE9C096D31BED679184E3D7E] - [01/12/2017 05:27:20] - |A| - [1145112] - C:\WINDOWS\syswow64\ucrtbase.dll
[MD5.210FB38C33BB15592288A658FDD43259] - [01/12/2017 05:27:17] - |A| - [98304] - C:\WINDOWS\syswow64\updatepolicy.dll
[MD5.C6F159915B693E36D15EA676A166F4AD] - [01/12/2017 05:28:20] - |A| - [1559552] - C:\WINDOWS\syswow64\urlmon.dll
[MD5.BA27A4D9D32C0D0999DC9165E648F70C] - [01/12/2017 04:58:18] - |A| - [1528904] - C:\WINDOWS\syswow64\user32.dll
[MD5.8250B4A23E11D0AE05DE07608E0C33B8] - [01/12/2017 05:28:27] - |A| - [1230848] - C:\WINDOWS\syswow64\usercpl.dll
[MD5.6276B5D199369DC6EEEEE6ED1142C27F] - [01/12/2017 05:28:17] - |A| - [65536] - C:\WINDOWS\syswow64\usoapi.dll
[MD5.E3D71ECCB6EC562A91582E6EEA804526] - [01/12/2017 04:58:39] - |A| - [462848] - C:\WINDOWS\syswow64\vbscript.dll
[MD5.A45B856D8ABA293F17D117258B3BA777] - [01/12/2017 05:27:18] - |A| - [592280] - C:\WINDOWS\syswow64\wimgapi.dll
[MD5.2B928A2BB85C6AB35C1B7D5CA3D5A27B] - [01/12/2017 05:27:18] - |A| - [2905600] - C:\WINDOWS\syswow64\win32kfull.sys
[MD5.D3EDE75BA8E6F4CED0B21B95D94EB6C3] - [01/12/2017 05:28:20] - |A| - [315392] - C:\WINDOWS\syswow64\Windows.ApplicationModel.LockScreen.dll
[MD5.47229628EE59757D75D04117B3B9D11F] - [01/12/2017 04:59:11] - |A| - [6015200] - C:\WINDOWS\syswow64\Windows.Media.dll
[MD5.40E29BF793C9B64454356B272F8F43DC] - [01/12/2017 05:28:20] - |A| - [6483176] - C:\WINDOWS\syswow64\Windows.Media.Protection.PlayReady.dll
[MD5.97921BB9FC49AFBED4D969837103AECE] - [01/12/2017 04:58:20] - |A| - [1280000] - C:\WINDOWS\syswow64\Windows.Media.Speech.dll
[MD5.B14737970D7A6DDBF72AEAF9F3317B59] - [01/12/2017 05:28:28] - |A| - [2491112] - C:\WINDOWS\syswow64\Windows.Mirage.dll
[MD5.E6A2998758776FE8C1AB68DF8372B43E] - [01/12/2017 05:28:28] - |A| - [618496] - C:\WINDOWS\syswow64\Windows.Mirage.Internal.dll
[MD5.343D98F99A919964216DC60A1AD34C69] - [01/12/2017 05:28:15] - |A| - [660480] - C:\WINDOWS\syswow64\Windows.Networking.dll
[MD5.4EB540B4A1A428DF59A27E7FB3F885A8] - [01/12/2017 05:28:14] - |A| - [506256] - C:\WINDOWS\syswow64\Windows.Perception.Stub.dll
[MD5.EAE9E8A3AEA8955C854EB572DF461F4A] - [01/12/2017 05:28:17] - |A| - [746904] - C:\WINDOWS\syswow64\Windows.Services.TargetedContent.dll
[MD5.AE6F9866DFB5416D1974808E667E580E] - [01/12/2017 05:28:16] - |A| - [6092672] - C:\WINDOWS\syswow64\windows.storage.dll
[MD5.6B90ABDD1BE6CDBA519A00FE309653E4] - [01/12/2017 05:28:19] - |A| - [1509888] - C:\WINDOWS\syswow64\Windows.UI.Immersive.dll
[MD5.0B78D8682FF53417DF5B3FEA8393E5E4] - [01/12/2017 04:58:19] - |A| - [1322496] - C:\WINDOWS\syswow64\Windows.UI.Input.Inking.dll
[MD5.1BE290AFFB9965182AEB4278F3005138] - [01/12/2017 05:28:15] - |A| - [13703168] - C:\WINDOWS\syswow64\Windows.UI.Xaml.dll
[MD5.D5CCA39EAED14B03D4C2E4F3D473B909] - [01/12/2017 05:27:20] - |A| - [703568] - C:\WINDOWS\syswow64\winhttp.dll
[MD5.ED6886B21AFBD1BD1EE300B570309AF1] - [01/12/2017 05:28:20] - |A| - [2869760] - C:\WINDOWS\syswow64\wininet.dll
[MD5.45139096CEF0522BCDE737736EBA2F1C] - [01/12/2017 05:29:06] - |A| - [1558856] - C:\WINDOWS\syswow64\winmde.dll
[MD5.AC3EE00B3FB475328A67BBB23D599DF6] - [01/12/2017 04:59:37] - |A| - [12687360] - C:\WINDOWS\syswow64\wmp.dll
[MD5.54E2D467D54D8779562EBC4A0B8514D0] - [01/12/2017 05:27:18] - |A| - [823808] - C:\WINDOWS\syswow64\wuapi.dll
[MD5.60118B30E104828AD3FC5C5AE7ADA638] - [01/12/2017 05:28:16] - |A| - [293888] - C:\WINDOWS\syswow64\WwaApi.dll
[MD5.B77CA6BC64B315F0E3E55378C3CA5C49] - [01/12/2017 05:28:16] - |A| - [791960] - C:\WINDOWS\syswow64\WWAHost.exe
[MD5.982A16C8BD2DA906A5E2C3F6BE6316BC] - [01/12/2017 04:58:18] - |A| - [70656] - C:\WINDOWS\syswow64\XblAuthTokenBrokerExt.dll
[MD5.00000000000000000000000000000000] - [02/12/2017 13:55:35] - |D| - [10400] - C:\WINDOWS\syswow64\XPSViewer
[MD5.EF558A02D734A1403583E95CCEEC2487] - [02/12/2017 11:24:29] - |A| - [27552] - C:\WINDOWS\syswow64\Drivers\HWiNFO64A.SYS

---------- | Drives


D:


G:

[08/12/2017 10:17:51] - |A| - (.-.) - [6369640] - (0.0.0.0) - G:\adblocker_setup (1).exe
[16/11/2017 09:14:26] - |N| - (.(C) 2017 Malwarebytes - AdwCleaner.) - [8261584] - (7.0.4.0) - G:\adwcleaner_7.0.4.0.exe
[08/12/2017 10:11:35] - |A| - (.Anvisoft Company - Anvi Ultimate Defrag Installation.) - [31674378] - (1.2.0.0) - G:\audsetup (1).exe
[08/12/2017 10:11:35] - |A| - (.Anvisoft Company - Anvi Ultimate Defrag Installation.) - [31674378] - (1.2.0.0) - G:\audsetup.exe
[16/11/2017 09:25:24] - |N| - (.Alex Dragokas - ????????? ??? ??????? ???????, ?????????? ????????? ??????? Adware ? ?????? ??????????? ??..) - [462976] - (2.9.0.11) - G:\clearlnk_2.9.0.11.exe
[16/11/2017 09:17:22] - |N| - (.Nicolas Coolman - ZHPCleaner.) - [2971008] - (2017.11.13.198) - G:\ZHPCleaner.exe
[16/11/2017 09:21:33] - |N| - (.Nicolas Coolman - ZHPFix.) - [3061760] - (2017.6.13.1) - G:\ZHPFix.exe

H:


I:

[08/12/2017 10:13:23] - |A| - (.Anvisoft Company - Anvi AD Blocker Ultimate Installation.) - [8268704] - (3.2.0.0) - I:\adbusetup.exe
[14/10/2017 08:08:24] - |N| - (.                                                                                                   - Aimersoft Video Converter Pro Setup                      .) - [21681496] - (4.1.2.0) - I:\aimer-video-pro_full432.exe
[14/10/2017 08:08:27] - |N| - (.Copyright 2011 Aimersoft Corporation - Aimersoft WAC Downloader.) - [1239552] - (1.0.1.0) - I:\aimer-video-converter_setup_full68.exe
[14/10/2017 08:08:31] - |N| - (.Copyright Â© 2015 Aimersoft.                                                    - Aimersoft Video Converter Ultimate Setup                 .) - [45682060] - (6.8.0.0) - I:\aimer-video-ultimate_full129.exe
[14/10/2017 08:08:44] - |N| - (.Copyright Â© 2014 Aimersoft Studio.                                             - Aimersoft Video Editor Setup                             .) - [61243876] - (3.6.2.0) - I:\aimer-video-studio-express_full701.exe
[14/10/2017 08:09:08] - |N| - (.Copyright (c) 2013-2015 Kingosoft Technology Ltd.                                                   - Kingo ROOT Setup                                         .) - [18023288] - (1.4.3.2539) - I:\android_root.exe
[14/10/2017 08:09:14] - |N| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [967200] - (2.9.1.3520) - I:\CyberLink_PowerProducer_Downloader.exe
[14/10/2017 08:09:18] - |N| - (.Xplode - AdwCleaner.) - [1745920] - (5.0.2.7) - I:\adwcleaner_5.027.exe
[14/10/2017 08:09:19] - |N| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1299304] - (2.9.1.5716) - I:\CyberLink_Power2Go_Downloader.exe
[14/10/2017 08:09:52] - |N| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - I:\CyberLink_Media_Suite_Downloader.exe
[14/10/2017 08:09:52] - |N| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - I:\CyberLink_PowerDirector_Downloader.exe
[14/10/2017 08:09:52] - |N| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - I:\CyberLink_PowerDVD_Downloader.exe
[14/10/2017 08:10:04] - |N| - (.PortableApps.com - PortableApps.com Platform.) - [3793168] - (12.2.0.0) - I:\PortableApps.com_Platform_Setup_12.2.paf.exe
[14/10/2017 08:10:06] - |N| - (.Copyright (c) 2013-2015 Kingosoft Technology Ltd.                                                   - Kingo ROOT Setup                                         .) - [18023288] - (1.4.3.2539) - I:\android_root-1.exe
[23/07/2017 22:11:55] - |SH| - (.-.) - [8192] - (0.0.0.0) - I:\autorun.inf
[27/06/2017 11:25:25] - |N| - (.-.) - [448] - (0.0.0.0) - I:\SmartClean.ini

J:

[08/11/2017 07:20:39] - |N| - (.Copyright (c) 1999-2015 Igor Pavlov - 7-Zip Shell Extension.) - [49664] - (15.14.0.0) - J:\7-zip.dll
[09/11/2017 00:35:18] - |A| - (.(c) Solvusoft Corporation. - WinThruster by Solvusoft.) - [12244632] - (2.3.125.113) - J:\WinThruster.exe
[09/11/2017 00:35:14] - |A| - (.(c) Solvusoft Corporation. - Log Files Collector Tool.) - [1025688] - (3.1.288.0) - J:\LogFilesCollector.exe

K:


L:


M:

[10/12/2017 10:09:27] - |A| - (.-.) - [222] - (0.0.0.0) - M:\autorun.inf

N:


O:

[31/10/2017 14:50:18] - |A| - (.WiseCleaner.com                                                                                     - WiseADCleaner                                            .) - [4391504] - (1.1.1.41) - O:\WADCleanerSetup.exe
[12/06/2017 13:57:22] - |A| - (.ÃÂ©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - O:\FRST.exe
[31/10/2017 15:41:02] - |A| - (.Copyright (C) 2010 - Zinstall Loader.) - [155165496] - (2.6.0.0) - O:\zinstall-backup.exe
[17/04/2017 07:35:21] - |A| - (.ResetBrowser - Comment Supprimer ? - ResetBrowser.) - [1622528] - (0.1.1.6) - O:\ResetBrowser.exe
[12/06/2017 13:57:26] - |A| - (.                                                                                                   - Ashampoo Music Studio 4 Setup                            .) - [2492000] - (1.0.0.0) - O:\ashampoo_music_studio_4_dl.exe
[12/06/2017 13:57:25] - |A| - (.Â© BleepingComputer.com. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - O:\iExplore.exe
[12/06/2017 13:57:26] - |A| - (.ÃÂ©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2438656] - (11.6.2017.0) - O:\FRST64.exe
[12/06/2017 13:57:26] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - O:\adwcleaner_6.047(2).exe
[12/06/2017 13:57:26] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - O:\adwcleaner_6.047.exe

P:


Q:

[05/02/2017 21:47:15] - |A| - (.-.) - [552] - (0.0.0.0) - Q:\COMODO TrustConnect (VPN).lnk
[14/09/2017 19:31:31] - |A| - (.Nicolas Coolman - ZHPLite.) - [1524608] - (2017.9.9.153) - Q:\ZHPlite (1).exe
[14/09/2017 19:31:31] - |A| - (.Nicolas Coolman - ZHPFix.) - [3061760] - (2017.6.13.1) - Q:\ZHPFix.exe
[03/10/2017 09:51:57] - |A| - (.-.) - [222764784] - (0.0.0.0) - Q:\Power2Go_11.0.1013.0_Essential_Essential_P2G160727-05.exe
[03/10/2017 09:52:51] - |A| - (.(c) Malwarebytes.                                                              - Malwarebytes Anti-Malware                                .) - [22851472] - (2.2.1.1043) - Q:\mbam-setup-2.2.1.1043.exe
[14/09/2017 19:31:27] - |A| - (.ÃÂ©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2397184] - (12.9.2017.0) - Q:\FRST64.exe
[03/10/2017 09:53:05] - |A| - (.Â© Microsoft Corporation. - Self-Extracting Cabinet.) - [376528] - (6.3.13.0) - Q:\refresh-windows-tool_1-0_fr_433221.exe
[03/10/2017 09:53:27] - |A| - (.                                                                                                   - Ashampoo HDD Control 2 Setup                             .) - [15989152] - (2.1.0.0) - Q:\ashampoo_hdd_control_2_2.1.0_sm.exe
[03/10/2017 09:53:32] - |A| - (.                                                                                                   - Ashampoo HDD Control 3 Corporate Setup                   .) - [16862776] - (3.20.0.0) - Q:\ashampoo_hdd_control_3_corporate_3.20.00_sm.exe

R:


S:

[23/03/2017 22:37:48] - |H| - (.-.) - [16] - (0.0.0.0) - S:\AUTORUN.INF

T:

[03/10/2017 15:44:27] - |A| - (.widen-finalis -.) - [549814988] - (1.0.0.0) - T:\cloturation_post-finalis_lfsu,_widen_&_100%s_finalis_3_octobre_setup_sib.exe

V:

[20/11/2016 17:09:36] - |H| - (.-.) - [16] - (0.0.0.0) - V:\AUTORUN.INF

W:


X:


Y:


---------- | C:

[31/08/2016 12:42:08] - |D| - [197395] - C:\$GetCurrent
[04/12/2017 07:23:38] - |SHD| - [129] - C:\$RECYCLE.BIN
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 15:29:29] - |N| - (.-.) - [0] - (0.0.0.0) - C:\$WINRE_BACKUP_PARTITION.MARKER
[07/12/2017 13:12:07] - |RSHD| - [2252800] - C:\360SANDBOX
[03/12/2017 14:02:54] - |D| - [2639540195] - C:\AdsFix
[MD5.0AAD4B3EB27101676AF7C19B3F442260] - [03/12/2017 14:07:56] - |A| - (.-.) - [65925] - (0.0.0.0) - C:\AdsFix_04_12_2017_01_25_37.txt
[04/12/2017 16:45:13] - |D| - [12533939] - C:\AdwCleaner
[28/08/2016 11:52:26] - |D| - [126944772] - C:\AMD
[MD5.C1431FCDE8E0C32ABFD1896B2DB264F2] - [08/09/2016 14:19:54] - |H| - (.-.) - [1024] - (0.0.0.0) - C:\AMTAG.BIN
[08/09/2016 19:15:19] - |HD| - [1119216000] - C:\Aomei
[MD5.2D0B0DB319A3CAC1EDADDD145E974712] - [01/12/2017 19:52:10] - |A| - (.-.) - [614] - (0.0.0.0) - C:\backup.status
[MD5.38AA9C42849E17C3F43213EB978DDF20] - [05/12/2017 15:14:30] - |AH| - (.-.) - [4096] - (0.0.0.0) - C:\BCDRULFA.QVZ
[02/08/2012 03:02:18] - |SHD| - [18154780] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 09:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 09:13:44] - |N| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[31/08/2016 12:31:56] - |D| - [1464652] - C:\Config.Msi
[26/07/2012 08:22:08] - |SHD| - [0] - C:\Documents and Settings
[MD5.C8822DDF8577DD4D9DF542800C93A831] - [09/12/2017 18:11:37] - |AH| - (.-.) - [4096] - (0.0.0.0) - C:\EIUFPMYI.QOL
[30/11/2017 19:17:51] - |D| - [0] - C:\ESD
[06/09/2016 19:41:46] - |D| - [0] - C:\EverySync
[08/12/2017 17:56:10] - |D| - [159493] - C:\FyK
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/12/2017 01:25:38] - |ASH| - (.-.) - [1535000576] - (0.0.0.0) - C:\hiberfil.sys
[07/01/2013 12:49:41] - |D| - [4053085] - C:\hp
[08/12/2017 19:01:39] - |D| - [0] - C:\IObit
[07/12/2017 09:55:26] - |D| - [0] - C:\iolo
[08/12/2017 14:08:47] - |D| - [0] - C:\netfilter2
[MD5.39B2C190F5BC73672F50BF2C5BEE8C95] - [09/09/2016 05:48:52] - |AH| - (.-.) - [32] - (0.0.0.0) - C:\OkBootConfig.dat
[09/09/2016 05:31:09] - |D| - [0] - C:\oklog
[MD5.2583063191B054A6967FE121767BCE0B] - [09/09/2016 12:09:14] - |AH| - (.-.) - [1024] - (0.0.0.0) - C:\OKTAG.BIN
[09/12/2017 08:20:25] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 08:30:46] - |N| - (.-.) - [0] - (0.0.0.0) - C:\OS
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/12/2017 19:00:48] - |ASH| - (.-.) - [2281701376] - (0.0.0.0) - C:\pagefile.sys
[08/09/2016 06:58:23] - |D| - [39126097] - C:\PcPinPoint
[29/09/2017 14:46:33] - |D| - [0] - C:\PerfLogs
[29/09/2017 14:46:33] - |RD| - [7100250686] - C:\Program Files
[29/09/2017 14:46:33] - |RD| - [13561547318] - C:\Program Files (x86)
[29/09/2017 14:46:33] - |HD| - [6732067826] - C:\ProgramData
[10/12/2017 10:53:38] - |D| - [68685] - C:\QuickDiag
[MD5.6A3385B24D58F16F52ADC23C480B57CD] - [10/12/2017 10:53:59] - |A| - (.-.) - [428017] - (0.0.0.0) - C:\QuickDiag.txt
[01/12/2017 08:02:18] - |SHD| - [1040] - C:\Recovery
[10/12/2017 08:10:12] - |D| - [6461] - C:\Spacekace
[08/12/2017 18:19:48] - |D| - [0] - C:\SUPERDelete
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/08/2016 10:39:41] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[02/08/2012 04:15:28] - |AD| - [1021170408] - C:\SWSETUP
[28/08/2016 10:39:40] - |SHD| - [0] - C:\System Volume Information
[01/08/2012 10:57:15] - |D| - [5674416] - C:\SYSTEM.SAV
[28/08/2016 15:25:52] - |AD| - [14114336] - C:\UsbFix
[29/09/2017 09:45:11] - |RD| - [43489938264] - C:\Users
[29/09/2017 09:45:11] - |D| - [20481652268] - C:\Windows
[01/12/2017 07:56:50] - |D| - [18143290901] - C:\Windows.old
[31/08/2016 12:39:12] - |D| - [15871053] - C:\Windows10Upgrade

---------- | C:\WINDOWS

[29/09/2017 14:46:33] - |D| - [802] - C:\WINDOWS\addins
[MD5.41CD34F96EE48B35868DC4B3A7315525] - [08/09/2016 19:26:08] - |A| - (.-.) - [750] - (0.0.0.0) - C:\WINDOWS\ampa.ini
[29/09/2017 14:46:33] - |D| - [28984511] - C:\WINDOWS\appcompat
[29/09/2017 14:46:33] - |D| - [8083446] - C:\WINDOWS\apppatch
[29/09/2017 14:46:33] - |D| - [0] - C:\WINDOWS\AppReadiness
[29/09/2017 14:46:33] - |RSD| - [1124280151] - C:\WINDOWS\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 14:59:37] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin
[29/09/2017 14:46:33] - |D| - [692493] - C:\WINDOWS\bcastdvr
[MD5.55F49769891E4DC7CAB3E293E1238888] - [29/09/2017 14:41:23] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [65536] - (10.0.16299.15) - C:\WINDOWS\bfsvc.exe
[29/09/2017 14:46:33] - |D| - [38255558] - C:\WINDOWS\Boot
[MD5.B4161BD032671CEE716424781521A5AD] - [01/12/2017 08:05:34] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[29/09/2017 14:46:33] - |D| - [2448464] - C:\WINDOWS\Branding
[01/12/2017 20:52:57] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.A155FFABF2F04265A97274CCAB44D773] - [30/09/2017 15:42:03] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml
[29/09/2017 14:46:33] - |D| - [11482410] - C:\WINDOWS\Cursors
[29/09/2017 14:46:33] - |D| - [184212] - C:\WINDOWS\debug
[29/09/2017 14:46:33] - |D| - [361545373] - C:\WINDOWS\DeliveryOptimization
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [01/12/2017 08:30:00] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[29/09/2017 14:46:33] - |D| - [4795199] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [01/12/2017 08:30:00] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[MD5.2A6A9FDD937D5968F609E9C9DA521FF3] - [08/09/2016 18:21:24] - |A| - (.-.) - [66560] - (0.0.0.0) - C:\WINDOWS\dm.batch.ops
[MD5.CBEE079F873D0283247FBA743426D4FF] - [31/08/2016 12:12:29] - |A| - (.-.) - [192] - (0.0.0.0) - C:\WINDOWS\dm.dmap
[29/09/2017 14:46:33] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[29/09/2017 14:46:33] - |HD| - [44608] - C:\WINDOWS\ELAMBKUP
[MD5.302F451BF9FAD6BC69E76D98CDBCA2BC] - [01/12/2017 05:28:12] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3903272] - (10.0.16299.98) - C:\WINDOWS\explorer.exe
[29/09/2017 14:46:33] - |RSD| - [357977620] - C:\WINDOWS\Fonts
[30/09/2017 15:40:03] - |D| - [109568] - C:\WINDOWS\fr-FR
[29/09/2017 14:46:33] - |D| - [46641423] - C:\WINDOWS\Globalization
[29/09/2017 14:46:33] - |D| - [2633541] - C:\WINDOWS\Help
[MD5.CDC3893777C157B13897B8A9144C1A39] - [29/09/2017 14:41:47] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [976896] - (10.0.16299.15) - C:\WINDOWS\HelpPane.exe
[MD5.620517DFE23E0DEB918F70538DF8AD67] - [29/09/2017 14:41:47] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [17920] - (10.0.16299.15) - C:\WINDOWS\hh.exe
[29/09/2017 14:46:33] - |D| - [173056880] - C:\WINDOWS\IME
[29/09/2017 14:46:33] - |RD| - [7817000] - C:\WINDOWS\ImmersiveControlPanel
[29/09/2017 14:44:34] - |D| - [46580877] - C:\WINDOWS\INF
[29/09/2017 14:46:33] - |D| - [1534194130] - C:\WINDOWS\InfusedApps
[29/09/2017 14:46:33] - |D| - [38118841] - C:\WINDOWS\InputMethod
[29/09/2017 14:46:33] - |SHD| - [2134762431] - C:\WINDOWS\Installer
[29/09/2017 14:46:33] - |D| - [94163] - C:\WINDOWS\L2Schemas
[29/09/2017 09:45:14] - |D| - [20280412] - C:\WINDOWS\Logs
[29/09/2017 14:46:33] - |RSD| - [20331141] - C:\WINDOWS\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [29/09/2017 14:42:00] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[29/09/2017 14:46:33] - |RD| - [802442660] - C:\WINDOWS\Microsoft.NET
[29/09/2017 14:46:33] - |D| - [2943] - C:\WINDOWS\Migration
[08/12/2017 19:00:49] - |D| - [0] - C:\WINDOWS\Minidump
[MD5.15750221BBFFA36C055D656C46899460] - [29/09/2017 14:41:38] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [246784] - (10.0.16299.15) - C:\WINDOWS\notepad.exe
[MD5.DE54E40D3A033FC81456CFCE10954CA8] - [10/12/2017 07:47:33] - |A| - (.-.) - [240890] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt
[30/09/2017 15:40:54] - |D| - [199472] - C:\WINDOWS\OCR
[29/09/2017 14:46:33] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[30/11/2017 22:55:53] - |DC| - [137601601] - C:\WINDOWS\Panther
[29/09/2017 14:46:33] - |D| - [438952] - C:\WINDOWS\Performance
[MD5.943D21573E96F0806119180471DBF071] - [08/12/2017 21:19:46] - |A| - (.-.) - [9238] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[29/09/2017 14:46:33] - |D| - [1136442] - C:\WINDOWS\PLA
[29/09/2017 14:46:33] - |D| - [2764562] - C:\WINDOWS\PolicyDefinitions
[01/12/2017 08:04:55] - |D| - [40227036] - C:\WINDOWS\Prefetch
[29/09/2017 14:46:33] - |RD| - [2166035] - C:\WINDOWS\PrintDialog
[MD5.09394999ADB19901C665454EE964B13C] - [31/08/2016 13:15:33] - |A| - (.-.) - [36] - (0.0.0.0) - C:\WINDOWS\progress.ini
[29/09/2017 14:46:33] - |D| - [3867916] - C:\WINDOWS\Provisioning
[MD5.77303DB3860BF5CBE6E1E8AE2EE5276B] - [06/09/2016 18:57:18] - |A| - (.Copyright (C) Nero AG 2016 - RegDefragTask.) - [157704] - (1.0.0.462) - C:\WINDOWS\RegDefragTask.exe
[MD5.14A3681D6247758B1F4880022ABEE0D7] - [29/09/2017 14:41:58] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [335872] - (10.0.16299.15) - C:\WINDOWS\regedit.exe
[29/09/2017 14:46:33] - |D| - [1117876] - C:\WINDOWS\registration
[29/09/2017 14:46:33] - |D| - [4104842] - C:\WINDOWS\rescache
[29/09/2017 14:46:33] - |D| - [3623417] - C:\WINDOWS\Resources
[MD5.F17FC1B9623917BAA4C9C32259240D5E] - [06/09/2016 15:52:09] - |A| - (.Copyright (C) Realtek Semiconductor Corp. - RtCRU.) - [4330712] - (1.13.0.0) - C:\WINDOWS\RtCRU64.exe
[MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [08/09/2016 13:48:50] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll
[29/09/2017 14:46:33] - |D| - [122082] - C:\WINDOWS\schemas
[29/09/2017 14:46:33] - |D| - [1048818] - C:\WINDOWS\security
[01/12/2017 05:40:54] - |D| - [41287136] - C:\WINDOWS\ServiceProfiles
[29/09/2017 09:45:11] - |D| - [73509551] - C:\WINDOWS\servicing
[29/09/2017 14:49:45] - |D| - [42] - C:\WINDOWS\Setup
[MD5.E11D5FA94F540F914A59DDB608F3772E] - [09/12/2017 05:36:11] - |A| - (.-.) - [1273] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.C6FAA16C3C81657ABFB731746813D806] - [08/09/2016 13:42:19] - |A| - (.Copyright Â©  2012 - SetupAfterRebootService.) - [10752] - (1.0.0.0) - C:\WINDOWS\SetupAfterRebootService.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/12/2017 05:36:11] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[29/09/2017 14:46:33] - |D| - [53787648] - C:\WINDOWS\ShellExperiences
[30/10/2015 20:03:03] - |D| - [4839] - C:\WINDOWS\ShellNew
[30/09/2017 15:40:41] - |D| - [3070736] - C:\WINDOWS\SKB
[28/08/2016 11:31:58] - |D| - [67121682] - C:\WINDOWS\SoftwareDistribution
[29/09/2017 14:46:33] - |D| - [86037185] - C:\WINDOWS\Speech
[29/09/2017 14:46:33] - |D| - [61728519] - C:\WINDOWS\Speech_OneCore
[MD5.B3FBABDA876CFA2B4695471D5348F59F] - [29/09/2017 14:42:06] - |A| - (.Â© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.16299.15) - C:\WINDOWS\splwow64.exe
[MD5.98540955F498DF125A5199E1C1DFBCFD] - [07/07/2016 08:08:40] - |A| - (.-.) - [86448] - (0.0.0.0) - C:\WINDOWS\suite.vssMgr.exe
[29/09/2017 14:46:33] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 08:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[29/09/2017 09:45:11] - |D| - [4635239897] - C:\WINDOWS\System32
[29/09/2017 14:46:34] - |D| - [198996845] - C:\WINDOWS\SystemApps
[29/09/2017 14:46:34] - |D| - [24127354] - C:\WINDOWS\SystemResources
[29/09/2017 09:45:15] - |D| - [1478117534] - C:\WINDOWS\SysWOW64
[30/10/2015 08:24:25] - |D| - [4350] - C:\WINDOWS\Tasks
[29/09/2017 14:46:34] - |D| - [1932141] - C:\WINDOWS\Temp
[29/09/2017 14:46:34] - |D| - [13343232] - C:\WINDOWS\TextInput
[29/09/2017 14:46:34] - |D| - [43083340] - C:\WINDOWS\twain_32
[MD5.F6C33A8A65C6AF007812EED398D783B2] - [29/09/2017 14:42:16] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[MD5.B38882E54F783A2C37946C27091DC8B4] - [02/09/2016 15:50:25] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\WINDOWS\UNINSTLMv4.EXE
[29/09/2017 14:46:34] - |D| - [12420] - C:\WINDOWS\Vss
[MD5.98540955F498DF125A5199E1C1DFBCFD] - [07/07/2016 08:08:40] - |A| - (.-.) - [86448] - (0.0.0.0) - C:\WINDOWS\vssMgr.exe
[29/09/2017 14:46:34] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.098503683DE84D209F8ED4D246F4A179] - [30/10/2015 08:24:29] - |A| - (.-.) - [155] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [29/09/2017 14:41:58] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [08/12/2017 21:25:12] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.02BD03E57C66CB40AEDB7039E93E7CB0] - [29/09/2017 14:42:16] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [11776] - (10.0.16299.15) - C:\WINDOWS\winhlp32.exe
[29/09/2017 09:45:11] - |D| - [6704551864] - C:\WINDOWS\WinSxS
[MD5.360A166B4DD11DFD897F73F5410FDEE2] - [02/09/2016 15:49:07] - |A| - (.Â© 2008 Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãcran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\WINDOWS\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [29/09/2017 14:41:16] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.0D5D4E344F5581C954355D7164DD4BE1] - [29/09/2017 14:41:38] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.16299.15) - C:\WINDOWS\write.exe
[MD5.36F5D3FFC3332B3F3A48CF1F1DCF05C2] - [09/12/2017 05:34:55] - |A| - (.-.) - [467565] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.C4F85351FD70DC758983E01E1A6DC697] - [09/12/2017 05:34:55] - |A| - (.-.) - [480719] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace

---------- | C:\WINDOWS\System32\GroupPolicy

[MD5.729EE5EAEF56C4FFD871253480FE899B] - [10/12/2017 09:44:59] - |A| - (.-.) - [154] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini
[10/12/2017 09:44:59] - |D| - [150] - C:\WINDOWS\System32\GroupPolicy\Machine
[10/12/2017 09:44:59] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[04/09/2016 08:11:28] - C:\WINDOWS\Installer\159ed6.msi : (Nero BurningROM 2016 - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:41] - C:\WINDOWS\Installer\159ee0.msi : (NeroControlCenter - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:38] - C:\WINDOWS\Installer\159eea.msi : (Nero Core Components - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:43] - C:\WINDOWS\Installer\159ef4.msi : (Nero Burning ROM 15 - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:24] - C:\WINDOWS\Installer\159efe.msi : (Nero Prerequisites - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:23] - C:\WINDOWS\Installer\159f08.msi : (Nero SharedVideoCodecs - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:28] - C:\WINDOWS\Installer\159f12.msi : (Nero CoverDesigner - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:21] - C:\WINDOWS\Installer\159f1b.msi : (Nero Update - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:25] - C:\WINDOWS\Installer\159f24.msi : (Nero Launcher - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:44] - C:\WINDOWS\Installer\159f2e.msi : (Nero BurningCore 15 - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:27] - C:\WINDOWS\Installer\159f38.msi : (Nero Info - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2016 08:12:21] - C:\WINDOWS\Installer\159f42.msi : (Nero Video 2016 - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2016 11:09:58] - C:\WINDOWS\Installer\26d3659.msi : (Epson Event Manager - Seiko Epson Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/05/2015 07:45:36] - C:\WINDOWS\Installer\26d3668.msi : (Epson E-Web Print - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2017 04:45:00] - C:\WINDOWS\Installer\291b67e.msi : (Epson Software Updater - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/09/2016 11:53:16] - C:\WINDOWS\Installer\2d60a5.msi : (Program - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/08/2017 00:00:00] - C:\WINDOWS\Installer\2d71c7a.msi : ( -)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2016 12:20:00] - C:\WINDOWS\Installer\32db55c.msi : (MyEpson Portal Setup - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:24] - C:\WINDOWS\Installer\35795.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:06:18] - C:\WINDOWS\Installer\39bdecb.msi : (RMB - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:02:12] - C:\WINDOWS\Installer\39bded0.msi : (Paragon NFSServer - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bded5.msi : (Paragon PRM vSphere Backup Appliance - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdeda.msi : (Paragon PRM Deduplication Server - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdedf.msi : (Paragon PRM Physical Backup - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdee4.msi : (Paragon PRM Backup Server - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:06:00] - C:\WINDOWS\Installer\39bdee9.msi : (Paragon PRM Administration Server - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdeee.msi : (Paragon PRM Management Console - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdef3.msi : (Paragon PRM Language Pack - German - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdef8.msi : (Paragon PRM Installation Client - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdefd.msi : (Paragon PRM Agent - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:06:00] - C:\WINDOWS\Installer\39bdf02.msi : (Paragon Exchange Granular Recovery - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:02:14] - C:\WINDOWS\Installer\39bdf07.msi : (Paragon UIM - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 13:01:54] - C:\WINDOWS\Installer\39bdf0c.msi : (Paragon PRM Troubleshotting Tool - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:34:20] - C:\WINDOWS\Installer\3ada118.msi : (LWS Help_main - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:18] - C:\WINDOWS\Installer\3ada120.msi : (LWS Webcam Software - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:16] - C:\WINDOWS\Installer\3ada128.msi : (CameraHelperMsi - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2012 18:55:20] - C:\WINDOWS\Installer\3ada130.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/07/2012 23:15:18] - C:\WINDOWS\Installer\3ada138.msi : (LWS Facebook - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2012 23:19:08] - C:\WINDOWS\Installer\3ada140.msi : (LWS Gallery - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:36:58] - C:\WINDOWS\Installer\3ada148.msi : (LWS Launcher - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:12] - C:\WINDOWS\Installer\3ada150.msi : (LWS Motion Detection - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 08:41:22] - C:\WINDOWS\Installer\3ada158.msi : (LWS Pictures And Video - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2011 03:51:16] - C:\WINDOWS\Installer\3ada160.msi : (LWS Twitter - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/06/2011 04:26:48] - C:\WINDOWS\Installer\3ada168.msi : (LWS WLM Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2011 23:14:28] - C:\WINDOWS\Installer\3ada170.msi : (LWS YouTube Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2016 13:39:36] - C:\WINDOWS\Installer\452b2b.msi : (Rebit 5 - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2016 13:40:03] - C:\WINDOWS\Installer\452b3a.msi : (Rebit 5 - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2016 13:40:22] - C:\WINDOWS\Installer\452b3f.msi : (Rebit 5 - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/01/2017 13:34:22] - C:\WINDOWS\Installer\53b2a1f.msi : (Paragon VM Copy Tool - Paragon Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 15:17:24] - C:\WINDOWS\Installer\6760e9.msi : (Rebit Pro - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2016 18:42:04] - C:\WINDOWS\Installer\69232.msi : (Rebit Pro - Rebit, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 15:48:36] - C:\WINDOWS\Installer\7cce4.msi : (MyWinLocker Suite - Egis Technology Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 15:10:47] - C:\WINDOWS\Installer\7cd25.msi : (ADOBER~1.0|Adobe Reader 9 - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 15:10:45] - C:\WINDOWS\Installer\7cd2f.msi : (Acrobat.com - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 14:44:05] - C:\WINDOWS\Installer\a341f37.msi : (V-locity - Condusiv Technologies)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 09:49:56] - C:\WINDOWS\Installer\a77919.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:16] - C:\WINDOWS\Installer\a7791f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:22] - C:\WINDOWS\Installer\a77925.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:30] - C:\WINDOWS\Installer\a7792b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:36] - C:\WINDOWS\Installer\a77931.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:44] - C:\WINDOWS\Installer\a77937.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:52] - C:\WINDOWS\Installer\a7793d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:00] - C:\WINDOWS\Installer\a77943.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:06] - C:\WINDOWS\Installer\a77949.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:16] - C:\WINDOWS\Installer\a7794f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:22] - C:\WINDOWS\Installer\a77955.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:30] - C:\WINDOWS\Installer\a7795b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:38] - C:\WINDOWS\Installer\a77961.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:46] - C:\WINDOWS\Installer\a77967.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:54] - C:\WINDOWS\Installer\a7796d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:02] - C:\WINDOWS\Installer\a77973.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:10] - C:\WINDOWS\Installer\a77979.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:18] - C:\WINDOWS\Installer\a7797f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:26] - C:\WINDOWS\Installer\a77985.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:34] - C:\WINDOWS\Installer\a7798b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:42] - C:\WINDOWS\Installer\a77991.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:50] - C:\WINDOWS\Installer\a77997.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:58] - C:\WINDOWS\Installer\a7799d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:06] - C:\WINDOWS\Installer\a779a3.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:40] - C:\WINDOWS\Installer\a779a9.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:07:30] - C:\WINDOWS\Installer\a779af.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:12] - C:\WINDOWS\Installer\a779b5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/01/2016 14:37:17] - C:\WINDOWS\Installer\aefbe9.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/09/2016 15:08:23] - C:\WINDOWS\Installer\bde5114.msi : (Adobe AIR Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/09/2016 15:30:24] - C:\WINDOWS\Installer\bf4c78a.msi : (BackItUp - Nero AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:24] - C:\WINDOWS\Installer\c6be7.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 09:49:56] - C:\WINDOWS\Installer\c6bec.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:16] - C:\WINDOWS\Installer\c6bf1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:22] - C:\WINDOWS\Installer\c6bf6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:30] - C:\WINDOWS\Installer\c6bfb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:36] - C:\WINDOWS\Installer\c6c00.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:44] - C:\WINDOWS\Installer\c6c05.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:52] - C:\WINDOWS\Installer\c6c0a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:00] - C:\WINDOWS\Installer\c6c0f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:06] - C:\WINDOWS\Installer\c6c14.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:16] - C:\WINDOWS\Installer\c6c19.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:22] - C:\WINDOWS\Installer\c6c1e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:30] - C:\WINDOWS\Installer\c6c23.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:38] - C:\WINDOWS\Installer\c6c28.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:46] - C:\WINDOWS\Installer\c6c2d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:04:54] - C:\WINDOWS\Installer\c6c32.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:02] - C:\WINDOWS\Installer\c6c37.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:10] - C:\WINDOWS\Installer\c6c3c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:18] - C:\WINDOWS\Installer\c6c41.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:26] - C:\WINDOWS\Installer\c6c46.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:34] - C:\WINDOWS\Installer\c6c4b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:42] - C:\WINDOWS\Installer\c6c50.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:50] - C:\WINDOWS\Installer\c6c55.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:05:58] - C:\WINDOWS\Installer\c6c5a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:06] - C:\WINDOWS\Installer\c6c5f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:06:40] - C:\WINDOWS\Installer\c6c64.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:07:30] - C:\WINDOWS\Installer\c6c69.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2015 19:03:12] - C:\WINDOWS\Installer\c6c6e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/12/2017 12:11:36] - C:\WINDOWS\Installer\d55bc2.msi : (Google Ad Blocker - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/12/2017 12:10:31] - C:\WINDOWS\Installer\d55bc5.msi : (Firefox Download Unblocker - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/12/2017 12:14:11] - C:\WINDOWS\Installer\d55bc8.msi : (Google Password Decryptor - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/12/2017 12:30:56] - C:\WINDOWS\Installer\d55bce.msi : (Google Password Remover - SecurityXploded)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2017 14:09:59] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[02/12/2017 14:10:22] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\NewShortcut1_B4EBD3E89A394A41B825BC37C011DD6E.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[02/12/2017 14:10:23] - [415960] - C:\WINDOWS\Installer\{05B0CF4A-564C-4549-913E-AE3EDA16971A}\NewShortcut6_465244A5DB8C4392A3D537510D1DB9FE.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[01/12/2017 11:31:03] - [88102] - C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:04] - [88102] - C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:32] - [88102] - C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe     () - ()
[06/09/2016 17:31:29] - [59608] - C:\WINDOWS\Installer\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[09/09/2016 15:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\ARPPRODUCTICON.exe     () - ()
[09/09/2016 15:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\AutoSave1_10085090E71D4A549E3244AB37A4CCC6.exe     () - ()
[09/09/2016 15:09:53] - [371894] - C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\AutoSave_10085090E71D4A549E3244AB37A4CCC6.exe     () - ()
[01/12/2017 11:28:44] - [10134] - C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe     () - ()
[06/09/2016 17:30:45] - [59608] - C:\WINDOWS\Installer\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[01/12/2017 14:25:09] - [60152] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\ARPPRODUCTICON.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [236280] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\collect_logs_46415E4E6A244A68BCD90E2A7BBBE92D.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [72440] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\eulaSc_8384FC6846E7455F813279C4A4BD7848.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\faqSc_6850097D521D412C9D557BF6AAF77966.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\OpenProductShortcu_7B40FA946E0C4B2BB676ACAD0C712C08.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\OpenProductShortcu_9374267BBB8D415AB667F29A074CE29E.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\OpenProductShortcu_E4EB4CA62A0B4356AC2B2A2F509B24DB.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\privacySc_15450EAD0C55421290B773659CA982E3.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [223992] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\supportSc_00298BA3FA76493999ED2765008C425A.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 14:25:09] - [51960] - C:\WINDOWS\Installer\{1471F298-9784-425B-B295-B3194C0F27C0}\UninstallShortcut_29E3AA1700F24071BDD9C28FB44BF35D.exe     (Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 11:28:52] - [88102] - C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:21] - [88102] - C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:38] - [88102] - C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe     () - ()
[02/09/2016 15:49:07] - [132096] - C:\WINDOWS\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe     (Â© 2009 Microsoft Corporation.) - (Windows Live Photo Gallery)
[06/09/2016 17:29:45] - [59608] - C:\WINDOWS\Installer\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[01/12/2017 11:30:31] - [88102] - C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe     () - ()
[06/09/2016 17:31:09] - [59608] - C:\WINDOWS\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[06/09/2016 17:31:49] - [59608] - C:\WINDOWS\Installer\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[01/12/2017 11:29:45] - [88102] - C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:27] - [88102] - C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:52] - [88102] - C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe     () - ()
[28/08/2016 12:16:20] - [415960] - C:\WINDOWS\Installer\{36036827-FA38-4A74-8333-26BC4EEC9308}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[06/09/2016 15:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[06/09/2016 15:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\BackItUp._6DE631547FD24BC5962A4E5F07A1BE20.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[06/09/2016 15:31:20] - [284656] - C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\BackItUp._AB9F1F47710540918A47B78D2BED5DAD.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[02/09/2016 15:49:05] - [80395] - C:\WINDOWS\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe     () - ()
[01/12/2017 12:31:30] - [172877] - C:\WINDOWS\Installer\{58548A8C-122B-4889-A7B8-316ADB5B7C47}\GooglePasswordDecryptor.exe     () - ()
[01/12/2017 12:31:30] - [167036] - C:\WINDOWS\Installer\{58548A8C-122B-4889-A7B8-316ADB5B7C47}\SystemFoldermsiexec.exe     () - ()
[08/09/2016 15:23:03] - [58945] - C:\WINDOWS\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe     () - ()
[04/09/2016 08:17:12] - [301392] - C:\WINDOWS\Installer\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[31/08/2016 15:00:36] - [88102] - C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe     () - ()
[04/09/2016 08:18:09] - [69632] - C:\WINDOWS\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[01/12/2017 12:14:31] - [167036] - C:\WINDOWS\Installer\{6853AF43-F703-4727-9359-1DCFE9B5C689}\SystemFoldermsiexec.exe     () - ()
[01/12/2017 12:14:31] - [190699] - C:\WINDOWS\Installer\{6853AF43-F703-4727-9359-1DCFE9B5C689}\VistaUACMaker.exe     () - ()
[29/08/2016 05:55:26] - [1278016] - C:\WINDOWS\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe     (Copyright (C) SEIKO EPSON CORPORATION 2010-2013.) - (E-Web Print Preview)
[01/12/2017 11:29:09] - [88102] - C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe     () - ()
[02/09/2016 15:40:33] - [327680] - C:\WINDOWS\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe     (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 11:30:57] - [88102] - C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:51] - [88102] - C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe     () - ()
[04/09/2016 08:16:24] - [301040] - C:\WINDOWS\Installer\{83D2F005-37FD-4321-B5F7-24EFEACC9834}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 11:30:47] - [88102] - C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:36] - [88102] - C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe     () - ()
[04/09/2016 08:17:58] - [587760] - C:\WINDOWS\Installer\{92EBE575-0C6E-4713-B095-34BB927E5AC6}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[02/09/2016 14:46:10] - [321848] - C:\WINDOWS\Installer\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}\ARPPRODUCTICON.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[02/09/2016 14:46:10] - [321848] - C:\WINDOWS\Installer\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}\NewShortcut41_DC2CABC271B5470D88D48208CB90B2FA.exe     (Copyright (c) 2012 Flexera Software LLC.) - (InstallShield)
[29/08/2016 05:53:17] - [1241296] - C:\WINDOWS\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe     (Copyright (C) 2011) - (EProjManager Application)
[01/12/2017 11:30:15] - [88102] - C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:41] - [88102] - C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe     () - ()
[04/09/2016 08:16:37] - [587760] - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[04/09/2016 08:16:37] - [587752] - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 11:31:31] - [88102] - C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe     () - ()
[02/09/2016 15:49:07] - [61272] - C:\WINDOWS\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe     (Copyright Â© 2008 Microsoft Corporation.) - (start phone dialer through Messenger)
[07/09/2016 12:41:08] - [22435552] - C:\WINDOWS\Installer\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}\uninstall.exe     (? 2008-2010 COMODO Security Solutions, Inc.) - (COMODO BackUp setup)
[01/12/2017 11:30:25] - [88102] - C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:29:58] - [88102] - C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:28:58] - [88102] - C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe     () - ()
[06/09/2016 22:40:40] - [97873] - C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:09] - [88102] - C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe     () - ()
[07/09/2016 12:44:35] - [13840920] - C:\WINDOWS\Installer\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}\uninstall.exe     (? 2008-2010 COMODO Security Solutions, Inc.) - (cCloud setup)
[04/09/2016 08:17:02] - [587760] - C:\WINDOWS\Installer\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[09/09/2016 11:56:12] - [10134] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\ARPPRODUCTICON.exe     () - ()
[09/09/2016 11:56:12] - [32038] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\RunProductNameDskt_985F828E0E98429F9C05EF3BDE7568F7_1.exe     () - ()
[09/09/2016 11:56:12] - [32038] - C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\RunProductNameShor_985F828E0E98429F9C05EF3BDE7568F7.exe     () - ()
[01/12/2017 12:13:00] - [167036] - C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\SystemFoldermsiexec.exe     () - ()
[01/12/2017 12:13:00] - [123790] - C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\VistaUACMaker.exe     () - ()
[01/12/2017 11:31:11] - [4846] - C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 11:30:20] - [88102] - C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe     () - ()
[04/09/2016 08:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[04/09/2016 08:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[04/09/2016 08:18:24] - [296944] - C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\NeroLauncher.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[04/09/2016 08:19:11] - [296944] - C:\WINDOWS\Installer\{F030BFE8-8476-4C08-A553-233DE80A2BE1}\ARPPRODUCTICON.exe     (Copyright (C) 2008 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[01/12/2017 11:29:15] - [88102] - C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe     () - ()
[01/12/2017 12:15:53] - [169074] - C:\WINDOWS\Installer\{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}\GooglePasswordDecryptor.exe     () - ()
[01/12/2017 12:15:54] - [167036] - C:\WINDOWS\Installer\{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}\SystemFoldermsiexec_1.exe     () - ()
[01/12/2017 11:29:04] - [88102] - C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe     () - ()

---------- | %System%\*.in*

[29/09/2017 14:41:16] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[23/10/2012 03:05:36] - [29494] - C:\WINDOWS\System32\lvcoin64.ini
[01/12/2017 08:24:38] - [2335684] - C:\WINDOWS\System32\PerfStringBackup.INI
[29/09/2017 14:41:57] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[29/09/2017 14:41:41] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[29/09/2017 14:41:21] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[07/09/2016 00:54:47] - [2153120] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[29/09/2017 14:42:13] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
[MD5.00000000000000000000000000000000] - |D| - [10/12/2017 05:58:51] - [0 Ko] - C:\WINDOWS\Temp\767387F3-438F-48B1-A8BA-BD61D7D17C4C-Sigs
[MD5.00000000000000000000000000000000] - |D| - [08/12/2017 21:21:14] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:50] - [0 Ko] - C:\WINDOWS\Temp\BIUPC_Dumps
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:50] - [0 Ko] - C:\WINDOWS\Temp\BIUPC_Logs
[MD5.00000000000000000000000000000000] - |D| - [08/12/2017 21:20:22] - [2.35 Ko] - C:\WINDOWS\Temp\Comodo LogsFolder
[MD5.00000000000000000000000000000000] - |D| - [08/12/2017 21:20:20] - [26 Ko] - C:\WINDOWS\Temp\ComodoLogsFolder
[MD5.626559B7A676EE23EFB822BE0AA7EC27] - |A| - [09/12/2017 11:44:04] - (.-.) - [12.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\comodo_update_version.ini
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:44] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:44] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:44] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:35:44] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 13:47:31] - [0 Ko] - C:\WINDOWS\Temp\Diskeeper
[MD5.6B2BFB0EE865DE83F7183D50D1C9D507] - |A| - [09/12/2017 05:39:02] - (.-.) - [6.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DLL_{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}.ini
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/12/2017 05:39:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\is646.tmp
[MD5.73BEB70AD5008E0FBF6A593F66B47396] - |A| - [08/12/2017 21:21:12] - (.-.) - [45.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 08:59:09] - [0 Ko] - C:\WINDOWS\Temp\MPInstrumentation
[MD5.2DC3CB869782CDEFA2CD71897D72D0DA] - |A| - [09/12/2017 05:44:30] - (.-.) - [15.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.FC99823C7AD5F75756A6F858A1081DBC] - |A| - [09/12/2017 05:38:59] - (.-.) - [67.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI3fa20.LOG
[MD5.56D29B4F21D0119114E35A341A902B41] - |A| - [09/12/2017 13:47:31] - (.-.) - [4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI3fa21.LOG
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:37:30] - [0 Ko] - C:\WINDOWS\Temp\vmware-SystÃ¨me
[MD5.4E6D8DBEC5748691666E4DFAD179AAF9] - |A| - [09/12/2017 13:47:48] - (.-.) - [0.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8079.tmp.WERDataCollectionStatus.txt
[MD5.EF5293E91FC53CDB19F15EA20E785170] - |A| - [09/12/2017 13:51:28] - (.-.) - [0.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERDAEE.tmp.WERDataCollectionStatus.txt
[MD5.00000000000000000000000000000000] - |D| - [08/12/2017 21:20:12] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:39:08] - [1535.34 Ko] - C:\WINDOWS\Temp\{1626C615-200C-47C3-8030-0E3B165CF896}
[MD5.00000000000000000000000000000000] - |D| - [09/12/2017 05:39:01] - [171.64 Ko] - C:\WINDOWS\Temp\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}
[MD5.00000000000000000000000000000000] - |D| - [07/09/2016 00:46:15] - [328.34 Ko] - C:\WINDOWS\System32\1033
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 14:41:41] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [29/09/2017 14:41:27] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [29/09/2017 14:41:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 14:41:33] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [29/09/2017 14:41:50] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [29/09/2017 14:41:56] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 14:41:58] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [29/09/2017 14:42:07] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [29/09/2017 14:41:33] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 14:41:41] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [29/09/2017 14:41:31] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [29/09/2017 14:41:31] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:14] - [2985.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.E928E5009E2B1F4D956E57990D456054] - |A| - [08/09/2016 15:15:01] - (.-.) - [30.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ambakdrv.sys
[MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amde31a.dat
[MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |A| - [21/10/2015 02:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll
[MD5.AF1928F5E15921A29877C2E18626F80E] - |A| - [21/10/2015 02:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdhdl64.dll
[MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdicdxx.dat
[MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |A| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\WINDOWS\System32\amdlvr64.dll
[MD5.C366C5A2EE8F1F586691E4511AB56040] - |A| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\WINDOWS\System32\amdmantle64.dll
[MD5.3960C946E67311C9831550AEDC649C3A] - |A| - [21/10/2015 02:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll
[MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |A| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmmcl6.dll
[MD5.7BA9A6BBF176D945D7B201865897E158] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\WINDOWS\System32\amdocl12cl64.dll
[MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\WINDOWS\System32\amdocl64.dll
[MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |A| - [21/10/2015 02:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_as64.exe
[MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |A| - [21/10/2015 02:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdocl_ld64.exe
[MD5.2B79CD2445F85D54959702583ECBCC04] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\amdpcom64.dll
[MD5.766A3BC550C16070DE4AC86C5599FC8D] - |A| - [08/09/2016 15:15:01] - (.-.) - [11.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amreg.sys
[MD5.609C2E5B69EB5D4F7131F7DF1107396B] - |A| - [08/09/2016 15:15:03] - (.-.) - [17.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amwrtdrv.sys
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [2489.45 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [299 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\as-IN
[MD5.28DF09388444100467873AC906FD6CB2] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\WINDOWS\System32\atiadlxx.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb
[MD5.CC2470CA903EA355A24F05520D79BDB8] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\WINDOWS\System32\atiapfxx.exe
[MD5.279066332FA267076E3BEE81C4297F87] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalcl64.dll
[MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticaldd64.dll
[MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\WINDOWS\System32\aticalrt64.dll
[MD5.BE92AD0155D4A23D0073AF51BE808B29] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\WINDOWS\System32\aticfx64.dll
[MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |A| - [21/10/2015 02:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\WINDOWS\System32\atidemgy.dll
[MD5.8700278344BED8D4A3A5AC2875359584] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\WINDOWS\System32\atidxx64.dll
[MD5.69F82C40A189962A65F6D5A02DF8599F] - |A| - [21/10/2015 02:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe
[MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |A| - [21/10/2015 02:14:46] - (.Copyright Â© 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atieclxx.exe
[MD5.521248FA26458669BAAE6AB7DB21F3AC] - |A| - [21/10/2015 02:14:46] - (.Copyright Â© 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\WINDOWS\System32\atiesrxx.exe
[MD5.E4F96DFF0501430BF7C6E90841A7282D] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6pxx.dll
[MD5.86F2AE002AF9222F34937823B98753C2] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atig6txx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiicdxx.dat
[MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\WINDOWS\System32\atimpc64.dll
[MD5.C84C24F13663EF5A59C1E598A350C8C3] - |A| - [21/10/2015 02:14:46] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\WINDOWS\System32\atimuixx.dll
[MD5.7D9CCB5DD8837D6AC954956A5812112C] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\WINDOWS\System32\atio6axx.dll
[MD5.0E89795F721B2BC02D0A12C470750DF6] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODCLI.exe
[MD5.C7A506822BE45CD42415710979CDAE7F] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\WINDOWS\System32\ATIODE.exe
[MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |A| - [21/10/2015 02:14:46] - (.Copy Right Â© 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\WINDOWS\System32\atitmm64.dll
[MD5.067CED045532C58B46E6527BCE3CB47F] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiu9p64.dll
[MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\WINDOWS\System32\atiumd64.dll
[MD5.486D6985E7B7826DBBEAE12755851027] - |A| - [22/08/2015 01:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap
[MD5.0A9CA09952D768F768D2903F984102DC] - |A| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\WINDOWS\System32\atiumd6a.dll
[MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\WINDOWS\System32\atiuxp64.dll
[MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce02.dat
[MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativce03.dat
[MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik.dat
[MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cik_nd.dat
[MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_cz_nd.dat
[MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ.dat
[MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_FJ_nd.dat
[MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi.dat
[MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [29/09/2017 14:41:25] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.8AB8CC8200DF2148BEA11FD7F520EA3A] - |A| - [28/08/2016 12:22:15] - (.Copyright Â© 1997-2011 BitDefender - BitDefender Firewall.) - [205.06 Ko] - (1.0.14.0) - C:\WINDOWS\System32\BdFirewallSDK.dll
[MD5.E32E201688F60CBEF10439F568F94DF5] - |A| - [28/08/2016 12:22:15] - (.Copyright (C) BitDefender LLC - BitDefender Firewall Core Library.) - [153.26 Ko] - (7.0.0.2) - C:\WINDOWS\System32\bdfwcore.dll
[MD5.73D9B14B7C8621500675F8123043C864] - |A| - [28/08/2016 12:22:16] - (.Â© 2008 BitDefender S.R.L. - BitDefender POP3 Proxy.) - [152.26 Ko] - (2.63.11.0) - C:\WINDOWS\System32\bdpop3p.dll
[MD5.5A60405B7D88A6B6DF933DCCE778DD99] - |A| - [28/08/2016 12:22:15] - (.Copyright (C) BitDefender LLC - BitDefender Proxy Redirector User-Mode Module.) - [93.91 Ko] - (7.0.0.5) - C:\WINDOWS\System32\bdpredir.dll
[MD5.44CF1CE6512CA6B54083156DF7DE3359] - |A| - [28/08/2016 12:22:16] - (.Â© 2008 BitDefender S.R.L. - BitDefender SMTP Proxy.) - [1036.89 Ko] - (2.63.11.0) - C:\WINDOWS\System32\bdsmtpp.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [287 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [4632.72 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.5712256A8FAB555CC50AEAC2A899A17A] - |A| - [29/09/2017 14:41:41] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [180.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [48667.64 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [35417.25 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |A| - [21/10/2015 02:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [3345.59 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.A0E91D21C945781D03EA0BA1C95F821E] - |A| - [21/10/2015 02:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.20.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [358 Ko] - C:\WINDOWS\System32\com
[MD5.10A63A258C2B40D5CB7B5F52FB9EFBBE] - |A| - [08/09/2016 13:59:01] - (.2013 Â© Real Sound Lab SIA, iSoft Solutions - CONEQÂ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [274012.85 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [53.11 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [346 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.074BF7CCDCE132C5648AD1D7623BF99E] - |A| - [08/09/2016 13:59:03] - (.Â©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [342 Ko] - C:\WINDOWS\System32\da-DK
[MD5.ACAC0D435BC0ACAD92784D0668AC2D5E] - |A| - [29/09/2017 14:41:38] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [203.41 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [386 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 14:41:26] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [29/09/2017 14:41:25] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [29/09/2017 14:46:41] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [23/10/2012 03:17:38] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\System32\DevManagerCore.dll
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [864.5 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.5FF3FA1BFBB0CD05534F650EA27A6651] - |A| - [29/09/2017 14:41:45] - (.-.) - [90.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [8759.8 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [1127.34 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:04] - [129390.12 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [1065744.52 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [161.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [29/09/2017 14:41:25] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [29/09/2017 14:41:25] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [29/09/2017 14:41:25] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.4D1B8C9983D257EE86B6CC57C639E8E5] - |A| - [29/09/2017 14:41:12] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [381.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.31A723E07A464AC77CDFEE423C5865BF] - |A| - [31/08/2016 15:16:44] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:04] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [271 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [2169.03 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [371.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [298.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [01/12/2017 07:54:33] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL
[MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [01/12/2017 07:54:31] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_ID4BLPE.DLL
[MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [01/12/2017 07:54:31] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\WINDOWS\System32\E_ILMBLPE.DLL
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:33] - [28352.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR
[MD5.4C3F9C29272215D7C6D07D03BC30E877] - |A| - [01/12/2017 04:58:02] - (.-.) - [953 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.9100FDF61D7977FD2C2E1D62589171DC] - |A| - [01/12/2017 04:58:02] - (.-.) - [263.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.812CDFD967D2E82A3D24FCAA5784749D] - |A| - [29/09/2017 14:41:33] - (.-.) - [1325.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.3C7D1E4786522EA69600111D7A7135EB] - |A| - [09/09/2016 15:38:28] - (.Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. - EaseUS Todo Backup Application.) - [23.54 Ko] - (3.0.0.1) - C:\WINDOWS\System32\fbnative.exe
[MD5.3F17BC60834ADC5A57D420700C306C67] - |A| - [29/09/2017 14:41:12] - (.-.) - [48.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [346 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.55A601C6095888ADC0DF17FC4E59083A] - |A| - [01/12/2017 08:03:42] - (.-.) - [221.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:04] - [3403 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [306.5 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [45040.1 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [29/09/2017 14:42:03] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |HD| - [10/12/2017 09:44:59] - [0.3 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [284 Ko] - C:\WINDOWS\System32\he-IL
[MD5.4CD16A9C15397E1FAD5F19E35A13BE58] - |A| - [29/09/2017 14:41:27] - (.-.) - [215.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [278 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.77071BF934BEF16D5F02E31624258A91] - |A| - [21/10/2015 02:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll
[MD5.FD4C613364F59BAAC59A2C4F5F0EE52B] - |A| - [28/08/2016 12:22:16] - (.Copyright (C) BitDefender - Http Filter Proxy.) - [190.45 Ko] - (7.0.0.8) - C:\WINDOWS\System32\httproxy.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [352.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:33] - [124.21 Ko] - C:\WINDOWS\System32\hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [29/09/2017 14:41:23] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.FC7A71725A4887AD88FB4A0B764FFBF4] - |RA| - [29/09/2017 14:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1856 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.FB96578635DB1CFC08871A599539349E] - |RA| - [29/09/2017 14:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1309.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.19C3C8394B1A8EBE7CF61A8C0221C024] - |A| - [29/09/2017 14:41:25] - (.-.) - [168.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.D13EA5B1CC8BA39847B56DE96880B8DB] - |A| - [12/08/2016 07:00:18] - (.-.) - [681.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\im-fre.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [24877.67 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.B98C0E77C3C1034303C20843DE05455E] - |A| - [29/09/2017 14:41:31] - (.-.) - [180.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [6389.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.D506921989872994B9C5615D4761882C] - |A| - [30/11/2017 19:11:47] - (.Copyright Â© 2005-2016 - IObit Smart Defrag Extension.) - [125.28 Ko] - (1.0.0.25) - C:\WINDOWS\System32\IObitSmartDefragExtension.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [371.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [270.91 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\ka-GE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [262 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\ky-KG
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [29/09/2017 14:41:25] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [33 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [212.14 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [902.83 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [23/10/2012 03:17:38] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |A| - [23/10/2012 03:17:38] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPPApp.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [274.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [276 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [23/10/2012 03:13:10] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvco1380853.dll
[MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [23/10/2012 03:13:10] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvcod64.dll
[MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [23/10/2012 03:05:36] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoin64.ini
[MD5.CD0E783755F962CC3602DDB65759A056] - |A| - [09/12/2017 07:57:14] - (.-.) - [6.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log
[MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [23/10/2012 03:13:10] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUI64.dll
[MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [23/10/2012 03:13:10] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUIRC64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [29991.18 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantle64.dll
[MD5.EA33454E28EE1F3CA432DA87203DA24F] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\WINDOWS\System32\mantleaxl64.dll
[MD5.B209D959831AEF092817ECF8756F71B3] - |A| - [29/09/2017 14:41:58] - (.-.) - [776 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.39DFF42E57C53A58C162F4760A75EA84] - |A| - [20/05/2016 09:50:40] - (.-.) - [46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MDA_NTDRV.sys
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [29/09/2017 14:41:25] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [01/12/2017 05:40:55] - [1098.79 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [5611.13 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:33] - [47083.1 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [31/08/2016 12:06:40] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [84.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [19.15 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [334 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [384 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [29/09/2017 14:42:03] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [359.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.0A13D6818BCBF860EDCEC1ED1E7B9698] - |A| - [28/08/2016 12:22:15] - (.Copyright Â© 1997-2011 BitDefender - OEMBdpredir Dynamic Link Library.) - [120.05 Ko] - (1.0.5.0) - C:\WINDOWS\System32\OEMbdpredir.dll
[MD5.5D4A5E27D573738E0C8C8FF4C0715DAF] - |A| - [29/09/2017 14:46:43] - (.-.) - [17.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [13355.83 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [29/09/2017 14:41:25] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.EE43351DDA602048D460624A982AF585] - |A| - [29/09/2017 14:48:30] - (.-.) - [201.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.9A7694FB5E00F11F367B9E6187141E03] - |A| - [30/09/2017 15:40:07] - (.-.) - [221.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [29/09/2017 14:48:30] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [30/09/2017 15:40:07] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.2BDC51964F331DB009CD1BCBC1928752] - |A| - [29/09/2017 14:48:30] - (.-.) - [839.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.C21C4E32B049F65C040118D86BC34503] - |A| - [30/09/2017 15:40:07] - (.-.) - [1013.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.D6A2B6F83995A467D1D2D51DB7BEF80A] - |A| - [01/12/2017 08:24:38] - (.-.) - [2280.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [358.5 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [673 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [29/09/2017 14:42:04] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [359.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [355 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [29/09/2017 14:41:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [23/10/2012 03:05:58] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Repository.reg
[MD5.E17EAD4E09FB96BD6DB717CB605B17F1] - |A| - [29/09/2017 14:42:06] - (.-.) - [8.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.8286304CD9A20E2A4621D931F1CEF5CB] - |A| - [29/09/2017 14:42:06] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.335DDF53E8248EECBF7FF0D0E09B0D18] - |A| - [08/09/2016 14:01:27] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.F0D430DC167D5F9941ABEEC4A134DFCF] - |A| - [08/09/2016 14:01:27] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [06/09/2016 15:52:09] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.C80534E6C27DFD36994CD0E0B9D335EB] - |A| - [08/09/2016 14:01:36] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.653C4F65DA2066AB75B979BC00102011] - |A| - [08/09/2016 14:01:36] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.AD6279BFA473108B0F876CD4F511F128] - |A| - [08/09/2016 14:01:36] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.19F9E0BBB26FD220FC8F0B6D2FFD6E54] - |A| - [08/09/2016 14:01:37] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5014918488EE3C1CD6D150AFF0321060] - |A| - [01/12/2017 04:57:57] - (.-.) - [95.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [29/09/2017 14:43:11] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [29/09/2017 14:42:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\si-LK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [283 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [279.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.AEA5AD87A6238418E0E84FDB327190C9] - |A| - [08/09/2016 14:02:30] - (.Copyright (C) 2015 DTS, Inc. - DTS Universal APO DLL.) - [984.73 Ko] - (3.5.0.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.D3EDC91EF9ABF3779F372AB44C13744A] - |A| - [08/09/2016 14:02:31] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Controller DLL.) - [1256.01 Ko] - (3.5.0.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [01/12/2017 08:03:47] - [14591.71 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.42122083186CBFEF5FB153376D41F571] - |A| - [08/09/2016 14:02:33] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.1B397955D564695499E5307C4D89C135] - |A| - [08/09/2016 14:02:33] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Technology DLL.) - [1883.43 Ko] - (3.5.0.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [29/09/2017 14:41:25] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.D57880A3F9F22D67974EF0EB8B67021C] - |A| - [30/11/2017 19:02:13] - (.Copyright Â© 2005-2013 - SmartDefrag.) - [35.96 Ko] - (2.0.0.0) - C:\WINDOWS\System32\SmartDefragBootTime.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:11] - [13377.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 14:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.3A1FD4393E48758E9F2C5341FE48FCCB] - |A| - [29/09/2017 14:42:06] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [7488.9 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [12685.58 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [125035.47 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [4646.21 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [282 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.257906731C510CF42DC7EB672A17FB56] - |A| - [08/09/2016 14:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.3D3E815ADFA0146BC94E782758F0E599] - |A| - [08/09/2016 14:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.7760A6F9A001B2AA9A85709EABCA2BD8] - |A| - [08/09/2016 14:02:35] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 14:42:07] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.047BCF71FB0E5EC754437879E8DAA7F6] - |A| - [29/09/2017 14:42:00] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.0DEBF5C1D3D39D3E9EEBFE976863F63B] - |A| - [08/09/2016 14:02:36] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.550A079A6DA0ED6A2DF497E301C19A10] - |A| - [08/09/2016 14:02:36] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.00000000000000000000000000000000] - |D| - [31/08/2016 14:59:48] - [2267.75 Ko] - C:\WINDOWS\System32\SRSLabs
[MD5.EC12843D98AB3B2E3A63B447C9F4A490] - |A| - [08/09/2016 14:02:36] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.07CC4F1901B4321ACC15A60E91EE6245] - |A| - [08/09/2016 14:02:36] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.8653FF12B852832E847B8156915F49E4] - |A| - [08/09/2016 14:02:36] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [16984 Ko] - C:\WINDOWS\System32\sru
[MD5.1BA92CDCF58B0D7D298CC09799B4D431] - |A| - [29/09/2017 14:41:25] - (.-.) - [410 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [341 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:13] - [1265.7 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [907.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\System32\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [640.05 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [555.37 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [29/09/2017 14:41:57] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\te-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [260 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [336 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [29/09/2017 14:42:07] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [29/09/2017 14:42:07] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [277.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [2739.52 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.0F797414F415E2EF706B0B459D010447] - |A| - [20/04/2017 14:12:34] - (.-.) - [793.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Vim.RWBlock.dll
[MD5.820A2396A1155EB03FC55870C59D2D9C] - |A| - [20/04/2017 14:12:36] - (.-.) - [140.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vimbase.dll
[MD5.8680F525CC9F41A4AD87BFAEF81B2FE3] - |A| - [20/04/2017 14:12:38] - (.-.) - [2198.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vimsdk.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [85557.86 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [30309.07 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [29/09/2017 14:41:40] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [80245.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.1E38A547C9380DAB0F0692E1EE9CC5B3] - |A| - [29/09/2017 14:41:27] - (.-.) - [102.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [9437.01 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [108024 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [5286.48 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [29/09/2017 14:42:07] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.D224E07A6F89FD14C3FD8A83127811CC] - |A| - [29/09/2017 14:41:43] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.200BCDE9B44C32B1633B68A9AADA8AAA] - |A| - [29/09/2017 14:41:25] - (.-.) - [78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [260.04 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [225.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\System32\zu-ZA
[MD5.00000000000000000000000000000000] - |D| - [07/09/2016 00:46:14] - [328.34 Ko] - C:\WINDOWS\SysWOW64\1033
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 14:42:13] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 14:42:11] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 14:42:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 14:42:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 09:45:15] - [2001.4 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |SHD| - [05/12/2017 12:24:28] - [0 Ko] - C:\WINDOWS\SysWOW64\AI_RecycleBin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.7D4761FD5A02353C9BD70C1F5B15AA4F] - |A| - [21/10/2015 02:14:42] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
[MD5.F12467373381C72FAE9CA7C08ED6C919] - |A| - [21/10/2015 02:14:42] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdhdl32.dll
[MD5.87882BCCDF63B74B675ECCE6B6609DC2] - |A| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\WINDOWS\SysWOW64\amdlvr32.dll
[MD5.8F2144D05F41DD27308548B5D9D19101] - |A| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\amdmantle32.dll
[MD5.F9F99EA40AF48C716C2E823F2B6FD2D8] - |A| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmmcl.dll
[MD5.E30B1D883DC886016C38FDEE6755CCC6] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38790.48 Ko] - (10.0.1800.11) - C:\WINDOWS\SysWOW64\amdocl.dll
[MD5.5F0F6073A243FC8C4C190E3F06D1247E] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\WINDOWS\SysWOW64\amdocl12cl.dll
[MD5.40A2E4C2933EB5DE99C06F00A9E2C589] - |A| - [21/10/2015 02:14:44] - (.-.) - [980.49 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_as32.exe
[MD5.985589A3C4BB14ED23A15D9477475F7B] - |A| - [21/10/2015 02:14:42] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdocl_ld32.exe
[MD5.170EA2F4A32130BBF7EABD2D94B235AE] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\amdpcom32.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [280.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxx.dll
[MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\WINDOWS\SysWOW64\atiadlxy.dll
[MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb
[MD5.4A8BC73F07C13E602B573BE723BFB360] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalcl.dll
[MD5.64E261847856C53DE5A3007682707290] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticaldd.dll
[MD5.F1E925DE8ECC7BE99BCC380BBA3F477E] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\WINDOWS\SysWOW64\aticalrt.dll
[MD5.DCE2F09D2DF45938DB476B287D6F560B] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.88 Ko] - (8.17.10.1404) - C:\WINDOWS\SysWOW64\aticfx32.dll
[MD5.194B36603ED7BB93290F4A3C73B94764] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\WINDOWS\SysWOW64\atidxx32.dll
[MD5.B84EF06D0D8192F33EE5BC12B2BA3702] - |A| - [21/10/2015 02:14:46] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe
[MD5.B728F7B42DA61395F43C86BDDE5196E5] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atigktxx.dll
[MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiglpxx.dll
[MD5.B344A7D717211B7DF53E369FC58290DF] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\WINDOWS\SysWOW64\atimpc32.dll
[MD5.6557A2BB671495C8F7E127FCD23FAF3E] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\WINDOWS\SysWOW64\atioglxx.dll
[MD5.E183E40B75E742A6E597A922168C2405] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiu9pag.dll
[MD5.E638384DCD47CEA8F0DF2B6BAFB11F57] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\WINDOWS\SysWOW64\atiumdag.dll
[MD5.A98DA23A524803615B083CFCED1CE362] - |A| - [22/08/2015 01:50:46] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap
[MD5.34438A391DADBD03940AF0760E2932CB] - |A| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\WINDOWS\SysWOW64\atiumdva.dll
[MD5.C62336798199A3705424A6708445DD11] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\WINDOWS\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [265.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [2373.14 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [322 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [364 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 14:42:09] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [23/10/2012 03:17:38] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\DevManagerCore.dll
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [200.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [6894.45 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1079.58 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [3414.56 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.32 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [358.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [251.5 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1533.03 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [349.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [277 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [247.5 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [24198.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:05] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [284 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [37530.65 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [266.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.3A7F920893FD6F49BC4CC07B72914013] - |A| - [29/09/2017 14:42:09] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [258 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.506C5BE8B184615F7F35A85C00A16E76] - |A| - [21/10/2015 02:14:48] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [331 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.F0851D76262FF35F76156F628A04099B] - |RA| - [29/09/2017 14:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1602.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.40E2D734687DAF397D472B70FC305781] - |RA| - [29/09/2017 14:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1131.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.4F6BFC6464D620149C2BB60243C6A3B8] - |A| - [29/09/2017 14:42:11] - (.-.) - [146.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [218.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.CADC1F6669EC3F9143A33D1342C2410E] - |A| - [07/09/2016 12:25:21] - (.-.) - [209.5 Ko] - (1.0.0.110) - C:\WINDOWS\SysWOW64\ISCM32.dll
[MD5.ED5D4435EC628F9EBB6AEC8A1D3FA41D] - |A| - [07/09/2016 12:25:21] - (.-.) - [704.36 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\ISCM64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [350 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [252 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\ka-GE
[MD5.5ACD11DF2AA5F3E3F30F785589B70347] - |A| - [13/11/2005 19:07:12] - (.-.) - [6.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\kc.exe
[MD5.6315AB54B0156C7B5B1B6E499601C171] - |A| - [29/10/2006 16:36:54] - (.Killer{R} -.) - [1158 Ko] - (2.8.4.0) - C:\WINDOWS\SysWOW64\killcopy.exe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28 Ko] - C:\WINDOWS\SysWOW64\km-KH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [249 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\ky-KG
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [33 Ko] - C:\WINDOWS\SysWOW64\lb-LU
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/12/2017 09:29:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\License.rdat
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [212.14 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.5EE61AF78EF3CF7DE7812C8EDCE0A9D8] - |A| - [09/12/2017 09:29:35] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\License_Time.rdat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [23/10/2012 03:17:38] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPP.dll
[MD5.24764C249F769991079F6D4B14B822AF] - |A| - [23/10/2012 03:17:38] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPPApp.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [254.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [256 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [23/10/2012 03:17:54] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\lvcodec2.dll
[MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [23/10/2012 03:18:06] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2.dll
[MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [23/10/2012 03:18:06] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2RC.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [24473.18 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.39CE334A6E1CBED62462A0CCCC080A5C] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantle32.dll
[MD5.890CD0E80FA4CA7728FF49E372D789F2] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\WINDOWS\SysWOW64\mantleaxl32.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [3067.44 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [815.4 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [338 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 14:46:34] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [641.72 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.1F1EFD8DDABC56776076E7301D5C57A2] - |A| - [07/09/2016 00:54:47] - (.-.) - [2102.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [336.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [338.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [333.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.5EE61AF78EF3CF7DE7812C8EDCE0A9D8] - |A| - [09/12/2017 09:29:36] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\RB.rdat
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [261.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 14:42:27] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.30FE146E2F0712AFEEA1ECF3E0EA270C] - |A| - [29/09/2017 14:42:09] - (.-.) - [302 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [321.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [241 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [316.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU
[MD5.ACC1181C0AA4D01B537F53A1CC33E766] - |A| - [29/09/2017 14:42:09] - (.-.) - [90 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [8939.79 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [5286.49 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:40:06] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.12D91C9A9837995A137ACE4B2E674918] - |A| - [29/09/2017 14:42:09] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [02/12/2017 13:55:35] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [220.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 14:46:34] - [214.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 15:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | Shell Folders

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\jean-\AppData\Roaming   [01/12/2017 08:07:37]
"Local AppData"=C:\Users\jean-\AppData\Local   [01/12/2017 08:07:37]
"CD Burning"=C:\Users\jean-\AppData\Local\Microsoft\Windows\Burn\Burn1   [01/12/2017 08:52:57]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Libraries   [28/08/2016 11:43:49]
"My Video"=C:\Users\jean-\Videos   [28/08/2016 11:41:29]
"My Pictures"=C:\Users\jean-\Pictures   [28/08/2016 11:41:29]
"Desktop"=C:\Users\jean-\Desktop   [28/08/2016 11:41:29]
"History"=C:\Users\jean-\AppData\Local\Microsoft\Windows\History   [28/08/2016 11:41:29]
"NetHood"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\jean-\Contacts   [28/08/2016 11:43:49]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\jean-\AppData\Local\Microsoft\Windows\RoamingTiles   [28/08/2016 11:43:49]
"Cookies"=C:\Users\jean-\AppData\Local\Microsoft\Windows\INetCookies   [28/08/2016 11:41:29]
"Favorites"=C:\Users\jean-\Favorites   [28/08/2016 11:41:29]
"SendTo"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\SendTo   [31/08/2016 15:04:34]
"Start Menu"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu   [31/08/2016 15:04:34]
"My Music"=C:\Users\jean-\Music   [28/08/2016 11:41:29]
"Programs"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [31/08/2016 15:04:34]
"Recent"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Recent   [28/08/2016 11:41:29]
"PrintHood"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\jean-\Searches   [28/08/2016 11:43:49]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\jean-\Downloads   [28/08/2016 11:41:29]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\jean-\AppData\LocalLow   [28/08/2016 11:41:30]
"Startup"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [28/08/2016 11:43:50]
"Administrative Tools"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [28/08/2016 11:43:50]
"Personal"=C:\Users\jean-\Documents   [28/08/2016 11:41:29]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\jean-\Links   [28/08/2016 11:41:29]
"Cache"=C:\Users\jean-\AppData\Local\Microsoft\Windows\INetCache   [01/12/2017 08:07:37]
"Templates"=C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Templates   [09/12/2017 10:40:48]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\jean-\Saved Games   [28/08/2016 11:41:29]
"Fonts"=C:\WINDOWS\Fonts   [29/09/2017 14:46:33]

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache   
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"CD Burning"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn1   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [29/09/2017 14:46:33]
"Common AppData"=C:\ProgramData   [29/09/2017 14:46:33]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 08:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 08:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [29/09/2017 14:46:33]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [29/09/2017 14:46:33]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [29/09/2017 14:46:33]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 08:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 08:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 08:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 08:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [29/09/2017 14:46:33]
"Common AppData"=C:\ProgramData   [29/09/2017 14:46:33]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 08:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 08:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [29/09/2017 14:46:33]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [29/09/2017 14:46:33]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [29/09/2017 14:46:33]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 08:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 08:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 08:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 08:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [jean-]

[01/12/2017 08:07:37] - |D| - [2429352038] - C:\Users\jean-\AppData\Local
[28/08/2016 11:41:30] - |D| - [8318851] - C:\Users\jean-\AppData\LocalLow
[01/12/2017 08:07:37] - |D| - [747233433] - C:\Users\jean-\AppData\Roaming
[28/08/2016 11:46:15] - |D| - [0] - C:\Users\jean-\AppData\Local\ActiveSync
[03/09/2016 08:13:51] - |D| - [80700] - C:\Users\jean-\AppData\Local\Adobe
[04/12/2017 10:24:38] - |D| - [82] - C:\Users\jean-\AppData\Local\Aimersoft
[28/08/2016 12:31:04] - |D| - [75553] - C:\Users\jean-\AppData\Local\AMD
[08/12/2017 10:32:37] - |D| - [161663] - C:\Users\jean-\AppData\Local\Anvisoft
[09/12/2017 08:28:31] - |D| - [5583270] - C:\Users\jean-\AppData\Local\Apowersoft
[01/12/2017 08:07:38] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Application Data
[28/08/2016 13:26:13] - |D| - [525796] - C:\Users\jean-\AppData\Local\ashampoo
[28/08/2016 12:30:13] - |D| - [66104] - C:\Users\jean-\AppData\Local\ATI
[07/12/2017 12:07:36] - |D| - [0] - C:\Users\jean-\AppData\Local\CEF
[02/12/2017 11:33:46] - |D| - [0] - C:\Users\jean-\AppData\Local\ChemTable Software
[28/08/2016 11:48:01] - |D| - [29581416] - C:\Users\jean-\AppData\Local\Comms
[07/12/2017 10:01:46] - |D| - [1608038] - C:\Users\jean-\AppData\Local\Comodo
[03/09/2016 07:02:29] - |D| - [2426] - C:\Users\jean-\AppData\Local\Condusiv_Technologies
[31/08/2016 15:38:45] - |D| - [1175747] - C:\Users\jean-\AppData\Local\ConnectedDevicesPlatform
[03/09/2016 08:08:41] - |D| - [0] - C:\Users\jean-\AppData\Local\CrashDumps
[06/09/2016 22:42:49] - |D| - [343524] - C:\Users\jean-\AppData\Local\CyberLink
[01/12/2017 08:58:23] - |D| - [0] - C:\Users\jean-\AppData\Local\DBG
[28/08/2016 14:02:04] - |D| - [0] - C:\Users\jean-\AppData\Local\Diagnostics
[09/09/2016 11:53:17] - |D| - [42436608] - C:\Users\jean-\AppData\Local\Downloaded Installations
[01/12/2017 08:07:38] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Historique
[10/12/2017 08:10:49] - |D| - [174080] - C:\Users\jean-\AppData\Local\IIIQF
[04/12/2017 13:21:17] - |D| - [368] - C:\Users\jean-\AppData\Local\iMusic
[07/12/2017 10:00:00] - |D| - [0] - C:\Users\jean-\AppData\Local\iolo
[07/09/2016 12:26:46] - |D| - [82] - C:\Users\jean-\AppData\Local\iSkysoft
[09/12/2017 16:37:08] - |D| - [4244] - C:\Users\jean-\AppData\Local\Lavasoft
[07/09/2016 12:54:01] - |D| - [2914129] - C:\Users\jean-\AppData\Local\LogitechÂ® Webcam Software
[01/12/2017 08:07:37] - |D| - [402999144] - C:\Users\jean-\AppData\Local\Microsoft
[28/08/2016 12:22:34] - |D| - [77361] - C:\Users\jean-\AppData\Local\MicrosoftEdge
[28/08/2016 12:47:01] - |D| - [114] - C:\Users\jean-\AppData\Local\Mozilla
[01/12/2017 11:50:51] - |D| - [27963519] - C:\Users\jean-\AppData\Local\Opera Software
[01/12/2017 08:08:57] - |D| - [80430412] - C:\Users\jean-\AppData\Local\Packages
[28/08/2016 11:45:25] - |D| - [0] - C:\Users\jean-\AppData\Local\PackageStaging
[06/09/2016 22:43:22] - |D| - [40960] - C:\Users\jean-\AppData\Local\Power2Go10
[07/12/2017 12:25:28] - |D| - [66437] - C:\Users\jean-\AppData\Local\PrivacyGuardian
[28/08/2016 13:23:44] - |D| - [170447381] - C:\Users\jean-\AppData\Local\Programs
[28/08/2016 11:47:33] - |D| - [0] - C:\Users\jean-\AppData\Local\Publishers
[03/09/2016 14:27:34] - |D| - [161644] - C:\Users\jean-\AppData\Local\SFR
[01/12/2017 08:07:37] - |D| - [1529080502] - C:\Users\jean-\AppData\Local\Temp
[01/12/2017 08:07:38] - |SHD| - [0] - C:\Users\jean-\AppData\Local\Temporary Internet Files
[08/12/2017 09:30:18] - |D| - [6196173] - C:\Users\jean-\AppData\Local\Thunderbird
[28/08/2016 11:43:41] - |D| - [14950162] - C:\Users\jean-\AppData\Local\TileDataLayer
[09/09/2016 15:13:12] - |D| - [372] - C:\Users\jean-\AppData\Local\Turbo View & Convert
[28/08/2016 11:43:53] - |D| - [3118] - C:\Users\jean-\AppData\Local\VirtualStore
[08/12/2017 10:05:55] - |D| - [5638303] - C:\Users\jean-\AppData\Local\WallpaperHd
[10/12/2017 08:12:53] - |D| - [0] - C:\Users\jean-\AppData\Local\WinSweeper
[28/08/2016 18:42:53] - |D| - [82] - C:\Users\jean-\AppData\Local\Wondershare
[07/09/2016 13:38:05] - |D| - [106327890] - C:\Users\jean-\AppData\Local\Zemana
[10/12/2017 10:54:50] - |D| - [234634] - C:\Users\jean-\AppData\Local\ZHP
[07/12/2017 09:55:36] - |D| - [6144] - C:\Users\jean-\AppData\LocalLow\360WD
[01/12/2017 09:35:45] - |D| - [32768] - C:\Users\jean-\AppData\LocalLow\BitTorrent
[08/12/2017 09:42:51] - |D| - [22510] - C:\Users\jean-\AppData\LocalLow\IObit
[28/08/2016 11:44:17] - |SD| - [8208277] - C:\Users\jean-\AppData\LocalLow\Microsoft
[08/12/2017 09:30:31] - |D| - [0] - C:\Users\jean-\AppData\LocalLow\Mozilla
[09/09/2016 15:44:17] - |D| - [0] - C:\Users\jean-\AppData\LocalLow\Temp
[07/09/2016 13:32:55] - |D| - [49152] - C:\Users\jean-\AppData\LocalLow\uTorrent
[07/12/2017 09:38:13] - |D| - [35117] - C:\Users\jean-\AppData\Roaming\360safe
[01/12/2017 14:18:36] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Acronis
[28/08/2016 11:43:45] - |D| - [175008] - C:\Users\jean-\AppData\Roaming\Adobe
[09/12/2017 08:28:55] - |D| - [44430] - C:\Users\jean-\AppData\Roaming\Apowersoft
[03/09/2016 07:52:07] - |D| - [5519] - C:\Users\jean-\AppData\Roaming\ArcticLine
[04/12/2017 13:38:10] - |D| - [40372] - C:\Users\jean-\AppData\Roaming\Ashampoo
[28/08/2016 13:26:56] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Ashampoo Slideshow Studio 2017
[28/08/2016 12:30:13] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ATI
[08/12/2017 10:19:42] - |D| - [994672] - C:\Users\jean-\AppData\Roaming\AVAST Software
[01/12/2017 12:12:42] - |D| - [295863378] - C:\Users\jean-\AppData\Roaming\Azureus
[03/09/2016 07:02:28] - |D| - [815] - C:\Users\jean-\AppData\Roaming\Condusiv_Technologies
[06/09/2016 22:43:10] - |D| - [179363528] - C:\Users\jean-\AppData\Roaming\CyberLink
[28/08/2016 18:38:42] - |D| - [0] - C:\Users\jean-\AppData\Roaming\DAEMON Tools Pro
[10/12/2017 08:47:20] - |D| - [16384] - C:\Users\jean-\AppData\Roaming\DMCache
[03/12/2017 13:41:35] - |A| - [57120] - C:\Users\jean-\AppData\Roaming\DMGR_0I0D0G1V2Z1P1R1M2W1F1C1I1QtJ1V0A0V0A0S0T.txt
[06/09/2016 19:41:37] - |D| - [384] - C:\Users\jean-\AppData\Roaming\EASEUS
[29/08/2016 05:53:19] - |D| - [6777] - C:\Users\jean-\AppData\Roaming\Epson
[04/09/2016 14:23:37] - |D| - [8407289] - C:\Users\jean-\AppData\Roaming\eufsc
[07/12/2017 10:24:05] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Executor
[08/12/2017 10:06:43] - |D| - [498116] - C:\Users\jean-\AppData\Roaming\Hotspot Shield
[08/09/2016 15:31:06] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Identities
[10/12/2017 08:47:20] - |D| - [1006520] - C:\Users\jean-\AppData\Roaming\IDM
[04/12/2017 10:22:59] - |D| - [7203379] - C:\Users\jean-\AppData\Roaming\iMusic
[08/12/2017 09:53:51] - |D| - [0] - C:\Users\jean-\AppData\Roaming\IObit
[07/12/2017 09:36:59] - |D| - [0] - C:\Users\jean-\AppData\Roaming\iolo
[07/12/2017 10:02:15] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ioloGovernor
[07/09/2016 12:27:00] - |D| - [0] - C:\Users\jean-\AppData\Roaming\iSkysoft iMedia Converter Deluxe
[10/12/2017 08:12:01] - |D| - [520] - C:\Users\jean-\AppData\Roaming\IsolatedStorage
[09/12/2017 16:36:39] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Lavasoft
[28/08/2016 12:22:31] - |D| - [737] - C:\Users\jean-\AppData\Roaming\LavasoftStatistics
[07/09/2016 12:38:42] - |D| - [345] - C:\Users\jean-\AppData\Roaming\Leadertech
[28/08/2016 15:25:07] - |D| - [327] - C:\Users\jean-\AppData\Roaming\Macromedia
[01/12/2017 08:07:37] - |SD| - [2317863] - C:\Users\jean-\AppData\Roaming\Microsoft
[30/11/2017 18:12:33] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Modules
[31/08/2016 11:54:10] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Mozilla
[05/12/2017 08:35:25] - |D| - [405] - C:\Users\jean-\AppData\Roaming\muvee Technologies
[03/09/2016 07:50:45] - |D| - [494592] - C:\Users\jean-\AppData\Roaming\NCH Software
[04/09/2016 08:06:29] - |D| - [25083909] - C:\Users\jean-\AppData\Roaming\Nero
[04/12/2017 09:38:55] - |D| - [25155203] - C:\Users\jean-\AppData\Roaming\OneSafe Driver Manager
[10/12/2017 10:34:43] - |D| - [9802] - C:\Users\jean-\AppData\Roaming\OneSafe PC Cleaner
[01/12/2017 11:50:22] - |D| - [26113075] - C:\Users\jean-\AppData\Roaming\Opera Software
[07/12/2017 11:26:06] - |D| - [0] - C:\Users\jean-\AppData\Roaming\Performix LLC
[04/12/2017 17:12:51] - |D| - [0] - C:\Users\jean-\AppData\Roaming\ProtectStar
[05/12/2017 12:23:54] - |D| - [766230] - C:\Users\jean-\AppData\Roaming\Reason
[29/08/2016 11:51:43] - |D| - [77] - C:\Users\jean-\AppData\Roaming\Skype
[07/12/2017 11:47:42] - |D| - [11963896] - C:\Users\jean-\AppData\Roaming\SoftMaker
[07/09/2016 05:05:05] - |D| - [0] - C:\Users\jean-\AppData\Roaming\TeamViewer
[06/09/2016 19:58:35] - |D| - [18832] - C:\Users\jean-\AppData\Roaming\TeraCopy
[08/12/2017 09:30:18] - |D| - [25479271] - C:\Users\jean-\AppData\Roaming\Thunderbird
[01/12/2017 09:17:47] - |D| - [81] - C:\Users\jean-\AppData\Roaming\TunesKit Spotify Converter
[30/11/2017 18:11:44] - |AD| - [24480732] - C:\Users\jean-\AppData\Roaming\UsbFix
[01/12/2017 09:20:23] - |D| - [3159] - C:\Users\jean-\AppData\Roaming\USBSafelyRemove
[07/09/2016 13:31:58] - |D| - [105431266] - C:\Users\jean-\AppData\Roaming\uTorrent
[07/09/2016 13:01:43] - |D| - [0] - C:\Users\jean-\AppData\Roaming\videos
[07/09/2016 13:01:43] - |D| - [343] - C:\Users\jean-\AppData\Roaming\Wise Video Downloader
[10/12/2017 10:54:51] - |D| - [6193960] - C:\Users\jean-\AppData\Roaming\ZHP
[07/09/2016 12:27:19] - |D| - [0] - C:\Users\jean-\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
[28/08/2016 11:43:49] - |SH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[01/12/2017 08:07:38] - |SHD| - [0] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[31/08/2016 15:04:34] - |RD| - [106469] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[07/09/2016 13:32:44] - |A| - [2686] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\ÂµTorrent.lnk
[01/12/2017 08:07:37] - |RD| - [3888] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[01/12/2017 08:07:37] - |RD| - [2927] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[28/08/2016 11:43:50] - |RD| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[07/09/2016 13:45:45] - |D| - [12363] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoaoPhoto Digital Studio
[05/12/2017 12:23:54] - |D| - [148] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
[01/12/2017 08:44:16] - |SH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[31/08/2016 12:10:04] - |D| - [3128] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IM-Magic Partition Resizer Free
[10/12/2017 08:47:14] - |D| - [6840] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[28/08/2016 15:54:03] - |D| - [6002] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy
[01/12/2017 08:07:37] - |D| - [170] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/12/2017 11:49:34] - |A| - [1366] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk
[09/12/2017 08:18:54] - |A| - [2409] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[04/12/2017 09:52:22] - |D| - [2619] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[09/12/2017 15:05:39] - |A| - [1811] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk
[02/09/2016 15:24:05] - |D| - [17782] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programmes audio
[28/08/2016 11:43:50] - |RD| - [1985] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[02/09/2016 15:23:27] - |D| - [20511] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suite NCH Software
[07/09/2016 12:24:10] - |D| - [1544] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercopier
[01/12/2017 08:07:37] - |RD| - [3496] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[07/09/2016 12:23:19] - |D| - [1544] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier
[28/08/2016 15:53:40] - |D| - [3420] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[07/09/2016 13:47:43] - |D| - [3437] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Watermark Pro
[01/12/2017 12:17:44] - |D| - [977] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vuze Leap
[01/12/2017 08:07:37] - |RD| - [7754] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[28/08/2016 11:43:50] - |SH| - [174] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[09/12/2017 15:05:39] - |A| - [1811] - C:\Users\jean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.com Platform.lnk

---------- | [MSSQL$ADK]

[01/12/2017 08:07:36] - |D| - [5648520] - C:\Users\MSSQL$ADK\AppData\Local
[07/09/2016 00:56:36] - |D| - [0] - C:\Users\MSSQL$ADK\AppData\LocalLow
[01/12/2017 08:07:36] - |D| - [346259] - C:\Users\MSSQL$ADK\AppData\Roaming
[01/12/2017 08:07:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Application Data
[01/12/2017 08:07:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Historique
[01/12/2017 08:07:36] - |D| - [5648520] - C:\Users\MSSQL$ADK\AppData\Local\Microsoft
[01/12/2017 08:07:36] - |D| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temp
[01/12/2017 08:07:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Local\Temporary Internet Files
[07/09/2016 00:56:34] - |D| - [313840] - C:\Users\MSSQL$ADK\AppData\Roaming\Macromedia
[01/12/2017 08:07:36] - |SD| - [32419] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft
[01/12/2017 08:07:36] - |SHD| - [0] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[07/09/2016 00:56:34] - |D| - [16794] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[01/12/2017 08:07:36] - |RD| - [3888] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[01/12/2017 08:07:36] - |RD| - [1486] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[01/12/2017 08:07:36] - |D| - [170] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/12/2017 08:07:36] - |RD| - [3496] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[01/12/2017 08:07:36] - |RD| - [7754] - C:\Users\MSSQL$ADK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [Public]


---------- | C:\ProgramData

[07/12/2017 13:08:49] - |SHD| - [4341] - C:\ProgramData\360Quarant
[07/12/2017 09:55:25] - |D| - [1784] - C:\ProgramData\360safe
[07/12/2017 09:55:31] - |D| - [16694196] - C:\ProgramData\360TotalSecurity
[01/12/2017 14:14:26] - |D| - [2714579] - C:\ProgramData\Acronis
[07/12/2017 11:26:07] - |D| - [44713437] - C:\ProgramData\Adguard
[02/09/2016 15:12:25] - |D| - [479] - C:\ProgramData\Adobe
[04/12/2017 18:17:16] - |D| - [0] - C:\ProgramData\Aimersoft
[31/08/2016 15:01:16] - |D| - [304] - C:\ProgramData\AMD
[08/12/2017 10:31:22] - |D| - [2762976] - C:\ProgramData\Anvisoft
[08/09/2016 14:51:28] - |D| - [1831] - C:\ProgramData\AomeiBR
[01/12/2017 08:38:40] - |SHD| - [0] - C:\ProgramData\Application Data
[28/08/2016 13:25:04] - |D| - [943998] - C:\ProgramData\Ashampoo
[01/12/2017 19:26:37] - |D| - [186] - C:\ProgramData\ATI
[08/12/2017 10:06:26] - |D| - [17009216] - C:\ProgramData\AVAST Software
[28/08/2016 12:40:20] - |D| - [0] - C:\ProgramData\BitDefender
[08/12/2017 10:07:30] - |D| - [49877] - C:\ProgramData\BOINC
[08/12/2017 12:47:19] - |D| - [0] - C:\ProgramData\boost_interprocess
[07/12/2017 11:26:14] - |D| - [143772] - C:\ProgramData\BSD
[28/08/2016 11:31:27] - |SHD| - [0] - C:\ProgramData\Bureau
[29/11/2017 17:14:32] - |D| - [0] - C:\ProgramData\BVRP Software
[01/12/2017 12:13:07] - |D| - [7126224] - C:\ProgramData\Caphyon
[05/12/2017 08:36:30] - |D| - [0] - C:\ProgramData\CheckPoint
[02/12/2017 11:38:56] - |D| - [0] - C:\ProgramData\Chemtable Software
[05/12/2017 12:22:01] - |D| - [0] - C:\ProgramData\CLSK
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms
[07/12/2017 09:43:06] - |D| - [149736] - C:\ProgramData\Comodo
[07/12/2017 09:43:07] - |D| - [243909] - C:\ProgramData\Comodo Downloader
[06/09/2016 21:58:59] - |D| - [609297] - C:\ProgramData\CyberLink
[01/12/2017 08:38:40] - |SHD| - [0] - C:\ProgramData\Documents
[28/08/2016 21:36:48] - |D| - [10913444] - C:\ProgramData\EPSON
[07/12/2017 13:14:11] - |A| - [258] - C:\ProgramData\fontcacheev1.dat
[10/12/2017 08:47:20] - |D| - [0] - C:\ProgramData\IDM
[05/12/2017 12:22:55] - |D| - [0] - C:\ProgramData\install_backup
[06/09/2016 22:12:53] - |D| - [41559] - C:\ProgramData\install_clap
[08/12/2017 09:53:47] - |D| - [28062] - C:\ProgramData\IObit
[07/12/2017 09:36:59] - |D| - [205774] - C:\ProgramData\iolo
[07/09/2016 12:24:16] - |D| - [3881709] - C:\ProgramData\iSkysoft
[07/09/2016 12:24:42] - |D| - [5423] - C:\ProgramData\iSkysoft iMedia Converter Deluxe
[10/12/2017 08:12:01] - |D| - [520] - C:\ProgramData\IsolatedStorage
[09/12/2017 16:33:02] - |D| - [0] - C:\ProgramData\Lavasoft
[07/09/2016 12:40:22] - |D| - [259] - C:\ProgramData\LogiShrd
[08/12/2017 18:09:30] - |D| - [114076657] - C:\ProgramData\Malwarebytes
[28/08/2016 11:31:27] - |SHD| - [0] - C:\ProgramData\Menu DÃ©marrer
[29/09/2017 14:46:33] - |SD| - [943982017] - C:\ProgramData\Microsoft
[01/12/2017 08:53:25] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[28/08/2016 11:31:27] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[05/12/2017 08:31:37] - |D| - [0] - C:\ProgramData\muvee Technologies
[03/09/2016 07:50:41] - |D| - [78708] - C:\ProgramData\NCH Software
[04/09/2016 08:10:06] - |AD| - [59851539] - C:\ProgramData\Nero
[01/12/2017 12:11:02] - |D| - [122] - C:\ProgramData\Oracle
[31/08/2016 15:00:20] - |D| - [3672320143] - C:\ProgramData\Package Cache
[02/12/2017 11:49:48] - |D| - [365087994] - C:\ProgramData\Paragon Software
[07/12/2017 10:00:05] - |D| - [229556] - C:\ProgramData\Phoenix360
[03/09/2016 06:51:04] - |D| - [2954] - C:\ProgramData\Reason
[28/08/2016 18:41:04] - |D| - [102614400] - C:\ProgramData\Rebit
[28/08/2016 13:39:31] - |AD| - [49023271] - C:\ProgramData\Rebit 5
[29/09/2017 14:46:33] - |D| - [0] - C:\ProgramData\regid.1991-06.com.microsoft
[07/09/2016 19:38:12] - |D| - [1800] - C:\ProgramData\RogueKiller
[07/12/2017 09:43:07] - |D| - [0] - C:\ProgramData\Shared Space
[29/09/2017 14:46:33] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[02/12/2017 10:43:18] - |D| - [645] - C:\ProgramData\Sony Corporation
[08/12/2017 18:15:45] - |D| - [70324312] - C:\ProgramData\SUPERAntiSpyware.com
[08/12/2017 18:15:42] - |D| - [0] - C:\ProgramData\SUPERSetup
[06/09/2016 22:12:53] - |D| - [12300803] - C:\ProgramData\SUPPORTDIR
[06/09/2016 22:40:47] - |D| - [0] - C:\ProgramData\Temp
[29/08/2016 05:56:46] - |D| - [4680] - C:\ProgramData\UDL
[01/12/2017 09:20:06] - |D| - [6078] - C:\ProgramData\USBSRService
[29/09/2017 14:46:33] - |D| - [9023] - C:\ProgramData\USOPrivate
[01/12/2017 08:15:02] - |D| - [786432] - C:\ProgramData\USOShared
[08/12/2017 17:47:39] - |D| - [144402097] - C:\ProgramData\UVK
[02/12/2017 13:32:15] - |D| - [0] - C:\ProgramData\VMware
[09/12/2017 11:24:15] - |D| - [227629] - C:\ProgramData\VoodooShield
[30/09/2017 15:41:33] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[28/08/2016 18:43:16] - |D| - [3164410] - C:\ProgramData\Wondershare
[28/08/2016 18:38:40] - |D| - [1015371134] - C:\ProgramData\Wondershare Video Editor
[10/12/2017 08:14:15] - |HD| - [23298677] - C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}
[10/12/2017 08:10:55] - |HD| - [46655595] - C:\ProgramData\{4B36989F-BE86-4A21-94B1-AC154A69EA65}
[02/12/2017 11:14:32] - |D| - [0] - C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[29/09/2017 14:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[01/12/2017 12:14:32] - |A| - [1444] - C:\ProgramData\Microsoft\Windows\Start Menu\Firefox Download Unblocker.lnk
[01/12/2017 12:13:00] - |A| - [1316] - C:\ProgramData\Microsoft\Windows\Start Menu\Google Ad Blocker.lnk
[01/12/2017 12:15:57] - |A| - [1428] - C:\ProgramData\Microsoft\Windows\Start Menu\Google Password Decryptor.lnk
[01/12/2017 12:31:30] - |A| - [1400] - C:\ProgramData\Microsoft\Windows\Start Menu\Google Password Remover.lnk
[28/08/2016 11:31:27] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[29/09/2017 14:46:33] - |RD| - [450626] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[29/09/2017 14:46:33] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[29/09/2017 14:46:33] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[02/09/2016 15:16:51] - |D| - [8812] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[02/09/2016 15:23:26] - |D| - [2236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[01/12/2017 14:14:34] - |D| - [20794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[01/12/2017 14:14:33] - |A| - [1300] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image WD Edition.lnk
[29/09/2017 14:46:33] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/09/2016 15:16:22] - |A| - [2177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[01/12/2017 11:31:33] - |D| - [4377] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[08/12/2017 10:31:21] - |D| - [6701] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[08/09/2016 15:15:16] - |D| - [2505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI OneKey Recovery 1.6
[28/08/2016 13:26:12] - |D| - [5615] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[31/08/2016 12:39:14] - |A| - [733] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise Ã  niveau de Windows 10.lnk
[31/08/2016 11:58:21] - |D| - [1608] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Bureau
[07/12/2017 09:38:01] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Centre 360Â Security
[01/12/2017 10:49:44] - |D| - [954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloseAll
[07/09/2016 12:41:09] - |D| - [6182] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[02/09/2016 14:46:10] - |D| - [2132] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Condusiv Technologies
[06/09/2016 22:40:52] - |RD| - [1529] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5
[06/09/2016 22:33:06] - |RD| - [9681] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 10
[07/09/2016 19:52:41] - |A| - [2502] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PresenterLink+.lnk
[06/09/2016 22:42:28] - |RD| - [2410] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[07/09/2016 13:10:00] - |A| - [2248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 7.lnk
[29/09/2017 14:46:38] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[04/09/2016 14:24:15] - |D| - [2830] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS EverySync 3.0
[09/09/2016 16:03:33] - |D| - [2680] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 9.2
[01/09/2016 13:39:43] - |D| - [2871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo PCTrans
[02/12/2017 10:57:10] - |D| - [2844] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyAppSoft
[29/08/2016 05:54:44] - |D| - [3210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[29/08/2016 05:10:21] - |D| - [7072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[06/09/2016 15:04:43] - |A| - [1277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[02/09/2016 15:24:13] - |A| - [1193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[02/09/2016 15:22:57] - |A| - [1183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip - Compresseur de fichiers.lnk
[01/12/2017 10:43:40] - |D| - [2232] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Sitemap Maker
[02/09/2016 15:24:16] - |D| - [3546] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileMarker.NET
[10/12/2017 08:11:25] - |D| - [1515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
[01/12/2017 12:14:30] - |D| - [1456] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Download Unblocker
[02/09/2016 15:39:50] - |D| - [20679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Marker
[01/12/2017 12:12:59] - |D| - [1328] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Ad Blocker
[01/12/2017 12:15:49] - |D| - [1440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Password Decryptor
[01/12/2017 12:31:29] - |D| - [1412] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Password Remover
[02/12/2017 11:43:21] - |D| - [3425] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk Password Recovery
[02/09/2016 15:26:28] - |D| - [2825] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
[02/09/2016 15:23:44] - |D| - [1963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
[29/09/2017 14:43:11] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[04/12/2017 10:24:22] - |D| - [1426] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMusic
[02/09/2016 15:22:47] - |D| - [1381] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[30/11/2017 19:00:39] - |D| - [12054] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelligent Converters
[10/12/2017 08:47:14] - |D| - [6732] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[07/09/2016 12:09:12] - |D| - [3199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
[07/09/2016 12:26:22] - |D| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
[09/12/2017 10:58:20] - |D| - [2860] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jtrent238's System Support
[09/12/2017 16:37:07] - |D| - [2495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[07/09/2016 12:36:53] - |D| - [1743] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[29/09/2017 14:46:33] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/09/2016 15:24:01] - |D| - [2356] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[07/09/2016 00:47:21] - |D| - [1495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[07/09/2016 00:42:51] - |D| - [4055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
[09/12/2017 14:27:37] - |A| - [1292] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[05/12/2017 08:34:10] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee Reveal Encore
[06/09/2016 15:04:45] - |A| - [2167] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
[04/09/2016 08:10:24] - |D| - [11397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[04/09/2016 08:17:02] - |D| - [5775] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
[30/11/2017 17:23:58] - |D| - [2263] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
[02/12/2017 10:57:08] - |A| - [1428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONEKEY PDF Convert to Word.lnk
[04/12/2017 09:38:30] - |D| - [2736] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe Driver Manager
[10/12/2017 10:34:40] - |D| - [2945] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSafe PC Cleaner
[09/09/2016 11:56:12] - |D| - [3372] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Migrate OS to SSDÂ 4.0
[30/11/2017 17:26:59] - |D| - [4321] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Protect & Restore
[09/12/2017 11:21:39] - |D| - [855] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[04/12/2017 09:45:51] - |D| - [5716] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[02/09/2016 15:50:41] - |A| - [1173] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion - Convertisseur de fichiers image.lnk
[02/09/2016 15:23:38] - |A| - [1125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism - Convertisseur de fichiers vidÃ©o.lnk
[02/09/2016 15:22:50] - |D| - [5949] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio
[02/09/2016 15:50:41] - |D| - [3651] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de graphisme
[02/09/2016 15:23:38] - |D| - [7092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes de vidÃ©o
[07/09/2016 12:13:30] - |D| - [3243] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Folder
[28/08/2016 13:42:19] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit 5
[28/08/2016 18:42:22] - |D| - [1153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebit Pro
[02/12/2017 11:37:34] - |D| - [3874] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
[04/12/2017 09:47:17] - |D| - [3241] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[07/09/2016 19:38:36] - |D| - [925] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[02/09/2016 15:23:54] - |D| - [3992] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFR
[30/11/2017 19:01:58] - |D| - [3223] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[29/09/2017 14:46:33] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[02/09/2016 15:22:51] - |D| - [21954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software
[02/09/2016 15:22:55] - |A| - [1139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch - Convertisseur de fichiers audio.lnk
[29/09/2017 14:46:33] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[02/12/2017 11:45:37] - |D| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools Google Drive Migrator
[02/12/2017 14:07:42] - |D| - [2503] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools Logon Disclaimer
[30/10/2015 20:03:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[07/09/2016 05:05:04] - |A| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
[06/09/2016 19:51:04] - |D| - [4095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[01/12/2017 09:17:40] - |D| - [2528] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit Spotify Converter
[09/09/2016 15:12:19] - |D| - [1312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo View & Convert
[07/12/2017 11:02:53] - |D| - [4384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
[01/12/2017 09:19:49] - |D| - [7966] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Safely Remove
[02/09/2016 15:23:00] - |D| - [12444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilitaires
[09/12/2017 11:24:26] - |D| - [1888] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
[01/12/2017 12:20:58] - |A| - [1865] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[06/09/2016 23:37:37] - |D| - [24564] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[02/09/2016 15:49:20] - |D| - [12183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[01/12/2017 08:12:47] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[09/12/2017 14:05:21] - |D| - [2482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
[10/12/2017 08:12:49] - |D| - [1486] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSweeper
[07/09/2016 12:20:28] - |D| - [1311] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Folder Hider
[07/09/2016 14:13:05] - |D| - [1276] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch
[07/09/2016 12:59:47] - |D| - [1338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Video Downloader
[28/08/2016 18:42:17] - |D| - [19859] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[29/11/2017 17:10:49] - |D| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[29/09/2017 14:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[07/12/2017 09:36:39] - |D| - [115540982] - C:\Program Files (x86)\360
[09/12/2017 12:59:34] - |D| - [0] - C:\Program Files (x86)\Acer
[01/12/2017 14:14:04] - |D| - [280025586] - C:\Program Files (x86)\Acronis
[07/12/2017 11:12:14] - |D| - [21894608] - C:\Program Files (x86)\Adguard
[02/09/2016 15:10:45] - |D| - [385989675] - C:\Program Files (x86)\Adobe
[30/11/2017 18:17:54] - |D| - [191659086] - C:\Program Files (x86)\Aimersoft
[08/12/2017 10:30:35] - |D| - [578782] - C:\Program Files (x86)\Anvisoft
[07/09/2016 13:45:40] - |D| - [105805313] - C:\Program Files (x86)\AoaoPhoto Digital Studio
[08/09/2016 15:14:30] - |AD| - [465109960] - C:\Program Files (x86)\AOMEI OneKey Recovery 1.6
[28/08/2016 13:24:58] - |D| - [517920916] - C:\Program Files (x86)\Ashampoo
[31/08/2016 15:00:35] - |AD| - [106367910] - C:\Program Files (x86)\ATI Technologies
[08/12/2017 10:07:29] - |D| - [2534746] - C:\Program Files (x86)\BOINC
[07/12/2017 10:22:48] - |D| - [155871] - C:\Program Files (x86)\CDBurnerXP
[05/12/2017 08:37:05] - |D| - [40457] - C:\Program Files (x86)\CheckPoint
[29/09/2017 14:46:33] - |D| - [727583065] - C:\Program Files (x86)\Common Files
[07/12/2017 10:01:03] - |D| - [50334257] - C:\Program Files (x86)\Comodo
[06/09/2016 22:20:47] - |D| - [1860121294] - C:\Program Files (x86)\CyberLink
[29/09/2017 14:46:37] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[02/09/2016 15:24:18] - |D| - [795472] - C:\Program Files (x86)\DIFX
[02/09/2016 14:43:52] - |D| - [25259856] - C:\Program Files (x86)\Diskeeper Setup Files
[01/09/2016 13:39:29] - |D| - [585797064] - C:\Program Files (x86)\EaseUS
[09/12/2017 13:00:00] - |D| - [0] - C:\Program Files (x86)\EasyAppSoft
[02/09/2016 15:40:32] - |AD| - [2243204] - C:\Program Files (x86)\EgisTec MyWinLockerSuite
[29/08/2016 05:52:57] - |D| - [17440662] - C:\Program Files (x86)\EPSON
[29/08/2016 05:10:20] - |AD| - [233253321] - C:\Program Files (x86)\EPSON Software
[07/12/2017 10:24:03] - |D| - [1409121] - C:\Program Files (x86)\Executor
[01/12/2017 10:43:36] - |D| - [3381004] - C:\Program Files (x86)\Fast Sitemap Maker
[07/12/2017 10:12:56] - |D| - [4439] - C:\Program Files (x86)\FDRLab
[09/09/2016 15:12:41] - |AD| - [1769770] - C:\Program Files (x86)\File Identifier
[02/09/2016 15:24:14] - |AD| - [5182811] - C:\Program Files (x86)\FileMarker.NET
[02/09/2016 15:39:47] - |AD| - [20578953] - C:\Program Files (x86)\Folder Marker
[09/12/2017 13:00:14] - |D| - [0] - C:\Program Files (x86)\Google
[02/09/2016 15:23:44] - |AD| - [4764304] - C:\Program Files (x86)\HitmanPro.Alert
[07/12/2017 10:27:05] - |D| - [332107] - C:\Program Files (x86)\ImgBurn
[09/09/2016 15:10:53] - |D| - [145860418] - C:\Program Files (x86)\IMSIDesign
[29/08/2016 05:52:57] - |HD| - [187437306] - C:\Program Files (x86)\InstallShield Installation Information
[02/09/2016 15:22:41] - |D| - [18852676] - C:\Program Files (x86)\Intel
[30/11/2017 19:00:37] - |AD| - [13053365] - C:\Program Files (x86)\Intelligent Converters
[10/12/2017 08:47:12] - |D| - [15446630] - C:\Program Files (x86)\Internet Download Manager
[29/09/2017 14:46:33] - |D| - [2015847] - C:\Program Files (x86)\Internet Explorer
[09/12/2017 13:01:11] - |D| - [0] - C:\Program Files (x86)\IObit
[07/09/2016 12:24:16] - |D| - [175461814] - C:\Program Files (x86)\iSkysoft
[09/12/2017 10:57:16] - |D| - [102769700] - C:\Program Files (x86)\jtrent238
[07/09/2016 13:41:09] - |D| - [380488] - C:\Program Files (x86)\KeyCryptSDK
[28/08/2016 15:55:16] - |D| - [235138] - C:\Program Files (x86)\KillCopy
[28/08/2016 15:53:58] - |D| - [1248286] - C:\Program Files (x86)\KillSoft
[07/12/2017 10:24:29] - |D| - [6727] - C:\Program Files (x86)\Lanmisoft
[02/09/2016 15:50:22] - |AD| - [7409720] - C:\Program Files (x86)\Launch Manager
[09/12/2017 16:35:43] - |D| - [0] - C:\Program Files (x86)\Lavasoft
[07/09/2016 12:36:50] - |D| - [38884251] - C:\Program Files (x86)\Logitech
[31/08/2016 11:57:52] - |D| - [28382294] - C:\Program Files (x86)\Microsoft
[07/12/2017 10:16:32] - |D| - [766235] - C:\Program Files (x86)\Microsoft Office
[02/12/2017 12:44:56] - |D| - [1836176] - C:\Program Files (x86)\Microsoft SDKs
[02/09/2016 15:23:56] - |D| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[07/09/2016 00:39:58] - |AD| - [1537291984] - C:\Program Files (x86)\Microsoft SQL Server
[02/09/2016 15:50:26] - |AD| - [2062016] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[07/09/2016 00:50:21] - |D| - [4850] - C:\Program Files (x86)\Microsoft Visual Studio 10.0
[29/09/2017 14:46:33] - |D| - [707647] - C:\Program Files (x86)\Microsoft.NET
[07/12/2017 10:12:08] - |D| - [267932] - C:\Program Files (x86)\Mozilla Maintenance Service
[07/12/2017 10:11:38] - |D| - [96026216] - C:\Program Files (x86)\Mozilla Thunderbird
[08/12/2017 17:45:39] - |D| - [45099] - C:\Program Files (x86)\MP3jam
[02/12/2017 13:51:09] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[07/12/2017 10:16:23] - |D| - [110883841] - C:\Program Files (x86)\MSECache
[05/12/2017 08:33:23] - |D| - [20745823] - C:\Program Files (x86)\muvee Technologies
[02/09/2016 15:22:48] - |D| - [13567559] - C:\Program Files (x86)\NCH Software
[04/09/2016 08:10:03] - |AD| - [379702461] - C:\Program Files (x86)\Nero
[07/12/2017 10:30:11] - |D| - [2678459] - C:\Program Files (x86)\NetSetMan
[07/12/2017 10:30:41] - |D| - [265110] - C:\Program Files (x86)\Network Stumbler
[06/09/2016 22:32:49] - |D| - [33230678] - C:\Program Files (x86)\NSIS Uninstall Information
[04/12/2017 09:38:28] - |D| - [12735790] - C:\Program Files (x86)\OneSafe Driver Manager
[04/12/2017 09:51:58] - |D| - [0] - C:\Program Files (x86)\ParetoLogic
[07/12/2017 09:58:53] - |D| - [721659] - C:\Program Files (x86)\Phoenix360
[04/12/2017 17:12:20] - |D| - [0] - C:\Program Files (x86)\ProtectStar
[06/09/2016 15:52:08] - |D| - [129796896] - C:\Program Files (x86)\Realtek
[02/09/2016 15:10:39] - |D| - [19639474] - C:\Program Files (x86)\Reason
[02/12/2017 13:51:17] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[02/12/2017 11:35:31] - |D| - [39211634] - C:\Program Files (x86)\Reg Organizer
[01/12/2017 12:12:59] - |D| - [13186888] - C:\Program Files (x86)\SecurityXploded
[02/09/2016 15:23:45] - |D| - [45308432] - C:\Program Files (x86)\SFR
[07/12/2017 10:13:41] - |D| - [20391] - C:\Program Files (x86)\SPlayer
[07/12/2017 11:05:40] - |D| - [132553] - C:\Program Files (x86)\SysTools AD Browser
[07/12/2017 11:05:50] - |D| - [961744] - C:\Program Files (x86)\SysTools E01 Viewer
[07/12/2017 11:08:07] - |D| - [703691] - C:\Program Files (x86)\SysTools EPUB to PDF Converter
[02/12/2017 14:07:09] - |D| - [4787448] - C:\Program Files (x86)\SysTools Logon Disclaimer
[07/09/2016 05:04:30] - |AD| - [46523414] - C:\Program Files (x86)\TeamViewer
[06/09/2016 22:26:51] - |HD| - [0] - C:\Program Files (x86)\Temp
[02/12/2017 11:43:08] - |D| - [1969093] - C:\Program Files (x86)\Top Password
[01/12/2017 09:17:36] - |D| - [5544209] - C:\Program Files (x86)\TunesKit Spotify Converter
[09/12/2017 13:02:51] - |D| - [0] - C:\Program Files (x86)\TweakBit
[01/12/2017 08:21:17] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[01/12/2017 09:19:32] - |D| - [16705907] - C:\Program Files (x86)\USB Safely Remove
[03/12/2017 10:57:18] - |D| - [9960546] - C:\Program Files (x86)\UsbFix
[07/12/2017 10:15:05] - |D| - [40705624] - C:\Program Files (x86)\VideoLAN
[29/09/2017 14:46:33] - |D| - [1794312] - C:\Program Files (x86)\Windows Defender
[06/09/2016 23:36:43] - |D| - [4060300062] - C:\Program Files (x86)\Windows Kits
[02/09/2016 15:48:56] - |AD| - [147753420] - C:\Program Files (x86)\Windows Live
[02/09/2016 15:10:38] - |AD| - [245112] - C:\Program Files (x86)\Windows Live SkyDrive
[29/09/2017 14:46:33] - |D| - [627712] - C:\Program Files (x86)\Windows Mail
[30/09/2017 15:40:33] - |D| - [3294663] - C:\Program Files (x86)\Windows Media Player
[29/09/2017 14:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[29/09/2017 14:46:33] - |D| - [7568578] - C:\Program Files (x86)\windows nt
[29/09/2017 14:46:33] - |D| - [5358896] - C:\Program Files (x86)\Windows Photo Viewer
[29/09/2017 14:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[29/09/2017 14:46:33] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[29/09/2017 14:46:33] - |D| - [2251143] - C:\Program Files (x86)\WindowsPowerShell
[09/12/2017 14:04:15] - |D| - [39917254] - C:\Program Files (x86)\Windscribe
[07/09/2016 12:20:25] - |D| - [18083455] - C:\Program Files (x86)\Wise
[28/08/2016 18:46:08] - |D| - [93667439] - C:\Program Files (x86)\Wondershare
[07/12/2017 09:55:19] - |D| - [4364879] - C:\Program Files (x86)\XnView
[07/09/2016 13:41:06] - |AD| - [18691946] - C:\Program Files (x86)\Zemana AntiLogger
[07/09/2016 13:38:36] - |D| - [16153086] - C:\Program Files (x86)\Zemana AntiMalware

---------- | C:\Program Files

[31/08/2016 14:59:22] - |D| - [96636696] - C:\Program Files\AMD
[05/12/2017 09:06:03] - |D| - [3227845] - C:\Program Files\Athentech
[01/12/2017 11:31:10] - |D| - [5595872] - C:\Program Files\ATI Technologies
[09/12/2017 12:58:41] - |D| - [0] - C:\Program Files\AVAST Software
[04/12/2017 09:52:01] - |D| - [1062077260] - C:\Program Files\BDServices
[07/12/2017 10:21:56] - |D| - [0] - C:\Program Files\CCleaner
[01/12/2017 10:49:41] - |D| - [3284890] - C:\Program Files\CloseAll
[29/09/2017 14:46:33] - |D| - [71685187] - C:\Program Files\Common Files
[09/12/2017 12:58:51] - |D| - [0] - C:\Program Files\COMODO
[02/09/2016 14:45:40] - |D| - [409130025] - C:\Program Files\Condusiv Technologies
[02/09/2016 15:08:55] - |HD| - [0] - C:\Program Files\DAEMON Tools Pro
[29/09/2017 14:46:37] - |ASH| - [174] - C:\Program Files\desktop.ini
[28/08/2016 11:31:27] - |SHD| - [0] - C:\Program Files\Fichiers communs
[07/12/2017 10:05:11] - |D| - [10414237] - C:\Program Files\FileZilla FTP Client
[31/08/2016 12:09:59] - |D| - [10888846] - C:\Program Files\IM-Magic
[29/09/2017 14:46:33] - |D| - [2639442] - C:\Program Files\internet explorer
[28/08/2016 15:54:37] - |D| - [494533] - C:\Program Files\KillSoft
[07/12/2017 10:28:17] - |D| - [3445428] - C:\Program Files\LinkShellExtension
[08/12/2017 18:09:30] - |D| - [7729549] - C:\Program Files\Malwarebytes
[03/09/2016 07:59:52] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight
[07/09/2016 00:46:14] - |AD| - [19941499] - C:\Program Files\Microsoft SQL Server
[07/12/2017 12:23:38] - |D| - [232139] - C:\Program Files\Microsoft SQL Server Compact Edition
[02/12/2017 13:49:40] - |D| - [25757] - C:\Program Files\MSBuild
[30/11/2017 17:23:41] - |D| - [6025924] - C:\Program Files\NoVirusThanks
[09/09/2016 11:55:25] - |D| - [323409860] - C:\Program Files\Paragon Software
[08/09/2016 14:05:54] - |D| - [41374280] - C:\Program Files\Realtek
[28/08/2016 18:42:20] - |D| - [67605555] - C:\Program Files\Rebit
[02/09/2016 15:06:06] - |HD| - [0] - C:\Program Files\Rebit 5
[02/12/2017 13:49:46] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[07/09/2016 19:38:21] - |AD| - [78775245] - C:\Program Files\RogueKiller
[07/12/2017 11:47:40] - |D| - [459856574] - C:\Program Files\SoftMaker Office 2018
[08/12/2017 18:15:45] - |D| - [561536] - C:\Program Files\SUPERAntiSpyware
[07/09/2016 12:24:10] - |D| - [22421724] - C:\Program Files\Supercopier
[02/12/2017 11:45:10] - |D| - [17190437] - C:\Program Files\SysTools Google Drive Migrator
[06/09/2016 19:50:59] - |AD| - [7279034] - C:\Program Files\TeraCopy
[07/09/2016 12:23:18] - |D| - [22473689] - C:\Program Files\Ultracopier
[28/08/2016 11:33:35] - |HD| - [0] - C:\Program Files\Uninstall Information
[07/12/2017 10:31:39] - |D| - [5164549] - C:\Program Files\Unknown Device Identifier
[28/08/2016 15:53:39] - |D| - [266699] - C:\Program Files\Unlocker
[08/12/2017 17:47:38] - |D| - [319844] - C:\Program Files\UVK - Ultra Virus Killer
[09/12/2017 11:24:15] - |D| - [5554357] - C:\Program Files\VoodooShield
[01/12/2017 12:15:08] - |D| - [121295764] - C:\Program Files\Vuze
[29/09/2017 14:46:33] - |D| - [17900385] - C:\Program Files\Windows Defender
[29/09/2017 14:46:33] - |D| - [638976] - C:\Program Files\Windows Mail
[30/09/2017 15:40:33] - |D| - [4824555] - C:\Program Files\Windows Media Player
[29/09/2017 14:46:33] - |D| - [49680] - C:\Program Files\Windows Multimedia Platform
[29/09/2017 14:46:33] - |D| - [7835842] - C:\Program Files\windows nt
[29/09/2017 14:46:33] - |D| - [6137656] - C:\Program Files\Windows Photo Viewer
[29/09/2017 14:46:33] - |D| - [49688] - C:\Program Files\Windows Portable Devices
[29/09/2017 14:46:33] - |D| - [96880] - C:\Program Files\Windows Security
[29/09/2017 14:46:33] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[29/09/2017 14:46:33] - |HD| - [3766625159] - C:\Program Files\WindowsApps
[29/09/2017 14:46:33] - |D| - [2501937] - C:\Program Files\WindowsPowerShell
[07/12/2017 10:32:06] - |D| - [2369171] - C:\Program Files\WinRAR
[28/08/2016 18:38:39] - |D| - [311615828] - C:\Program Files\Wondershare

---------- | C:\Program Files (x86)\Common Files

[01/12/2017 14:14:03] - |D| - [335744293] - C:\Program Files (x86)\Common Files\Acronis
[02/09/2016 15:11:46] - |AD| - [14779391] - C:\Program Files (x86)\Common Files\Adobe
[02/09/2016 15:40:06] - |AD| - [28429088] - C:\Program Files (x86)\Common Files\Adobe AIR
[04/12/2017 10:24:36] - |D| - [6738863] - C:\Program Files (x86)\Common Files\Aimersoft
[10/12/2017 08:07:30] - |D| - [2221568] - C:\Program Files (x86)\Common Files\Anvisoft
[06/09/2016 22:32:21] - |D| - [124856] - C:\Program Files (x86)\Common Files\CyberLink
[08/12/2017 09:42:52] - |D| - [1398] - C:\Program Files (x86)\Common Files\IObit
[07/09/2016 12:26:42] - |D| - [5916562] - C:\Program Files (x86)\Common Files\iSkysoft
[07/09/2016 12:36:49] - |AD| - [90787536] - C:\Program Files (x86)\Common Files\LogiShrd
[29/09/2017 14:46:33] - |D| - [20863688] - C:\Program Files (x86)\Common Files\microsoft shared
[05/12/2017 08:32:12] - |D| - [130369986] - C:\Program Files (x86)\Common Files\muvee Technologies
[04/09/2016 08:16:48] - |D| - [72734096] - C:\Program Files (x86)\Common Files\Nero
[04/12/2017 09:52:21] - |D| - [2446312] - C:\Program Files (x86)\Common Files\ParetoLogic
[07/12/2017 09:58:15] - |D| - [160411] - C:\Program Files (x86)\Common Files\Phoenix360
[29/09/2017 14:46:33] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[29/09/2017 14:46:33] - |D| - [9529739] - C:\Program Files (x86)\Common Files\system
[28/08/2016 18:42:34] - |D| - [6732576] - C:\Program Files (x86)\Common Files\Wondershare

---------- | C:\Program Files\Common files

[02/09/2016 14:45:45] - |D| - [165200] - C:\Program Files\Common files\Diskeeper Corporation
[28/08/2016 21:38:00] - |D| - [152640] - C:\Program Files\Common files\EPSON
[07/12/2017 10:00:00] - |D| - [0] - C:\Program Files\Common files\iolo
[07/09/2016 12:37:25] - |D| - [23196117] - C:\Program Files\Common files\logishrd
[29/09/2017 14:46:33] - |D| - [37962437] - C:\Program Files\Common files\microsoft shared
[29/09/2017 14:46:33] - |D| - [2702] - C:\Program Files\Common files\Services
[29/09/2017 14:46:33] - |D| - [10206091] - C:\Program Files\Common files\system

---------- | Tasks

[MD5.CCBEECBE6C9F38FCE5AC27A677BA1BB1] - [10/12/2017 08:09:48] - |A| - [336] - C:\WINDOWS\Tasks\Anvi AD Blocker Ultimate.job
[MD5.6BF218FE04193117F948CFAF8103B757] - [10/12/2017 07:48:37] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.A21A8DDE0B189433060181ECC6D6DEED] - [02/12/2017 06:11:29] - |A| - [765] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {0122C21E-3E2C-462D-85AB-284BF6878C30}.job
[MD5.78EA121EF67478252F463D7DA3FB94EE] - [28/08/2016 21:38:04] - |A| - [765] - C:\WINDOWS\Tasks\EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7}.job
[MD5.9502E6AB21E35E72DD9A6EB7CBAAAB54] - [02/12/2017 06:11:27] - |A| - [951] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {0122C21E-3E2C-462D-85AB-284BF6878C30}.job
[MD5.8E932DC7C56370B4A9EB53329F5109E0] - [28/08/2016 21:38:03] - |A| - [951] - C:\WINDOWS\Tasks\EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7}.job
[MD5.00000000000000000000000000000000] - [02/12/2017 11:10:33] - |D| - [0] - C:\WINDOWS\Tasks\ImCleanDisabled
[MD5.166F7F6BECD38064050568EB934619BB] - [04/09/2016 08:10:29] - |A| - [362] - C:\WINDOWS\Tasks\Nero TuneItUp PRO.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [01/12/2017 08:33:24] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.841235D99537D3734933A249448A32AD] - [02/12/2017 11:13:42] - |A| - [2908] - C:\WINDOWS\System32\Tasks\ASC11_SkipUac_jean-         :   "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"
[MD5.00000000000000000000000000000000] - [01/12/2017 08:33:21] - |D| - [10288] - C:\WINDOWS\System32\Tasks\Auslogics
[MD5.45C91D31514BE335F0829B1B6665EE1F] - [09/12/2017 13:02:57] - |A| - [3656] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask         :   C:\WINDOWS\Explorer.exe
[MD5.5AA67299DFC49F86D510E54B72177727] - [02/12/2017 11:25:56] - |A| - [3038] - C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (jean-)         :   C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe
[MD5.48DA89B9577A4644C8C18A7F88A160CC] - [02/12/2017 06:11:29] - |A| - [3970] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {0122C21E-3E2C-462D-85AB-284BF6878C30}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.417CCE938F79F867B5E3B630FC5EFA28] - [01/12/2017 08:33:21] - |A| - [3384] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Invitation {E3C7832B-981C-4D8A-9765-0314DE4144D7}         :   C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.2BE87CAD853B452C954D543489E8CFCA] - [02/12/2017 06:11:28] - |A| - [4148] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {0122C21E-3E2C-462D-85AB-284BF6878C30}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.2924711E0085BD843C9491786E4C2DBF] - [01/12/2017 08:33:21] - |A| - [3562] - C:\WINDOWS\System32\Tasks\EPSON XP-710 Series Update {E3C7832B-981C-4D8A-9765-0314DE4144D7}         :   C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE
[MD5.00000000000000000000000000000000] - [29/09/2017 14:46:34] - |D| - [541868] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [01/12/2017 08:33:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software
[MD5.00000000000000000000000000000000] - [01/12/2017 08:33:24] - |D| - [2386] - C:\WINDOWS\System32\Tasks\Nero
[MD5.774CDD1AEBDF3B2A58999D3DDD4ED2E7] - [01/12/2017 08:33:24] - |A| - [2596] - C:\WINDOWS\System32\Tasks\Nero TuneItUp PRO         :   C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe
[MD5.CAD81451CC7D35442D8A1DDBFF06B882] - [09/12/2017 08:19:42] - |A| - [3374] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4265624635-2019933758-61733912-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.AFDCA8AB2B67B0964340F911B67ABB88] - [04/12/2017 09:39:30] - |A| - [2570] - C:\WINDOWS\System32\Tasks\OneSafe Driver Manager Schedule         :   "C:\Program Files (x86)\OneSafe Driver Manager\SDMTray.exe"
[MD5.0ED277E28ED31A728F8D63A608FA2A3F] - [04/12/2017 09:39:51] - |A| - [2582] - C:\WINDOWS\System32\Tasks\OneSafe PC Cleaner automatic scan and notifications         :   "G:\OneSafe PC Cleaner\OSPCNotifications.exe"
[MD5.C16F2D2AB8AE0AFCC873D0320DD1BBAE] - [01/12/2017 11:49:52] - |A| - [4236] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1512117602         :   C:\Users\jean-\AppData\Local\Programs\Opera\launcher.exe
[MD5.BBD86D0ED2C6D069E9055C02E0CED1A6] - [04/12/2017 09:53:20] - |A| - [3308] - C:\WINDOWS\System32\Tasks\ParetoLogic Registration3         :   C:\WINDOWS\system32\rundll32.exe
[MD5.EFA5E8A65318EF263F894472B9C29A94] - [09/12/2017 11:21:55] - |A| - [3022] - C:\WINDOWS\System32\Tasks\PC Optimizer Pro Idle         :   J:\PHOTO FAMILY\PC Optimizer Pro\StartApps.exe
[MD5.B0410235F5E8EC5C0F79D0EE0D1515AD] - [09/12/2017 11:21:54] - |A| - [3614] - C:\WINDOWS\System32\Tasks\PC Optimizer Pro Updates         :   J:\PHOTO FAMILY\PC Optimizer Pro\StartApps.exe
[MD5.4D511667D8365FCD3F28E1D9CBDA1F28] - [09/12/2017 11:22:14] - |A| - [3542] - C:\WINDOWS\System32\Tasks\PC Optimizer Pro64 Scan         :   J:\PHOTO FAMILY\PC Optimizer Pro\StartApps.exe
[MD5.0DECEAF2FF3B6C72EABDAB9B699F3BE9] - [09/12/2017 11:21:54] - |A| - [2608] - C:\WINDOWS\System32\Tasks\PC Optimizer Pro64 startups         :   J:\PHOTO FAMILY\PC Optimizer Pro\StartApps.exe
[MD5.D90EA6ECCB70D28FC11304F169B6F11E] - [04/12/2017 10:33:56] - |A| - [2562] - C:\WINDOWS\System32\Tasks\PC Speed Maximizer Schedule         :   "C:\Program Files (x86)\PC Speed Maximizer\SPMSchedule.exe"
[MD5.D4CCD761EC6EEE492BA79698FA03A3FF] - [04/12/2017 09:52:49] - |A| - [2372] - C:\WINDOWS\System32\Tasks\RegCure Pro Startup         :   C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
[MD5.EF131FD4ADEA08006EEF40147BA3442C] - [04/12/2017 09:52:45] - |A| - [3490] - C:\WINDOWS\System32\Tasks\RegCure Pro Update         :   C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
[MD5.EDD3786187C25CB4EC457B4A1E69CEAC] - [04/12/2017 09:52:48] - |A| - [4226] - C:\WINDOWS\System32\Tasks\RegCure Pro_sch_7FEFC318-D8D0-11E7-B8FD-4C72B9F956A2         :   C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
[MD5.1E551B16C1DF4E91DDABF9FEDBD936B1] - [01/12/2017 08:33:24] - |A| - [2684] - C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze         :   C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe
[MD5.B422A9294A3085D8D8C9DF07B00EB23C] - [01/12/2017 08:33:24] - |A| - [2506] - C:\WINDOWS\System32\Tasks\SmartDefrag_Startup         :   C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
[MD5.2FEAE5B3D1831CFD18728C3F9CF2248C] - [01/12/2017 08:33:24] - |A| - [2502] - C:\WINDOWS\System32\Tasks\SmartDefrag_Update         :   C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe
[MD5.E785975A0BA6B3DAFABA7AF2E6F39F9E] - [01/12/2017 08:33:24] - |A| - [4174] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3EF053DA-9088-495B-9E19-1A7664ABB844}         :   C:\WINDOWS\system32\msfeedssync.exe
[MD5.91C88668F5DCD1FD652349B66847E2F7] - [09/12/2017 14:12:16] - |A| - [3360] - C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task         :   "C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe"
[MD5.01D8CDB74E89531435C8EBB59A1212FA] - [09/12/2017 14:12:36] - |A| - [3868] - C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task         :   "C:\Program Files\WebDiscoverBrowser\3.210.2\browser.exe"
[MD5.00000000000000000000000000000000] - [01/12/2017 08:33:24] - |D| - [5690] - C:\WINDOWS\System32\Tasks\WiseCleaner
[MD5.00000000000000000000000000000000] - [01/12/2017 08:33:24] - |D| - [7314] - C:\WINDOWS\System32\Tasks\Wondershare
[MD5.00000000000000000000000000000000] - [29/09/2017 14:46:34] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"{857C353A-8B9F-4D4E-93A9-E60FC9BA12C2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART|
"{262D756E-DC41-4504-8A39-30B95D3C202D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=EaseUS_SMART|
"{1DDEDB1F-A768-44E9-90CF-E17ED48EC5E3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
"{6F97E035-0D96-4743-9D20-C5E085EE9C86}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe|Name=Local TodoBackupService.exe|
"{051BA16B-58F4-4466-AC6E-8CCBC1F3DCE4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
"{C954F574-0B87-45A7-828C-C0C052C256E6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe|Name=Local TBConsoleUI.exe|
"{115B3264-467E-4269-9043-064D5784071E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
"{28228C45-D996-4360-835D-1A6216F32A1B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe|Name=TbService.exe|
"{D023B781-F0FE-4EF5-898E-F876528B5716}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (UDP-Out) (jean-)|Desc=Allow ÂµTorrent network traffic|
"{A370B248-FE4B-4C59-B31B-5413B899CF33}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (jean-)|
"{73489248-75EA-462F-9312-20A970DFDAA9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (jean-)|
"{FD22C6D2-16C3-4847-894C-EBB21CCA78F2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (UDP-In) (jean-)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{B6AFD698-E00B-4AF1-BAAD-A86DBE5FE2D2}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (TCP-Out) (jean-)|Desc=Allow ÂµTorrent network traffic|
"{9C0FAF44-8EC9-4A91-92F8-B8382FCD252A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\jean-\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (TCP-In) (jean-)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{C64F830C-5DB7-4DC7-B8E2-A17820CC31BC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\COMODO\cCloud\cCloud.exe|Name=cCloud.exe|
"{FCE95CF8-9500-4DC9-8AAF-ABA4CD73F95D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\COMODO\cCloud\cCloud.exe|Name=cCloud.exe|
"{485D3CFC-8A59-4755-8353-177FEE083E68}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{E02C498A-38AB-465E-B8DD-0D16233C2EFC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{3FA20F99-A24E-4037-8C33-EABD856F88F3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{04ADB797-DBCE-4A6F-9B26-16850B917066}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{39C0195E-4AC1-4358-BB08-642157D31900}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Nero\Nero BackItUp\BackItUp.exe|Name=BackItUp|
"{9AD2FE1F-B82A-4614-A696-616DB327D7C0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|App=C:\Program Files (x86)\Nero\Nero BackItUp\NBService.exe|Name=BiuHTTP|
"{7F419ED3-76E2-4DA6-9192-82BEC50089C9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe|Name=nero|Desc=nero|EmbedCtxt=nero|
"{EA1C683B-F73F-4DBD-B4E7-55572316585E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe|Name=StartNBR|Desc=StartNBR|EmbedCtxt=StartNBR|
"{DD597DEF-14A8-4B5B-B002-5931E9666DAD}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe|Name=Nero Nero TuneItUp PRO|
"{4994595D-855F-4925-BC66-23557BA8EDEA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe|Name=Nero Nero TuneItUp PRO|
"{64F83EA0-3562-4530-A3C7-45CAB35AB05A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe|Name=DkService|
"{2EFFCD74-3010-4EE0-BA2F-51DD84BA4856}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Condusiv Technologies\Diskeeper\DKService.exe|Name=DkService|
"{594525F6-247A-48CA-9ECB-C815C34A1386}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{756D9485-0C08-46E9-8BE8-EF5F99819E7E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"{919D7954-6C53-4A96-A499-10E745CC4A32}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ|
"{526CA916-7D14-483F-AE69-6CCFBD22B174}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{139B8DE3-A70B-4EDE-85E0-2670BA1B184C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{7DC94541-3F9A-473D-B8C4-0C15CA7508DF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\jean-\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE|
"{FF2DCF3B-0CEE-4913-B3E2-05C06E1550D4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\jean-\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE|
"{209AF26F-4E69-4A79-A255-CA3E53F6B802}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{450CF6A4-F65D-475D-981D-E208616F4BC4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{57BF2FB4-CEAC-447C-BBA1-DA4F92C24121}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\jean-\AppData\Local\Programs\Opera\49.0.2725.47\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser|
"{AA7F8F34-5393-4776-A4CA-4B1326278F79}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Vuze\Azureus.exe|Name=Azureus / Vuze|
"{004B07ED-DA3E-427B-928C-06A2A483CDDA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Vuze\Azureus.exe|Name=Azureus / Vuze|
"{19C2F92A-09A5-45F0-B6AF-C65C79D49785}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe|Name=Acronis Sync Agent Service|Desc=Acronis Sync Agent Service|
"{EBC6C709-99E7-4F3C-A7E3-6D12D126B183}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe|Name=Acronis Managed Machine Service Mini|Desc=Acronis Managed Machine Service Mini|
"{F08C8E38-5E15-4D1C-8D5D-80482206E753}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{E4CBF4E8-6E32-4EB2-8D76-9199A0D1C1AD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-4265624635-2019933758-61733912-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{BF5649C4-B9C7-464C-AD8E-A2C17E560F17}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe|Name=Driver Booster - DriverBooster.exe|EmbedCtxt=IObit|
"{013C37C1-05C1-4CDE-8704-2129F8E0D5D7}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DriverBooster.exe|Name=Driver Booster - DriverBooster.exe|EmbedCtxt=IObit|
"{5021CC0C-33AB-4AC9-936C-4B1D6F7A5EBE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe|Name=Driver Booster - DBDownloader.exe|EmbedCtxt=IObit|
"{AC65CA5F-C9A7-4438-B424-23E6ADADCCCA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\DBDownloader.exe|Name=Driver Booster - DBDownloader.exe|EmbedCtxt=IObit|
"{9A9E07F9-3E7D-47B0-88BB-231E4448EC83}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe|Name=Driver Booster - AutoUpdate.exe|EmbedCtxt=IObit|
"{4153FE6B-89D4-4413-874A-84F2F034C35A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\5.1.0\AutoUpdate.exe|Name=Driver Booster - AutoUpdate.exe|EmbedCtxt=IObit|
"{58847DA5-A005-46CC-83F4-58A7FD1FF02C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\portmap\portmap_svc.exe|Name=portmap_svc.exe|Edge=TRUE|
"{97E93AE2-8AC6-4579-B261-D1070697C835}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\NFSServer\nfsserver.exe|Name=nfsserver.exe|Edge=TRUE|
"{6AF17740-7D17-41D6-8618-303B60D77F1F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\Prm.Installation.PrepareToUpgrade.exe|Name=Prm.Installation.PrepareToUpgrade.exe|Edge=TRUE|
"{F7E82B74-49EE-4FDF-8A69-208A427D159C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\Console\Prm.Console.Shell.exe|Name=Prm.Console.Shell.exe|Edge=TRUE|
"{D82FB158-B4BB-46ED-8C84-7AE95A0096F6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\InstallationClient\Prm.Installation.Client.exe|Name=Prm.Installation.Client.exe|Edge=TRUE|
"{21EB3722-111D-40B7-B87D-260E4FB84888}"=v2.27|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Paragon Software\Remote Management\program\Prm.Common.Service.exe|Name=Prm.Common.Service.exe|Edge=TRUE|
"{6BC1CA11-46E3-4057-BD54-86D18AD5599B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=60546|Name=Prm web service|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{19837c5c-96f5-45e0-9a2d-c6bb26e1b12b}] : (UIM) [] -> @oem18.inf,%UimClassName%;Universal Image Mounter
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{54f3637b-4777-4f96-970c-6bfa5477b542}] : (ParagonBlockDevice) [] -> @oem19.inf,%ClassName%;User-mode block device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem16.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[29/09/2017 14:41:01] - (7.13.65.105) - (QLogic Corporation - QLogic 10 GigE VBD) - C:\WINDOWS\System32\drivers\evbda.sys
[29/09/2017 14:41:02] - (10.6.0.23) - (NVIDIA Corporation - NVIDIAÂ® nForce(TM) RAID Driver) - C:\WINDOWS\System32\drivers\nvraid.sys
[29/09/2017 14:41:01] - (7.12.31.105) - (QLogic Corporation - QLogic Gigabit Ethernet VBD) - C:\WINDOWS\System32\drivers\bxvbda.sys
[29/09/2017 14:41:02] - (5.1.0.51) - (LSI - LSI 3ware SCSI Storport Driver) - C:\WINDOWS\System32\drivers\3ware.sys
[29/09/2017 14:41:02] - (3.7.1540.43) - (AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform) - C:\WINDOWS\System32\drivers\amdsbs.sys
[29/09/2017 14:41:02] - (7.5.0.32048) - (PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver) - C:\WINDOWS\System32\drivers\arcsas.sys
[29/09/2017 14:41:02] - (1.34.3.83) - (LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas.sys
[29/09/2017 14:41:02] - (2.0.79.81) - (LSI Corporation - LSI SAS Gen2 Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas2i.sys
[29/09/2017 14:41:02] - (2.51.12.81) - (Avago Technologies - Avago SAS Gen3 Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sas3i.sys
[29/09/2017 14:41:02] - (2.10.61.81) - (LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort)) - C:\WINDOWS\System32\drivers\lsi_sss.sys
[29/09/2017 14:41:02] - (6.706.6.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\megasas.sys
[29/09/2017 14:41:02] - (6.711.10.11) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\MegaSas2i.sys
[29/09/2017 14:41:02] - (15.2.2013.129) - (LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver) - C:\WINDOWS\System32\drivers\megasr.sys
[29/09/2017 14:41:02] - (1.0.5.1016) - (Marvell Semiconductor, Inc. - Marvell Flash Controller Driver) - C:\WINDOWS\System32\drivers\mvumis.sys
[29/09/2017 14:41:02] - (10.6.0.23) - (NVIDIA Corporation - NVIDIAÂ® nForce(TM) Sata Performance Driver) - C:\WINDOWS\System32\drivers\nvstor.sys
[29/09/2017 14:41:02] - (6.805.3.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\percsas2i.sys
[29/09/2017 14:41:02] - (6.603.6.0) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\percsas3i.sys
[29/09/2017 14:41:02] - (5.1.1039.2600) - (Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver) - C:\WINDOWS\System32\drivers\SiSRaid2.sys
[29/09/2017 14:41:02] - (5.1.1039.3600) - (Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver) - C:\WINDOWS\System32\drivers\sisraid4.sys
[29/09/2017 14:41:02] - (5.1.0.10) - (Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64) - C:\WINDOWS\System32\drivers\stexstor.sys
[29/09/2017 14:41:02] - (7.0.9600.6352) - (VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64) - C:\WINDOWS\System32\drivers\vsmraid.sys
[29/09/2017 14:41:02] - (8.0.9200.8110) - (VIA Corporation - VIA StorX RAID Controller Driver) - C:\WINDOWS\System32\drivers\vstxraid.sys
[29/09/2017 14:41:02] - (6.5.7.110) - (Chelsio Communications - Chelsio iSCSI VMiniport Driver) - C:\WINDOWS\System32\drivers\cht4sx64.sys
[29/09/2017 14:41:02] - (1.3.0.10769) - (PMC-Sierra - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller) - C:\WINDOWS\System32\drivers\ADP80XX.SYS
[29/09/2017 14:41:02] - (8.0.4.0) - (Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver) - C:\WINDOWS\System32\drivers\HpSAMD.sys
[02/09/2016 14:46:27] - (1.0.40.0) - (Condusiv Technologies - Device Filter Manager Driver) - C:\WINDOWS\system32\drivers\DKDFM.sys
[01/12/2017 14:15:27] - (1.1.0.2305) - (Acronis International GmbH - File tracker minifilter driver) - C:\WINDOWS\system32\DRIVERS\file_tracker.sys
[07/10/2014 12:14:42] - (7.0.0.1618) - (COMODO Security Solutions Inc. - COMODO BackUp Minifilter Driver) - C:\WINDOWS\system32\DRIVERS\CBReparse.sys
[02/09/2016 14:46:27] - (1.0.42.0) - (Condusiv Technologies - Telemetry File System Mini Filter Driver) - C:\WINDOWS\system32\drivers\DKTLFSMF.sys
[01/12/2017 14:14:54] - (1.3.0.2227) - (Acronis International GmbH - Acronis Storage Filter Management Driver) - C:\WINDOWS\system32\DRIVERS\fltsrv.sys
[01/12/2017 14:15:03] - (1.0.0.1132) - (Acronis International GmbH - Acronis Backup Archive Explorer) - C:\WINDOWS\system32\DRIVERS\tib.sys
[30/11/2017 19:02:13] - (2.0.2.0) - (IObit - SmartDefrag Driver) - C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
[09/09/2016 16:03:48] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\EUBKMON.sys
[09/09/2016 16:03:53] - (1.0.1.0) - (CHENGDU YIWO Tech Development Co., Ltd - Disk Backup Driver) - C:\WINDOWS\system32\drivers\eubakup.sys
[07/10/2014 12:14:44] - (7.0.0.1619) - (COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Driver) - C:\WINDOWS\system32\DRIVERS\cbvd.sys
[07/10/2014 12:14:42] - (1.0.0.975) - (COMODO Security Solutions Inc. - COMODO BackUp Safe FileSystem Driver) - C:\WINDOWS\system32\DRIVERS\CBUFS.sys
[07/10/2014 12:14:40] - (1.0.0.972) - (COMODO Security Solutions Inc. - COMODO Backup Disk Driver) - C:\WINDOWS\system32\DRIVERS\bdisk.sys
[06/09/2016 15:52:09] - (10.0.10586.31225) - (Realsil Semiconductor Corporation - RTS USB READER Driver) - C:\WINDOWS\system32\Drivers\RtsUer.sys
[29/09/2017 14:41:02] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[06/09/2016 22:30:35] - (2.0.0.3505) - (CyberLink - CyberLink Virtual CDROM Bus Enumerator) - C:\WINDOWS\System32\drivers\CLVirtualBus01.sys
[07/10/2014 12:14:46] - (1.0.0.973) - (COMODO Security Solutions Inc. - COMODO BackUp Vritual Disk Bus Driver) - C:\WINDOWS\System32\drivers\vdbus.sys
[29/11/2017 17:10:53] - (1.8.2.328) - (Zemana Ltd. - Zemana AntiLogger Free) - C:\WINDOWS\system32\DRIVERS\KeyCrypt64.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: FCBUFS Activity Monitor - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: System - DriverEnabled: False - GroupOrder: 74 - Status: OK
Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 75 - Status: OK
Name: NetworkService - DriverEnabled: False - GroupOrder: 76 - Status: OK
Name: Early-Launch - DriverEnabled: False - GroupOrder: 77 - Status: OK
Name: LocalService - DriverEnabled: False - GroupOrder: 78 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="TDI" - Service.Name="DusmSvc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="TDI" - Service.Name="icssvc"
LoadOrderGroup.Name="TDI" - Service.Name="irmon"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc"
LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="PlugPlay" - Service.Name="RtkAudioService"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="profsvc_group" - Service.Name="SysMain"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="Base" - Service.Name="USBSafelyRemoveService"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="TDI" - Service.Name="wlpasvc"
LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avc3"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avckf"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="BdfNdisf"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="bdfwfpf"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="bdisk"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="bttflt"
LoadOrderGroup.Name="FCBUFS Activity Monitor" - SystemDriver.Name="CBUFS"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="cbvd"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="FSFilter HSM" - SystemDriver.Name="CldFlt"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CLVirtualBus01"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="Primary Disk" - SystemDriver.Name="DKDFM"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="DKRtWrt"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="DKTLFSMF"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Continuous Backup" - SystemDriver.Name="file_tracker"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="fltsrv"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice"
LoadOrderGroup.Name="System" - SystemDriver.Name="HwNClx0101"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Video" - SystemDriver.Name="HyperVideo"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2_BXT_P"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C_BXT_P"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="irda"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="keycrypt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbhost"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbip"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="netvsc"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFS"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Reparse"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="rhproxy"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="SpatialGraphFilter"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="tib"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="tnd"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Trufos"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea"
LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys"
LoadOrderGroup.Name="FSFilter Content Screener" - SystemDriver.Name="UI5IFS"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="vdbus"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="virtual_file"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="FSFilter Content Screener" - SystemDriver.Name="VSScanner"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs"
LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wdnsfltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT"
LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice"
LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip"
LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - bdisk (Comodo Disk Raw Access Filter) -> system32\DRIVERS\bdisk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - CBUFS (CBUFS) -> system32\DRIVERS\CBUFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cbvd (Comodo Backup Virtual Disk) -> system32\DRIVERS\cbvd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - DKDFM (Device Filter Manager Driver) -> system32\drivers\DKDFM.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - DKTLFSMF (Telemetry File System Mini Filter Driver) -> system32\drivers\DKTLFSMF.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBAKUP (EUBAKUP) -> system32\drivers\eubakup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - EUBKMON (EUBKMON) -> system32\drivers\EUBKMON.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - file_tracker (file_tracker) -> system32\DRIVERS\file_tracker.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fltsrv (Acronis Storage Filter Management) -> system32\DRIVERS\fltsrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Reparse (Reparse) -> system32\DRIVERS\CBReparse.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - SmartDefragDriver (SmartDefragDriver) -> System32\Drivers\SmartDefragDriver.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - snapman (Acronis Snapshots Manager) -> system32\DRIVERS\snapman.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - tib (Acronis TIB Manager) -> system32\DRIVERS\tib.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
S0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - BdfNdisf (BitDefender Firewall NDIS 6 Filter Driver) -> \SystemRoot\system32\DRIVERS\bdfndisf6.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - EUDSKACS (EUDSKACS) -> \??\C:\WINDOWS\system32\drivers\eudskacs.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - EUFDDISK (EUFDDISK) -> \??\C:\WINDOWS\system32\drivers\EuFdDisk.sys - AcceptPause: False - AcceptStop: False
S1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - GUSBootStartup (GUSBootStartup) -> \??\C:\WINDOWS\System32\drivers\GUSBootStartup.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - UimBus (@oem17.inf,%UIMDeviceDesc%;UIM Bus Controller) -> \SystemRoot\System32\drivers\uimbus.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - Uim_DEVIM (@oem18.inf,%UIMDeviceDesc%;UIM Direct Device Image Plugin) -> \SystemRoot\System32\drivers\uimdevim.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: False
S1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - amwrtdrv (amwrtdrv) -> \??\C:\WINDOWS\System32\amwrtdrv.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: False
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - tib_mounter (Acronis TIB Mounter) -> \SystemRoot\system32\DRIVERS\tib_mounter.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - UI5IFS (Ashampoo Uninstaller FileSystemChanges Driver) -> \??\C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 7\IFS64.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - virtual_file (Acronis Virtual File Driver) -> system32\DRIVERS\virtual_file.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
S2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - asdnet (Adblocker Monitor Driver) -> \??\C:\WINDOWS\system32\DRIVERS\asdnet.sys - AcceptPause: False - AcceptStop: False
S2 - [Kernel Driver] - IDMWFP (IDMWFP) -> \SystemRoot\system32\DRIVERS\idmwfp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - avc3 (avc3) -> system32\DRIVERS\avc3.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - avckf (avckf) -> system32\DRIVERS\avckf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bbwfp (bbwfp) -> \??\I:\Cloud System Booster\wfp\x64\BBWFP.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CAD (@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver) -> \SystemRoot\System32\drivers\CAD.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - clvad () -> \SystemRoot\system32\drivers\clvad.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CLVirtualBus01 (@oem0.inf,%CLVirtualBus01.SVCDESC%;CyberLink Virtual CDROM Bus Enumerator) -> \SystemRoot\System32\drivers\CLVirtualBus01.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - clwvd7 (@oem7.inf,%clwvd.DeviceDesc% Service;CyberLink WebCam Virtual Driver 7.0 Service) -> \SystemRoot\system32\DRIVERS\clwvd7.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - clwvdVM (@oem4.inf,%clwvd.DeviceDesc% Service;Camera for VideoMeeting+/PresenterLink+ Service) -> \SystemRoot\system32\DRIVERS\clwvdVM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - DKRtWrt (DKRtWrt) -> \??\C:\WINDOWS\system32\drivers\DKRtWrt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\System32\drivers\drmkaud.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HwNClx0101 (Microsoft Hardware Notifications Class Extension Driver) -> System32\Drivers\mshwnclx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HyperVideo () -> \SystemRoot\System32\drivers\HyperVideo.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_GPIO2_BXT_P (@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSS2i_I2C_BXT_P (@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C_BXT_P.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - invdimm (@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver) -> \SystemRoot\System32\drivers\invdimm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPT () -> \SystemRoot\System32\drivers\ipt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - keycrypt (keycrypt) -> system32\DRIVERS\KeyCrypt64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - LVRS64 (@oem9.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - LVUVC64 (@oem8.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mausbhost (@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver) -> \SystemRoot\System32\drivers\mausbhost.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mausbip (@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver) -> \SystemRoot\System32\drivers\mausbip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MDA_NTDRV (MDA_NTDRV) -> \??\C:\Windows\system32\MDA_NTDRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\System32\drivers\MSKSSRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\System32\drivers\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\System32\drivers\MSPQM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\System32\drivers\MSTEE.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - netvsc () -> \SystemRoot\System32\drivers\netvsc.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - NTFS () -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - nvdimmn (@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver) -> \SystemRoot\System32\drivers\nvdimmn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - pmem (@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver) -> \SystemRoot\System32\drivers\pmem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - PNPMEM (@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver) -> \SystemRoot\System32\drivers\pnpmem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - ReFS () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - ReFSv1 () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - rhproxy (@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver) -> \SystemRoot\System32\drivers\rhproxy.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - RTSUER (@oem2.inf,%RtsUER%;Realtek USB Card Reader - UER) -> \SystemRoot\system32\Drivers\RtsUer.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - SDFRd (@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector) -> \SystemRoot\System32\drivers\SDFRd.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpatialGraphFilter (Holographic Spatial Graph Filter) -> System32\drivers\SpatialGraphFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - tnd (Acronis Try&Decide filter) -> \SystemRoot\system32\DRIVERS\tnd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Trufos (Trufos) -> system32\DRIVERS\Trufos.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;Pilote USB audio (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Pilote parent gÃ©nÃ©rique USB Microsoft) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - vdbus (@oem5.inf,%vdbus.SVCDESC%;Virtual Disk Bus Enumerator) -> \SystemRoot\System32\drivers\vdbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vnvdimm (@vnvdimm.inf,%vnvdimm.SvcDesc%;Microsoft virtual NVDIMM device driver) -> \SystemRoot\System32\drivers\vnvdimm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - VSScanner (VSScanner) -> system32\DRIVERS\vsscanner.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WDC_SAM (@oem16.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\drivers\wd\WdNisDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wdnsfltr (Windows Defender Network Stream Filter Driver) -> system32\drivers\wdnsfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinNat (@%SystemRoot%\system32\drivers\winnat.sys,-10001) -> system32\drivers\winnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WsAudioDevice_383 (@oem20.inf,%MSFT%;WsAudioDevice_383) -> \SystemRoot\system32\drivers\VirtualAudio.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;Prise en charge de la numÃ©risation WSD) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys - AcceptPause: False - AcceptStop: False
R4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: True
S4 - [Kernel Driver] - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys - AcceptPause: False - AcceptStop: False
S4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: False
S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.EF558A02D734A1403583E95CCEEC2487] - [02/12/2017 11:24:29] - (.Copyright (c)1999-2015 Martin MalÃ­k - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\WINDOWS\Syswow64\Drivers\HWiNFO64A.SYS

---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VideoWatermarkPro] : (Video Watermark Pro.-.WonderFox Soft, Inc.) -> "C:\Users\jean-\Documents\AoaoPhoto Digital Studio\Video Watermark Pro\unin00000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Pro] : (DAEMON Tools Pro.-.Disc Soft Ltd) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\FileViewPro_is1] : (FileViewPro.-.Solvusoft Corporation) -> "C:\Program Files\FileViewPro\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\NoVirusThanks File Governor_is1] : (NoVirusThanks File Governor v1.8.-.NoVirusThanks Company Srl) -> "C:\Program Files\NoVirusThanks\File Governor\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PC Optimizer Pro] : (PC Optimizer Pro.-.Xportsoft Technologies) -> J:\PHOTO FAMILY\PC Optimizer Pro\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Rebit 5] : (Rebit 5 5.0.1038.13991.-.Rebit, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Unlocker] : (Unlocker 1.9.2.-.Cedrick Collomb) -> C:\Program Files\Unlocker\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}] : (FirewallEngine.-.Lavasoft) -> MsiExec.exe /I{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26F31E12-3722-45FD-903B-49012286BB4C}] : (OnlineThreatsEngine.-.Lavasoft) -> MsiExec.exe /I{26F31E12-3722-45FD-903B-49012286BB4C}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2DE5D297-346C-4E9F-8ADE-50B96237787A}] : (Paragon PRM Language Pack - German.-.Paragon Software) -> MsiExec.exe /I{2DE5D297-346C-4E9F-8ADE-50B96237787A}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2ED94916-04E5-4136-AB55-771C315EFE14}] : (Paragon UIM.-.Paragon Software) -> MsiExec.exe /I{2ED94916-04E5-4136-AB55-771C315EFE14}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4D92F057-1E63-47B3-821E-A5A923502993}] : (Paragon PRM Administration Server.-.Paragon Software) -> MsiExec.exe /I{4D92F057-1E63-47B3-821E-A5A923502993}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5BDA045F-B759-4C82-8973-CF4A0D1F0565}] : (Paragon PRM Agent.-.Paragon Software) -> MsiExec.exe /I{5BDA045F-B759-4C82-8973-CF4A0D1F0565}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6F859524-FD84-42FA-ABA6-D3C464692D31}] : (Paragon PRM Physical Backup.-.Paragon Software) -> MsiExec.exe /I{6F859524-FD84-42FA-ABA6-D3C464692D31}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6F86D809-5B05-4B61-9131-36FBF692D039}] : (Paragon PRM vSphere Backup Appliance.-.Paragon Software) -> MsiExec.exe /I{6F86D809-5B05-4B61-9131-36FBF692D039}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}] : (Rebit Pro (64-bit).-.Rebit, Inc.) -> MsiExec.exe /I{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7EB60864-1338-4A87-AECF-CB03A4E7E3EC}] : (Paragon Exchange Granular Recovery.-.Paragon Software) -> MsiExec.exe /I{7EB60864-1338-4A87-AECF-CB03A4E7E3EC}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7F88AB75-5493-4F34-B55B-0D03338D317A}] : (Paragon PRM Management Console.-.Paragon Software) -> MsiExec.exe /I{7F88AB75-5493-4F34-B55B-0D03338D317A}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{80B6E801-3CD2-4A1A-A30E-D38195E41B25}] : (Rebit 5: Viewer components (64 bit).-.Rebit, Inc.) -> MsiExec.exe /I{80B6E801-3CD2-4A1A-A30E-D38195E41B25}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8EB1B142-EA26-4B77-A5A3-89734F6FA6A0}] : (Paragon NFSServer.-.Paragon Software) -> MsiExec.exe /I{8EB1B142-EA26-4B77-A5A3-89734F6FA6A0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}] : (Diskeeper 15.-.Condusiv Technologies) -> MsiExec.exe /X{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9D025A34-3F45-4F2E-929A-A33CC939C77D}] : (Rebit 5: core components (64 bit).-.Rebit, Inc.) -> MsiExec.exe /I{9D025A34-3F45-4F2E-929A-A33CC939C77D}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9D6F12F1-2FD2-48BE-A8D3-31DC4F4017A6}] : (Paragon VM Copy Tool.-.Paragon Software) -> MsiExec.exe /I{9D6F12F1-2FD2-48BE-A8D3-31DC4F4017A6}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F4703F5-B4C0-4899-B359-17D360E17637}] : (Paragon PRM Installation Client.-.Paragon Software) -> MsiExec.exe /I{9F4703F5-B4C0-4899-B359-17D360E17637}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A8644328-A66F-490E-B8FA-901FF649189D}_is1] : (VoodooShield version 3.59.-.VoodooSoft, LLC) -> "C:\Program Files\VoodooShield\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}] : (COMODO BackUp.-.COMODO) -> C:\WINDOWS\Installer\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}\uninstall.exe
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C9E748DF-6F58-4C7F-8062-A252EFD3E72D}] : (Paragon PRM Deduplication Server.-.Paragon Software) -> MsiExec.exe /I{C9E748DF-6F58-4C7F-8062-A252EFD3E72D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}] : (cCloud.-.COMODO) -> C:\WINDOWS\Installer\{CF6C1B06-4F86-4C41-BD21-9E40500006B5}\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4378A80-C713-11DF-9399-005056C00008}] : (Paragon Migrate OS to SSDÂ 4.0.-.Paragon Software) -> MsiExec.exe /I{D4378A80-C713-11DF-9399-005056C00008}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E2897A12-7C03-4678-A339-AFA3CDC51DC4}] : (Paragon PRM Troubleshotting Tool.-.Paragon Software) -> MsiExec.exe /I{E2897A12-7C03-4678-A339-AFA3CDC51DC4}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E58F0C9C-2DEA-4AD1-8548-B3CB08A61CE9}] : (RMB.-.Paragon Software) -> MsiExec.exe /I{E58F0C9C-2DEA-4AD1-8548-B3CB08A61CE9}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ED2D4617-0645-4D0A-968F-2FC018921103}] : (Paragon PRM Backup Server.-.Paragon Software) -> MsiExec.exe /I{ED2D4617-0645-4D0A-968F-2FC018921103}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1] : (WebDiscover Browser 3.210.2.-.WebDiscover Media) -> "C:\Program Files\WebDiscoverBrowser\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Acer Screensaver] : (Acer ScreenSaver.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Acer Welcome Center] : (Welcome Center.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Welcome Center\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Anvi AD Blocker] : (Anvi AD Blocker 2.2.-.Anvisoft) -> J:\Anvi AD Blocker\UnInstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Anvi AD Blocker Ultimate] : (Anvi AD Blocker Ultimate 3.2.-.Anvisoft) -> G:\PHOTO FAMILY\Anvi AD Blocker Ultimate\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Anvi Browser Repair Tool] : (Anvi Browser Repair Tool.-.Anvisoft) -> K:\Anvi Browser Repair Tool\UnInstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\cbColors Folder Icons Full_is1] : (cbColors Folder Icons Full.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CloseAll] : (CloseAll.-.NTWind Software) -> C:\Program Files\CloseAll\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Cloud System Booster] : (Cloud System Booster.-.Anvisoft) -> I:\Cloud System Booster\UnInstall.exe
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Everyday Folder Icons_is1] : (Everyday Folder Icons v 1.0.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Extra Folder Icons Full_is1] : (Extra Folder Icons Full.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\icl\unins002.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fast Sitemap Maker_is1] : (Fast Sitemap Maker.-.supernova-soft.com) -> "C:\Program Files (x86)\Fast Sitemap Maker\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Folder Marker Pro_is1] : (Folder Marker Pro.-.ArcticLine Software) -> "C:\Program Files (x86)\Folder Marker\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\herdProtectScan] : (herdProtect Anti-Malware Scanner.-.Reason Company Software Inc.) -> "C:\Program Files (x86)\Reason\herdProtect\Scanner\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Identity Card] : (Identity Card.-.Acer Incorporated) -> C:\Program Files (x86)\Acer\Identity Card\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IM_Magic_PR] : (IM-Magic Partition Resizer Free 2016.-.IM-Magic Inc.) -> C:\Program Files\IM-Magic\Partition Resizer\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Unlocker_is1] : (IObit Unlocker.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Unlocker\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObitUninstall] : (IObit Uninstaller.-.IObit) -> "K:\\100% sÃ©curisÃ© finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\\PortableApps\\IObitUninstallerPortable\\App\\uninstaller\\UninstallDisplay.exe" uninstall_start
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\jtrent238's System Support] : (jtrent238's System Support.-.) -> C:\Program Files (x86)\jtrent238\jtrent238's System Support\Uninstal.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LManager] : (Launch Manager.-.Acer Inc.) -> C:\Windows\UNINSTLMv4.EXE LMv4.UNI
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft SQL Server 11] : (Microsoft SQL Server 2012.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyEpson Portal] : (MyEpson Portal.-.SEIKO EPSON Corporation) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OneSafe Driver Manager_is1] : (OneSafe Driver Manager v4.0.97.-.Avanquest) -> "M:\PHOTO FAMILY\OneSafe Driver Manager\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OneSafe PC Cleaner_is1] : (OneSafe PC Cleaner v5.1.3.-.Avanquest Software) -> "M:\NMSDCID\OneSafe PC Cleaner\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PC Speed Maximizer_is1] : (PC Speed Maximizer v4.-.Avanquest Software) -> "C:\Program Files (x86)\PC Speed Maximizer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Protected Folder_is1] : (Protected Folder.-.IObit) -> "C:\Program Files (x86)\IObit\Protected Folder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Reg Organizer_is1] : (Reg Organizer version 8.04.-.ChemTable Software) -> "C:\Program Files (x86)\Reg Organizer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RegClean Pro_is1] : (RegClean Pro.-.systweak.com) -> "C:\Program Files (x86)\RCP\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Slim Toolbar] : (Slim Toolbar 1.4.-.Anvisoft) -> G:\Slim Toolbar\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Software Update Pro] : (Software Update Pro 5.39.0.33.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glarysoft\Software Update Pro\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\StartupBooster] : (StartupBooster 1.0.-.anvisoft) -> M:\PHOTO FAMILY\Anvisoft\StartupBooster\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix Anti-Malware Premium.-.SOSVirus (SOSVirus.Net)) -> C:\Program Files (x86)\UsbFix\Un-UsbFix.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video to GIF] : (Video to GIF 5.3.-.AoaoPhoto Digital Studio.) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Video to GIF\unins000.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video to Picture] : (Video to Picture 5.3.-.AoaoPhoto Digital Studio.) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Video to Picture\unins000.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Watermark Software] : (Watermark Software 8.3.-.watermark-software.com) -> C:\Program Files (x86)\AoaoPhoto Digital Studio\Watermark Software\unins000.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Folder Hider_is1] : (Wise Folder Hider 3.37.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Folder Hider\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise JetSearch_is1] : (Wise JetSearch 2.27.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise JetSearch\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise Video Downloader_is1] : (Wise Video Downloader 2.41.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise Video Downloader\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2432E589-6256-4513-B0BF-EFA8E325D5F0}] : (Nero SharedVideoCodecs.-.Nero AG) -> MsiExec.exe /X{2432E589-6256-4513-B0BF-EFA8E325D5F0}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{287ECFA4-719A-2143-A09B-D6A12DE54E40}] : (Acrobat.com.-.Adobe Systems Incorporated) -> MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2FFDD819-5ACF-49D5-9F18-980B42E5DA66}_is1] : (TweakBit PCSpeedUp.-.Auslogics Labs Pty Ltd) -> "C:\Program Files (x86)\TweakBit\PCSpeedUp\unins000.exe" /compability
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3361D415-BA35-4143-B301-661991BA6219}] : (MyEpson Portal.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40F2F005-FA4C-4BEA-83A6-BFD969467594}] : (Nero BackItUp.-.Nero AG) -> MsiExec.exe /X{40F2F005-FA4C-4BEA-83A6-BFD969467594}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{55B464FA-16DE-4127-A7B8-D49CD2768E63}_is1] : (Turbo View & Convert.-.IMSI/Design, LLC) -> "C:\Program Files (x86)\IMSIDesign\Turbo View & Convert\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{58548A8C-122B-4889-A7B8-316ADB5B7C47}] : (Google Password Remover.-.SecurityXploded) -> MsiExec.exe /I{58548A8C-122B-4889-A7B8-316ADB5B7C47}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconduct Corp.) -> C:\WINDOWS\RtCRU64.exe /u
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}] : (Prerequisite installer.-.Nero AG) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{62D64B30-6E10-4C49-95FE-EDD8F8165DED}_is1] : (TweakBit Driver Updater.-.Auslogics Labs Pty Ltd) -> "C:\Program Files (x86)\TweakBit\Driver Updater\unins000.exe" /compability
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}] : (Nero Update.-.Nero AG) -> MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6853AF43-F703-4727-9359-1DCFE9B5C689}] : (Firefox Download Unblocker.-.SecurityXploded) -> MsiExec.exe /I{6853AF43-F703-4727-9359-1DCFE9B5C689}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6BF9F374-EC67-4808-A90C-F127DE6D989D}] : (Epson E-Web Print.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{6BF9F374-EC67-4808-A90C-F127DE6D989D}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}] : (MyWinLocker Suite.-.Egis Technology Inc.) -> MsiExec.exe /X{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83D2F005-37FD-4321-B5F7-24EFEACC9834}] : (Nero BurningROM 2016.-.Nero AG) -> MsiExec.exe /I{83D2F005-37FD-4321-B5F7-24EFEACC9834}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.Seiko Epson Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}] : (Stashimi Stub Installer.-.Nero AG) -> MsiExec.exe /X{910B539D-F257-46C8-9CB8-6C95EFF9CF22}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92EBE575-0C6E-4713-B095-34BB927E5AC6}] : (Nero CoverDesigner.-.Nero AG) -> MsiExec.exe /X{92EBE575-0C6E-4713-B095-34BB927E5AC6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{96E8A815-3053-4616-AAC2-865E6B1792F5}_is1] : (WinSweeper 2.1.-.Solvusoft Corporation) -> "M:\NMSDCID\OneSafe PC Cleaner\WinSweeper\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F205E94-9E42-4486-A92A-DF3F6CB85444}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{9F205E94-9E42-4486-A92A-DF3F6CB85444}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A163159C-B476-4501-B163-3F77809AC833}] : (Nero Burning Core.-.Nero AG) -> MsiExec.exe /X{A163159C-B476-4501-B163-3F77809AC833}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A0E0B5-578C-43CE-B201-1C01A0388DA9}_is1] : (FileMarker.NET Pro v 1.0.-.ArcticLine Software) -> "C:\Program Files (x86)\FileMarker.NET\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABC88553-8770-4B97-B43E-5A90647A5B63}] : (Nero ControlCenter.-.Nero AG) -> MsiExec.exe /X{ABC88553-8770-4B97-B43E-5A90647A5B63}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-A91000000001}] : (Adobe Reader 9.1 MUI.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AE7F7F16-8015-44F2-A5E5-306F50ED8E41}] : (Rebit Pro (32-bit).-.Rebit, Inc.) -> MsiExec.exe /I{AE7F7F16-8015-44F2-A5E5-306F50ED8E41}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}] : (Epson Software Updater.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{B55DB65D-EF6E-4E04-89D5-B03603BF681B}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}] : (Nero Core Components.-.Nero AG) -> MsiExec.exe /X{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF32D91B-C96C-4DEC-9ADE-7E37FCB40145}_is1] : (TweakBit Internet Optimizer.-.Auslogics Labs Pty Ltd) -> "C:\Program Files (x86)\TweakBit\Internet Optimizer\unins000.exe" /compability
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C257E434-E8F1-4E06-A616-598E4933553E}_is1] : (File Identifier.-.Sharpened Productions) -> "C:\Program Files (x86)\File Identifier\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}] : (RegCure Pro.-.ParetoLogic, Inc.) -> C:\Program Files (x86)\ParetoLogic\RegCure Pro\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C6C05D6E-B19C-4537-9F4D-09A636D05D3B}_is1] : (ONEKEY PDF Convert to Word version 3.0.-.EasyAppSoft) -> "C:\Program Files (x86)\EasyAppSoft\ONEKEY PDF Convert to Word\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{cb17f36d-6166-42b7-b4db-6757c8a107df}_is1] : (SysTools Logon Disclaimer v1.0.-.SysTools Software) -> "C:\Program Files (x86)\SysTools Logon Disclaimer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}] : (Acronis True Image WD Edition.-.Acronis) -> MsiExec.exe /X{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}] : (Nero Burning ROM.-.Nero AG) -> MsiExec.exe /X{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFD5FF4C-CF60-4D33-8E8C-B51CD9AD34B1}] : (Rebit 5: Avanquest Extensions.-.Rebit, Inc.) -> MsiExec.exe /X{CFD5FF4C-CF60-4D33-8E8C-B51CD9AD34B1}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD3D64A7-3165-458D-96D4-06FBC609C22A}] : (Google Ad Blocker.-.SecurityXploded) -> MsiExec.exe /I{DD3D64A7-3165-458D-96D4-06FBC609C22A}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF0BA418-AF37-471E-9594-EAE5913F4681}] : (Nero Launcher.-.Nero AG) -> MsiExec.exe /X{EF0BA418-AF37-471E-9594-EAE5913F4681}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F030BFE8-8476-4C08-A553-233DE80A2BE1}] : (Nero Info.-.Nero AG) -> MsiExec.exe /X{F030BFE8-8476-4C08-A553-233DE80A2BE1}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F2E04A40-3EA7-42F8-B7CC-B6E7A39DC150}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{F2E04A40-3EA7-42F8-B7CC-B6E7A39DC150}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}] : (Google Password Decryptor.-.SecurityXploded) -> MsiExec.exe /I{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC48747D-095F-4CF6-B54E-37D4F4738A15}_is1] : (Gestionnaire de Connexion SFR 3.1.-.SFR) -> "C:\Program Files (x86)\SFR\Gestionnaire de Connexion\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

---------- | Ports 


---------- | Microsoft Specifications

CheckID: FileAssociations999{ABC88553-8770-4B97-B43E-5A90647A5B63} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: DesktopShortcut1{287ECFA4-719A-2143-A09B-D6A12DE54E40} - INSTALL_DESKTOP_SHORTCUT="yes" -> DesktopShortcut
CheckID: ProgramShortcut1{287ECFA4-719A-2143-A09B-D6A12DE54E40} - INSTALL_PROGRAM_SHORTCUT="yes" -> ProgramShortcut
CheckID: AutoPlay999{92EBE575-0C6E-4713-B095-34BB927E5AC6} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{92EBE575-0C6E-4713-B095-34BB927E5AC6} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: SearchAndIndex0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_SEARCH5="YES" -> SearchAndIndex
CheckID: MultimediaPlugin0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_MULTIMEDIA="YES" -> MultimediaPlugin
CheckID: ReaderBrowserIntegration0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_BROWSER_INTEGRATION="YES" -> ReaderBrowserIntegration
CheckID: ReaderPDFIntegration0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - SETUP_PDF_INTEGRATION="NO" -> ReaderPDFIntegration
CheckID: Accessibility_Plugins0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_ACCESSIBILITY="YES" -> Accessibility_Plugins
CheckID: Atmosphere_3D0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_3D="YES" -> Atmosphere_3D
CheckID: AdobeCommonLinguistics_Big0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - DISABLE_LINGUISTICS="YES" -> AdobeCommonLinguistics_Big
CheckID: AUM__zh_TW0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"CHT" -> AUM__zh_TW
CheckID: AUM__zh_CN0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"CHS" -> AUM__zh_CN
CheckID: AUM__sv_SE0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"SVE" -> AUM__sv_SE
CheckID: AUM__pt_BR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"PTB" -> AUM__pt_BR
CheckID: AUM__nl_NL0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"NLD" -> AUM__nl_NL
CheckID: AUM__nb_NO0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"NOR" -> AUM__nb_NO
CheckID: AUM__ko_KR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"KOR" -> AUM__ko_KR
CheckID: AUM__ja_JP0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"JPN" -> AUM__ja_JP
CheckID: AUM__it_IT0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"ITA" -> AUM__it_IT
CheckID: AUM__fr_FR0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"FRA" -> AUM__fr_FR
CheckID: AUM__fi_FI0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"SUO" -> AUM__fi_FI
CheckID: AUM__es_ES0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"ESP" -> AUM__es_ES
CheckID: AUM__de_DE0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"DEU" -> AUM__de_DE
CheckID: AUM__da_DK0{AC76BA86-7AD7-FFFF-7B44-A91000000001} - ProductCode><"7AD7-FFFF" AND NOT LANG_LIST><"DAN" -> AUM__da_DK
CheckID: AutoPlay999{EF0BA418-AF37-471E-9594-EAE5913F4681} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{EF0BA418-AF37-471E-9594-EAE5913F4681} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: AutoPlay999{F030BFE8-8476-4C08-A553-233DE80A2BE1} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{F030BFE8-8476-4C08-A553-233DE80A2BE1} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: fe1559e6e1022144a8b5b0ae14281475a31{97B6FAD9-6F14-CC46-3165-F1785ECCE255} - "AMD64" ~= %PROCESSOR_ARCHITECTURE -> fe1559e6e1022144a8b5b0ae14281475a3
CheckID: CrossFeature1{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D} - CopyOfPlatformFiles = "yes" -> CrossFeature
CheckID: AutoPlay999{A163159C-B476-4501-B163-3F77809AC833} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{A163159C-B476-4501-B163-3F77809AC833} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: AutoPlay999{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations
CheckID: AutoPlay999{910B539D-F257-46C8-9CB8-6C95EFF9CF22} - NERO.INSTALL_AUTOPLAY=0 -> AutoPlay
CheckID: FileAssociations999{910B539D-F257-46C8-9CB8-6C95EFF9CF22} - NERO.INSTALL_EXTENSIONS=0 -> FileAssociations

---------- | CLSID (Whitelist)

[HKCR\CLSID\{0932B8A4-BBB4-4bc0-A8AB-91C626950C75}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{09AC4892-81B7-4d39-B235-8F0DB0DAF4F8}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}] - (.License: MPL 2 -.) - C:\Program Files (x86)\Mozilla Thunderbird\AccessibleMarshal.dll   [09/12/2017 14:26:11]
[HKCR\CLSID\{0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C}] - (.TODO: (c) <Company name>. - TODO: <File description>.) - C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKCR\CLSID\{1159F2AF-F989-4d11-8B34-9550029269BB}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}] - (.-.) - C:\Windows\SysWOW64\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll   [29/09/2017 14:42:13]
[HKCR\CLSID\{181A38F4-6CE6-4edc-8DB0-6E5631963A1E}] - (.-.) - C:\Windows\SysWOW64\LocationFramework.dll   
[HKCR\CLSID\{1965FEA3-3896-438B-B789-F5981797E7E7}] - (.-.) - C:\Windows\SysWOW64\MapsBtSvcProxy.dll   
[HKCR\CLSID\{19dcfb49-c5ad-4919-b46d-2c867867f0a4}] - (.-.) - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll   [23/10/2012 03:17:36]
[HKCR\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{26A28DD1-D23A-43a0-A495-F1C3F75C49E2}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll   [15/12/2016 18:15:48]
[HKCR\CLSID\{278029E0-2347-4254-A65E-204AC55E2508}] - (.-.) - C:\Program Files (x86)\AUSLOG~1\DISKDE~1\DISKDO~1.DLL   
[HKCR\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] - (.-.) - "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.17123-0\X86\MpOav.dll"   
[HKCR\CLSID\{2869F087-165A-4B0F-9657-6608B8318DDB}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerSirenEnc.dll   
[HKCR\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}] - (.-.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll   
[HKCR\CLSID\{2FE8F810-B2A5-11d0-A787-0000F803ABFC}] - (.-.) - C:\WINDOWS\system32\dplayx.dll   
[HKCR\CLSID\{32581F0D-E898-4A6C-9D3E-80841D810C8F}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\acerwmv9enc.dll   
[HKCR\CLSID\{32E226FC-F4EB-4588-900E-B46F3223557E}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll   [15/12/2016 18:15:48]
[HKCR\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{3647D1DF-A67B-4882-A74E-67EEB4178F89}] - (.-.) - C:\Windows\SysWOW64\Windows.Mirage.dll   [01/12/2017 05:28:28]
[HKCR\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}] - (.-.) - C:\Windows\SysWOW64\MapsCSP.dll   
[HKCR\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{40966797-8FFE-46C8-9EF8-7003F33CCF0F}] - (.-.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll   
[HKCR\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{4516EC43-8F20-11D0-9B6D-0000C0781BC3}] - (.-.) - C:\WINDOWS\system32\d3dxof.dll   
[HKCR\CLSID\{486ED91D-C9EC-4C3C-B059-C91F94367D36}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerSirenEnc.dll   
[HKCR\CLSID\{494E53BE-0695-4736-9777-607CBB9D0A7B}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\acerwmv9enc.dll   
[HKCR\CLSID\{4C8DD17E-7079-4c7e-96E5-A7AFDB12F132}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{517539A3-905F-4755-9F94-D91B095A07CC}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{51FC9E18-6E66-4BE2-BA40-3F68213E6EC0}] - (.-.) - C:\Windows\SysWOW64\Windows.Mirage.dll   [01/12/2017 05:28:28]
[HKCR\CLSID\{52103F52-9856-43F7-B5C4-A026FD84288C}] - (.TODO: (c) <Company name>. - TODO: <File description>.) - C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKCR\CLSID\{54B7D246-951E-4BEA-B551-93D178284D13}] - (.-.) - C:\Windows\SysWOW64\Windows.Mirage.dll   [01/12/2017 05:28:28]
[HKCR\CLSID\{5872C980-0AAF-4cdb-A62D-4F453DA2EFAD}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{5C9ED313-4AE5-4768-9461-3166C5763F1D}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll   [15/12/2016 18:15:48]
[HKCR\CLSID\{5DE7918B-BFD7-4C1E-B4E0-B16D0A3EA76B}] - (.-.) - C:\Windows\SysWOW64\AuthHostProxy.dll   
[HKCR\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{61633164-6935-3152-724F-6C6462497648}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AIMPlugin.dll   
[HKCR\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}] - (.-.) - C:\WINDOWS\system32\audiodev.dll   
[HKCR\CLSID\{65A3CD37-3208-45B1-8F10-5F5BAD78DDD8}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{6691680C-8B1C-49ec-9254-8FFBE471C256}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{67213461-9306-4978-AC8D-608589F90F03}] - (.WiseVideoSuite.com - IE Add-on for download YouTube video..) - C:\Program Files (x86)\Wise\Wise Video Downloader\WVDAdd.dll   [07/09/2016 12:59:46]
[HKCR\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD}] - (.-.) - C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt32.dll   [29/11/2017 17:11:30]
[HKCR\CLSID\{6BC5BA40-B56C-44E9-BF40-1185DEC77400}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerWmv9ScreenEnc.dll   
[HKCR\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}] - (.Â©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. -.) - C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll   [09/12/2017 14:27:04]
[HKCR\CLSID\{78A543EB-3A61-4ED3-9F4E-457DD8364A5F}] - (.- Browser Helper Object.) - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll   [07/09/2016 13:08:08]
[HKCR\CLSID\{79BA9E00-B6EE-11D1-86BE-00C04FBF8FEF}] - (.-.) - C:\WINDOWS\System32\dmband.dll   
[HKCR\CLSID\{7BFF24D0-B222-4369-9DBF-E456A4D72FFA}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy.dll   [15/12/2016 18:15:48]
[HKCR\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{83A0CE0E-628B-4FA0-941F-D88671A1BCC0}] - (.-.) - C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\Common Toolkit ToolsPS.dll   
[HKCR\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{882BC1E4-C79E-475D-8CC7-CC8D112FDB17}] - (.-.) - C:\Windows\SysWOW64\RMSRoamingSecurity.dll   
[HKCR\CLSID\{8839A1BA-6D01-4525-98EB-723C628320F0}] - (.-.) - C:\Windows\SysWOW64\Windows.Mirage.dll   [01/12/2017 05:28:28]
[HKCR\CLSID\{8B5C0AF0-7152-439e-8C54-2348FC56BC0D}] - (.-.) - C:\Program Files (x86)\Common Files\LogiShrd\LogiWLMPluginMSI\LogiWLMControllerPS.dll   [12/06/2011 19:24:32]
[HKCR\CLSID\{8EEA165E-0B8B-4BA7-9796-50214C767171}] - (.-.) - C:\Program Files (x86)\NCH Software\ExpressZip\ezcm.dll   [02/09/2016 15:22:56]
[HKCR\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{A5415364-784A-41A5-B47A-D452909CA8FF}] - (.-.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll   
[HKCR\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6}] - (.TODO: (c) <Company name>. - TODO: <File description>.) - C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll   [04/09/2016 14:23:42]
[HKCR\CLSID\{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}] - (.-.) - C:\Program Files\TeraCopy\TeraCopy.dll   [06/09/2016 19:51:00]
[HKCR\CLSID\{A8004167-E235-4148-A4E5-7C3108100200}] - (.Â©Conexant Systems Inc. - Conexant APO.) - C:\WINDOWS\SysWow64\RTCOM\CX32APO.dll   [08/09/2016 13:59:03]
[HKCR\CLSID\{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}] - (.-.) - C:\Program Files\TeraCopy\TERACO~1.DLL   [06/09/2016 19:50:59]
[HKCR\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{AA4CE0BA-E016-4FE4-B44C-3E4208100200}] - (.Â©Conexant Systems Inc. - Conexant APO.) - C:\WINDOWS\SysWow64\RTCOM\CX32APO.dll   [08/09/2016 13:59:03]
[HKCR\CLSID\{AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE}] - (.- Browser Helper Object.) - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll   [07/09/2016 13:08:08]
[HKCR\CLSID\{B2C11E09-6689-443D-9C23-5C369FBD1F3E}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerWmv9ScreenEnc.dll   
[HKCR\CLSID\{C539A15C-3AF9-4c92-B771-50CB78F5C751}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\tishell32.dll   [15/12/2016 18:13:56]
[HKCR\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}] - (.-.) - %windir%\system32\F12\msdbg2.dll   
[HKCR\CLSID\{C619A7DC-3DB7-4011-A303-B75AA76C9C56}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerSirenDec.dll   
[HKCR\CLSID\{C64501F6-E6E6-451f-A150-25D0839BC510}] - (.-.) - C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll   [29/09/2017 14:42:24]
[HKCR\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{CC89327D-D094-40B2-82CB-F989EE26FC51}] - (.-.) - C:\Program Files (x86)\Auslogics\Disk Defrag Professional\ShellExtension.ContextMenu.x32.dll   
[HKCR\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{D1EB6D20-8923-11d0-9D97-00A0C90A43CB}] - (.-.) - C:\WINDOWS\system32\dplayx.dll   
[HKCR\CLSID\{D2AC2894-B39B-11D1-8704-00600893B1BD}] - (.-.) - C:\WINDOWS\System32\dmband.dll   
[HKCR\CLSID\{D3075F87-A7BD-4231-9F6A-60C5E07374A7}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{D4E775CC-0FCD-4ECF-838D-C578A65CF9AB}] - (.-.) - C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll   [23/10/2012 03:17:36]
[HKCR\CLSID\{D6FCA954-F7AE-4EAC-8783-85F5E4ABD840}] - (.-.) - %windir%\system32\F12\pdmproxy100.dll   
[HKCR\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{DE7371F4-4CCD-47cd-B12B-8887C9125895}] - (.-.) - C:\WINDOWS\system32\LVUI2.dll   
[HKCR\CLSID\{DF16845C-92CD-4AAB-A982-EB9840E74669}] - (.-.) - C:\Program Files (x86)\Acronis\TrueImageHome\versions_view.dll   [15/12/2016 17:46:46]
[HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{e8cc4cbf-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{EA847F47-97F1-4D78-AB99-C63CA1C327F0}] - (.-.) - C:\Program Files (x86)\Glarysoft\Malware Hunter\MHContextHandler.dll   
[HKCR\CLSID\{EBF2320A-2502-11D3-8BD1-00600893B1B6}] - (.-.) - C:\WINDOWS\System32\dmscript.dll   
[HKCR\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll   
[HKCR\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA1}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerScreenCap.dll   
[HKCR\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}] - (.-.) - %windir%\system32\amsi.dll   
[HKCR\CLSID\{FE96CC3F-CE1B-4A52-8896-199816D939CF}] - (.-.) - C:\Program Files (x86)\Acer\Acer VCM\AcerSirenDec.dll   

---------- | Installer

[HKCR\Installer\Products\026F45BF555911A362BC0B724CDD2F06] : Imaging Designer
[HKCR\Installer\Products\04A40E2F7AE38F247BCC6B7E3AD91C05] : Adobe AIR
[HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\WINDOWS\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\08A8734D317CFD1139990005650C0080] : Paragon Migrate OS to SSDÂ 4.0 -> C:\WINDOWS\Installer\{D4378A80-C713-11DF-9399-005056C00008}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\09058001D17E45A4E92344BA734ACC6C] : AutoSave Essentials -> C:\WINDOWS\Installer\{10085090-E71D-4A54-9E32-44AB37A4CCC6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0BE6E9B4DEE047E449979F283C52F417] : SQL Server Browser for SQL Server 2012 -> C:\WINDOWS\Installer\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}\ARPIco
[HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\WINDOWS\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\WINDOWS\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi
[HKCR\Installer\Products\108E6B082DC3A1A43AE03D18594EB152] : Rebit 5: Viewer components (64 bit) -> C:\Windows\Installer\{80B6E801-3CD2-4A1A-A30E-D38195E41B25}\InstallerIcon
[HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter
[HKCR\Installer\Products\1A15D4212C3FEA548B213DAC17420739] : SQL Server 2012 Common Files
[HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\WINDOWS\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1E3325E85947BF44D8BEB49E605D6991] : Junk Mail filter update
[HKCR\Installer\Products\1E6AF1658349876ED2A2AC998FDDBF0C] : Windows Assessment Services - Client (AMD64 Architecture Specific, Client SKU)
[HKCR\Installer\Products\1F21F6D92DF2EB848A3D13CDF404716A] : Paragon VM Copy Tool
[HKCR\Installer\Products\21A7982E30C787643A93FA3ADC5CD14C] : Paragon PRM Troubleshotting Tool
[HKCR\Installer\Products\21E13F622273DF5409B394102268BBC4] : OnlineThreatsEngine -> C:\Windows\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\234989D47D950A67DD159B46226FFFF7] : Windows Phone Common Packaging and Test Tools (NT_x86_fre)
[HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\241B1BE862AE77B45A3A9837F4F66A0A] : Paragon NFSServer
[HKCR\Installer\Products\25E8C8C9A2A4D674B9C07CFE43048F0F] : 
[HKCR\Installer\Products\2C31622C4A7C16749A6011E6DCE44777] : SQL Server 2012 Database Engine Services
[HKCR\Installer\Products\2F12AC03A109BD444AF3CF13DCF04239] : Sql Server Customer Experience Improvement Program -> C:\WINDOWS\Installer\{30CA21F2-901A-44DB-A43F-FC31CD0F2493}\ARPIco
[HKCR\Installer\Products\33305D78435EA394E889A094CB826FB4] : SQL Server 2012 Database Engine Services
[HKCR\Installer\Products\34FA3586307F72743995D1FC9E5B6C98] : Firefox Download Unblocker -> C:\WINDOWS\Installer\{6853AF43-F703-4727-9359-1DCFE9B5C689}\VistaUACMaker.exe
[HKCR\Installer\Products\35588CBA077879B44BE3A50946A7B536] : Nero ControlCenter -> C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\36DE92D79F487CE44BF999A4A313592B] : SQL Server 2012 Common Files
[HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\WINDOWS\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\384482F5D8EEE744EBEBB21FB3804CFB] : Prerequisite installer -> C:\WINDOWS\Installer\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\39753950C43A27243316A79FEAEE6594] : Imaging And Configuration Designer
[HKCR\Installer\Products\3978828F6B15FE74F2393D777666F35C] : Assessments on Client
[HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\WINDOWS\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\WINDOWS\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C5FB837B7FA0BB47BFE5E50FE7C65EB] : MyWinLocker Suite -> C:\Windows\Installer\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3D4250324BDACC96A287698D973E22B1] : Windows PE x86 x64
[HKCR\Installer\Products\3F78D2E7CB3F5af4F927FB20E16DC63B] : 
[HKCR\Installer\Products\401EEA7469FB704E3DEF08BB4D72234F] : Windows PE x86 x64 wims
[HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\WINDOWS\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\425958F648DFAF24BA6A3D4C4696D213] : Paragon PRM Physical Backup
[HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\WINDOWS\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\43A520D954F3E2F429A93AC39C937CD7] : Rebit 5: core components (64 bit) -> C:\Windows\Installer\{9D025A34-3F45-4F2E-929A-A33CC939C77D}\InstallerIcon
[HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\WINDOWS\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\46806BE7833178A4EAFCBC304A7E3ECE] : Paragon Exchange Granular Recovery
[HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software
[HKCR\Installer\Products\473F9FB676CE80849AC01F72EDD689D9] : Epson E-Web Print -> C:\Windows\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe
[HKCR\Installer\Products\47B800D0226053F770197C3624F79396] : Volume Activation Management Tool
[HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin
[HKCR\Installer\Products\496A34161EF56FDB7FE8F4B73F9E14B9] : Toolkit Documentation
[HKCR\Installer\Products\49E502F924E968449AA2FDF3C68B4544] : Epson Event Manager -> C:\Windows\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe
[HKCR\Installer\Products\4AFCE782A91734120AB96D1AD25EE404] : Acrobat.com
[HKCR\Installer\Products\500F2D38DF7312345B7F42FEAECC8943] : Nero BurningROM 2016 -> C:\WINDOWS\Installer\{83D2F005-37FD-4321-B5F7-24EFEACC9834}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\500F2F04C4AFAEB4386AFB9D96645749] : Nero BackItUp -> C:\WINDOWS\Installer\{40F2F005-FA4C-4BEA-83A6-BFD969467594}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\50848F456110F764783198D9CF742253] : SQL Server 2012 Database Engine Shared
[HKCR\Installer\Products\514D163353AB34143B10669119AB2691] : MyEpson Portal
[HKCR\Installer\Products\5173F3A735977424B8C5D53050B0E99A] : 
[HKCR\Installer\Products\554590D7179DC4D4E9DFA96F6A85F4A3] : Bing Bureau -> C:\Windows\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}\icon.ico
[HKCR\Installer\Products\575EBE29E6C031740B5943BB29E7A56C] : Nero CoverDesigner -> C:\WINDOWS\Installer\{92EBE575-0C6E-4713-B095-34BB927E5AC6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\57BA88F7394543F45BB5D03033D813A7] : Paragon PRM Management Console
[HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook
[HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\WINDOWS\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5AF433025DC6CF845B9F3DD4570E8754] : AntimalwareEngine -> C:\Windows\Installer\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\WINDOWS\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5ED9778FD6D7FDC4A9583A5BED57CF99] : Google Password Decryptor -> C:\WINDOWS\Installer\{F8779DE5-7D6D-4CDF-9A85-A3B5DE75FC99}\GooglePasswordDecryptor.exe
[HKCR\Installer\Products\5F3074F90C4B99843B95713D061E6773] : Paragon PRM Installation Client
[HKCR\Installer\Products\61949DE25E406314BA5577C113E5EF41] : Paragon UIM
[HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\WINDOWS\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\66F055D925D5AC92825BEEC0C2C0FDEB] : Windows Deployment Customizations
[HKCR\Installer\Products\68AB67CA7DA7FFFFB7449A0100000010] : Adobe Reader 9.1 MUI -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico
[HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\WINDOWS\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7040BB568CC47CD459E2E3FEFD5006A2] : Nero Update -> C:\WINDOWS\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7164D2DE5460A0D469F8F20C81291130] : Paragon PRM Backup Server
[HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\WINDOWS\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\73C44F0DB22A3374BB7A689C4F897852] : SQL Server 2012 Database Engine Shared
[HKCR\Installer\Products\750F29D436E13B7428E15A9A32059239] : Paragon PRM Administration Server
[HKCR\Installer\Products\76A9438299D16A541A1C5C6B1DFD39A7] : AvcEngine -> C:\Windows\Installer\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\WINDOWS\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\792D5ED2C643F9E4A8ED059B267387A7] : Paragon PRM Language Pack - German
[HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\WINDOWS\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7A46D3DD5613D854694D60BF6C902CA2] : Google Ad Blocker -> C:\WINDOWS\Installer\{DD3D64A7-3165-458D-96D4-06FBC609C22A}\VistaUACMaker.exe
[HKCR\Installer\Products\814AB0FE73FAE1745949AE5E19F36418] : Nero Launcher -> C:\WINDOWS\Installer\{EF0BA418-AF37-471E-9594-EAE5913F4681}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\815BF5C8C87E0F8FFBCEE8CA565F0130] : Windows Assessment Services - Client (Client SKU)
[HKCR\Installer\Products\849FBE4FE00FFE9298C41DA017F889D1] : Windows Assessment Toolkit
[HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video
[HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\WINDOWS\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8ADE71A9DD5899B4BA79B6D5858A870E] : Diskeeper 15 -> C:\WINDOWS\Installer\{9A17EDA8-85DD-4B99-AB97-6B5D58A878E0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\WINDOWS\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8EFB030F674880C45A3532D38EA0B21E] : Nero Info -> C:\WINDOWS\Installer\{F030BFE8-8476-4C08-A553-233DE80A2BE1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\908D68F650B516B4191363BF6F290D93] : Paragon PRM vSphere Backup Appliance
[HKCR\Installer\Products\91AF5CD036E87774EA7BEFDF6A3C0C75] : AntispamEngine -> C:\Windows\Installer\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\985E2342652631540BFBFE8A3E525D0F] : Nero SharedVideoCodecs
[HKCR\Installer\Products\9DAF6B7941F664CC13561F87E5CC2E55] : WPTx64
[HKCR\Installer\Products\A2B16319147F195E03B3E49F753FAB1F] : Windows Assessment Toolkit (AMD64 Architecture Specific)
[HKCR\Installer\Products\A6C1C5112A511B845A99971FAAA1306F] : FirewallEngine -> C:\Windows\Installer\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\WINDOWS\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A927A03CAB9E8F73C38546DAF9D16449] : Imaging Tools Support
[HKCR\Installer\Products\ADEDAA7FA3329701DC5130EA0B050F6C] : User State Migration Tool
[HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\Windows\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO
[HKCR\Installer\Products\B54B166CA2D1C7FA720D4BFF6D074AEF] : Kits Configuration Installer
[HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin
[HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\WINDOWS\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C2F1EB77C255E834E8B6C48061DBCED5] : Rebit Pro (64-bit) -> C:\Windows\Installer\{77BE1F2C-552C-438E-8E6B-4C0816BDEC5D}\InstallerIcon
[HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\WINDOWS\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher
[HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery
[HKCR\Installer\Products\C4FF5DFC06FC33D4E8C85BC19DDA431B] : Rebit 5: Avanquest Extensions
[HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\WINDOWS\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C8A84585B22198847A8B13A6BDB5C774] : Google Password Remover -> C:\WINDOWS\Installer\{58548A8C-122B-4889-A7B8-316ADB5B7C47}\GooglePasswordDecryptor.exe
[HKCR\Installer\Products\C951361A674B10541B36F37708A98C33] : Nero Burning Core
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> C:\WINDOWS\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C9C0F85EAED21DA458843BBC806AC19E] : RMB
[HKCR\Installer\Products\CC67F423DD8D78D47BD74DFAE5A17A3B] : 
[HKCR\Installer\Products\CE67D3639B5BB7D5F0951C39FFF630CF] : Windows System Image Manager on amd64
[HKCR\Installer\Products\D2DAD9455052C402CE859508F76E0E73] : WPT Redistributables
[HKCR\Installer\Products\D43EEBEB2A48DDE4B8AE69CC45732136] : Nero Core Components
[HKCR\Installer\Products\D4DC8700641B77D4C80F62B8631C3ACE] : 
[HKCR\Installer\Products\D56BD55BE6FE40E4985D0B6330FB86B1] : Epson Software Updater -> C:\WINDOWS\Installer\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}\icon.ico
[HKCR\Installer\Products\D73F0BFC7E2273F4F8EA3B915AA85C9B] : Nero Burning ROM -> C:\WINDOWS\Installer\{CFB0F37D-22E7-4F37-8FAE-B319A58AC5B9}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D935B019752F8C64C98BC659FE9FFC22] : Stashimi Stub Installer
[HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\WINDOWS\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E065AE25F05EF8CD41D6B1365184AB92] : Windows Deployment Tools
[HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\WINDOWS\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E4AF4541CB851FE2A99141B7E094E930] : UEV Tools on amd64
[HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main
[HKCR\Installer\Products\EA58071E856963AAEA36A29785D1B846] : MXAx64
[HKCR\Installer\Products\EC9283ECB955AFB3AB7EF047F5FADC82] : Application Compatibility Toolkit
[HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\WINDOWS\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection
[HKCR\Installer\Products\F540ADB5957B28C49837FCA4D0F15056] : Paragon PRM Agent
[HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\WINDOWS\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F9D6CAECA4497F04BAD57A14A29FEC9D] : Acronis True Image WD Edition -> C:\WINDOWS\Installer\{CEAC6D9F-944A-40F7-AB5D-A7412AF9CED9}\product.ico
[HKCR\Installer\Products\FD847E9C85F6F7C408262A25FE3D7ED2] : Paragon PRM Deduplication Server

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Ãchec de la crÃ©ation dÂun point de restauration (Processus = C:\Users\jean-\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"Â ; Description = JRT Pre-Junkware RemovalÂ ; Erreur = 0x8007043c).
------------

Windows ne parvient pas Ã  charger la DLL de compteur extensible SQLAgent$ADK. Le premier mot (DWORD) de la section DonnÃ©es contient le code dÂerreur Windows.
------------

Windows ne parvient pas Ã  charger la DLL de compteur extensible MSSQL$ADK. Le premier mot (DWORD) de la section DonnÃ©es contient le code dÂerreur Windows.
------------

Nom de lÂapplication dÃ©faillante PCSpeedUp.exe, version : 1.8.2.15, horodatage : 0x5a26947f
Nom du module dÃ©faillant : rtl160.bpl, version : 0.0.0.0, horodatage : 0x00000000
Code dÂexception : 0xc000041d
DÃ©calage dÂerreur : 0x0000c5d5
ID du processus dÃ©faillant : 0x17d4
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d370eef1920684
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Program Files (x86)\TweakBit\PCSpeedUp\rtl160.bpl
ID de rapport : 369a0fe3-f559-4c47-87b9-6cab6da70dc7
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Windows ne peut pas accÃ©der au fichier S:\Anvisoft CSB Migration Folder(No Remove)\Program Files (x86)\TweakBit\PCSpeedUp\vcl160.bpl pour une des raisons suivantesÂ : un problÃ¨me sÂest produit avec la connexion rÃ©seau, le disque sur lequel le fichier est enregistrÃ©, ou les pilotes de stockage installÃ©s sur cet ordinateur, ou le disque est manquant. Windows a fermÃ© le programme PCSpeedUp en raison de cette erreur.

ProgrammeÂ : PCSpeedUp
FichierÂ : S:\Anvisoft CSB Migration Folder(No Remove)\Program Files (x86)\TweakBit\PCSpeedUp\vcl160.bpl

La valeur de lÂerreur est affichÃ©e dans la section DonnÃ©es supplÃ©mentaires.
Action utilisateur
1. Ouvrez Ã  nouveau le fichier. Cette situation peut rÃ©sulter dÂun problÃ¨me temporaire qui se corrigera de lui-mÃªme Ã  la prochaine exÃ©cution du programme.
2. Si le fichier est toujours inaccessible et
	- Il se trouve sur le rÃ©seauÂ : votre administrateur rÃ©seau devrait vÃ©rifier quÂil nÂy a aucun problÃ¨me avec le rÃ©seau et que le serveur peut Ãªtre contactÃ©.
	- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROMÂ : vÃ©rifiez que le disque est insÃ©rÃ© correctement dans lÂordinateur.
3. VÃ©rifiez et rÃ©parez le systÃ¨me de fichiers en exÃ©cutant CHKDSK. Pour exÃ©cuter CHKDSK, cliquez sur DÃ©marrer, ExÃ©cuter, entrez CMD puis cliquez sur OK. Ã lÂinvite de commandes, entrez CHKDSK /F et appuyez sur EntrÃ©e.
4. Si le problÃ¨me persiste, restaurez le fichier Ã  partir dÂune copie de sauvegarde.
5. DÃ©terminez si dÂautres fichiers du mÃªme disque peuvent Ãªtre ouverts. Si ce nÂest pas le cas, le disque est peut-Ãªtre endommagÃ©. SÂil sÂagit dÂun disque dur, contactez votre administrateur ou le distributeur de votre ordinateur pour obtenir une assistance supplÃ©mentaire.

DonnÃ©es supplÃ©mentaires
Valeur de lÂerreurÂ : C000000E
Type du disqueÂ : 3
------------

Nom de lÂapplication dÃ©faillante PCSpeedUp.exe, version : 1.8.2.15, horodatage : 0x5a26947f
Nom du module dÃ©faillant : rtl160.bpl, version : 0.0.0.0, horodatage : 0x00000000
Code dÂexception : 0xc0000006
DÃ©calage dÂerreur : 0x0000c5d5
ID du processus dÃ©faillant : 0x17d4
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d370eef1920684
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Program Files (x86)\TweakBit\PCSpeedUp\PCSpeedUp.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Program Files (x86)\TweakBit\PCSpeedUp\rtl160.bpl
ID de rapport : f7eb90c3-bdaf-42c1-a7cc-b2c5ea5447d7
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Windows ne peut pas accÃ©der au fichier S:\Anvisoft CSB Migration Folder(No Remove)\Program Files (x86)\TweakBit\Driver Updater\rtl160.bpl pour une des raisons suivantesÂ : un problÃ¨me sÂest produit avec la connexion rÃ©seau, le disque sur lequel le fichier est enregistrÃ©, ou les pilotes de stockage installÃ©s sur cet ordinateur, ou le disque est manquant. Windows a fermÃ© le programme Driver Updater en raison de cette erreur.

ProgrammeÂ : Driver Updater
FichierÂ : S:\Anvisoft CSB Migration Folder(No Remove)\Program Files (x86)\TweakBit\Driver Updater\rtl160.bpl

La valeur de lÂerreur est affichÃ©e dans la section DonnÃ©es supplÃ©mentaires.
Action utilisateur
1. Ouvrez Ã  nouveau le fichier. Cette situation peut rÃ©sulter dÂun problÃ¨me temporaire qui se corrigera de lui-mÃªme Ã  la prochaine exÃ©cution du programme.
2. Si le fichier est toujours inaccessible et
	- Il se trouve sur le rÃ©seauÂ : votre administrateur rÃ©seau devrait vÃ©rifier quÂil nÂy a aucun problÃ¨me avec le rÃ©seau et que le serveur peut Ãªtre contactÃ©.
	- Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROMÂ : vÃ©rifiez que le disque est insÃ©rÃ© correctement dans lÂordinateur.
3. VÃ©rifiez et rÃ©parez le systÃ¨me de fichiers en exÃ©cutant CHKDSK. Pour exÃ©cuter CHKDSK, cliquez sur DÃ©marrer, ExÃ©cuter, entrez CMD puis cliquez sur OK. Ã lÂinvite de commandes, entrez CHKDSK /F et appuyez sur EntrÃ©e.
4. Si le problÃ¨me persiste, restaurez le fichier Ã  partir dÂune copie de sauvegarde.
5. DÃ©terminez si dÂautres fichiers du mÃªme disque peuvent Ãªtre ouverts. Si ce nÂest pas le cas, le disque est peut-Ãªtre endommagÃ©. SÂil sÂagit dÂun disque dur, contactez votre administrateur ou le distributeur de votre ordinateur pour obtenir une assistance supplÃ©mentaire.

DonnÃ©es supplÃ©mentaires
Valeur de lÂerreurÂ : C000000E
Type du disqueÂ : 3
------------

Nom de lÂapplication dÃ©faillante DriverUpdater.exe, version : 1.8.2.15, horodatage : 0x5a214010
Nom du module dÃ©faillant : rtl160.bpl, version : 0.0.0.0, horodatage : 0x00000000
Code dÂexception : 0xc0000006
DÃ©calage dÂerreur : 0x00042b88
ID du processus dÃ©faillant : 0x994
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d371116d490430
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Program Files (x86)\TweakBit\Driver Updater\rtl160.bpl
ID de rapport : 2c4634f9-c24d-48c7-8445-e557b6134c60
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------


----------( EOF)---------- - 8240 | 11:31:44