--------------- QuickDiag | g3n-h@ckm@n | V4_31.08.18.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 04/11/2018 13:15:15 Updated 31/08/2018 | 22:20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Jean-Marie (Administrator)] - [LFS_HYPER_UEFM] (S-1-5-21-324915258-2866797553-3726413251-1001) System: Microsoft Windows 8 - - (6.2.9200) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> () System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 8|C:\Windows|\Device\Harddisk0\Partition4 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Extended ---------- | SoundDevice HD Webcam C310 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_081B&MI_02\8&4D0A220&1&0002 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001 WsAudio_Device - Status: OK - Manufacturer: WsAudio_Device - PNPDeviceID: ROOT\MEDIA\0000 DFX Audio Enhancer - Status: OK - Manufacturer: DFX - PNPDeviceID: ROOT\MEDIA\0001 ---------- | Video AMD Radeon HD 7310 Graphics - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184 Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6268 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26112 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15360 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15360 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\xvidvfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 251392 - Manufacturer: - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175616 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 79872 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 - Manufacturer: Logitech Inc. - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:23 % CPU #2 value:11 % Total Overall CPU Usage value:17 % ---------- | Network Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:17 bytes/sec, / RECEIVE Maximum:0 bytes/sec WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 RAS Async Adapter - - - Status: - PnPID : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2062&SUBSYS_2AE3103C&REV_C1\4&186C6B44&0&00A9 Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000 TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000 ---------- | Memory RAM = Total (MB) : 3748 | Free (MB) : 2150 Pagefile = Total (MB) : 5009 | Free (MB) : 2742 Virtual = Total (MB) : 4194 | Free (MB) : 3911 Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 0 - Manufacturer: Micron - PartNumber: 8JTF51264AZ-1G6E1 - S/N: DEA02E9 ---------- | SID Users Administrateur : [S-1-5-21-324915258-2866797553-3726413251-500] Invité : [S-1-5-21-324915258-2866797553-3726413251-501] Jean-Marie : [S-1-5-21-324915258-2866797553-3726413251-1001] postgres : [S-1-5-21-324915258-2866797553-3726413251-1004] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] WinRMRemoteWMIUsers__ : [S-1-5-21-324915258-2866797553-3726413251-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 916.53 Go | Free : 735.87 Go -> NTFS [SATA] D:\ -> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 0.99 Go -> NTFS [SATA] E:\ -> [Removable] | [future wdet] | Total : 59.5 Go | Free : 9.17 Go -> exFAT [USB] F:\ -> [CDROM] | [MY_DATA_101017] | Total : 0.36 Go | Free : 0 Go -> UDF [SATA] H:\ -> [Fixed] | [windows2go workspace] | Total : 57.6 Go | Free : 49.1 Go -> NTFS (SSD) [USB] I:\ -> [Removable] | [CUBUNTU] | Total : 7.2 Go | Free : 0.04 Go -> FAT32 [USB] J:\ -> [CDROM] | [HiSuite] | Total : 0 Go | Free : 0 Go -> CDFS [USB] K:\ -> [Removable] | [] | Total : 115.67 Go | Free : 115.67 Go -> FAT32 [USB] L:\ -> [Removable] | [] | Total : 119.48 Go | Free : 119.48 Go -> FAT32 [USB] M:\ -> [Removable] | [] | Total : 14.91 Go | Free : 14.91 Go -> FAT32 [USB] Z:\ -> [Fixed] | [Seagate Backup Plus Drive] | Total : 4657.4 Go | Free : 1668.61 Go -> NTFS [USB] Disk Usage Information [8 total Physical Disks] Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [Z:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [L:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #7 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - SCSI - External hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_SEAGATE&PROD_BUP_BL\000000 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERAL&PROD_USB_FLASH_DISK&REV_1.00\05077900000000F6&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00\20071114173400000&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SAMSUNG&PROD_FLASH_DRIVE_FIT&REV_1100\0363316010027335&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_WDC_WD10&PROD_EZEX-60ZF5A0\4&32E8E4A0&0&000000 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_ULTRA_FIT&REV_1.00\4C530001050902110312&0 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_TOSHIBA&PROD_TRANSMEMORY&REV_1.00\0022CFF6BDF8C080958BAE56&0 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DT_WORKSPACE&REV_KS15\0018F30C9FDC0I50E10C0026&0 ---------- | Windows updates - Activation - License W.A.T : :) Last detection : 2018-11-02 19:45:04 Downloaded last ones : 2018-10-25 14:33:03 Installed last ones : 2018-10-27 15:06:49 Next search : 2018-11-04 13:09:25 Windows 8.1 not installed !!! Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 10.0.9200.16442 (© Microsoft Corporation. Tous droits réservés.) FF : 62.0.3.6848 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 70.0.3538.77 (Copyright 2017 Google Inc.) ---------- | FlashPlayer FlashPlayer ActiveX : 20.0.0.272 FlashPlayer Plugin : 31.0.0.108 ---------- | Security AV : Advanced SystemCare Ultimate Disabled AS : Norton Internet Security Disabled FW : Norton Internet Security Disabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 324 | [Owner : Système | Parent : 4(System) | 0.08 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.2.9200.16384) = C:\Windows\System32\smss.exe [26/07/2012 06:26:45] CPU Usage:0 % 464 | [Owner : Système | Parent : 408() | 2.36 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.2.9200.16384) = C:\Windows\System32\csrss.exe [26/07/2012 06:26:45] CPU Usage:0 % 564 | [Owner : Système | Parent : 408() | 0.14 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.2.9200.16384) = C:\Windows\System32\wininit.exe [26/07/2012 01:03:20] CPU Usage:0 % 580 | [Owner : Système | Parent : 556() | 6.53 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.2.9200.16384) = C:\Windows\System32\csrss.exe [26/07/2012 06:26:45] CPU Usage:0 % 648 | [Owner : Système | Parent : 556() | 0.17 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.2.9200.17581) = C:\Windows\System32\winlogon.exe [05/09/2018 22:30:08] CPU Usage:0 % 664 | [Owner : Système | Parent : 564(wininit.exe) | 5.26 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.2.9200.17343) = C:\Windows\System32\services.exe [05/09/2018 22:08:33] CPU Usage:0 % 684 | [Owner : Système | Parent : 564(wininit.exe) | 7.9 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.2.9200.16864) = C:\Windows\System32\lsass.exe [05/09/2018 14:54:27] CPU Usage:0 % 784 | [Owner : Système | Parent : 664(services.exe) | 3.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 816 | [Owner : Système | Parent : 664(services.exe) | 0.6 Mo] - (.IObit - Advanced SystemCare Ultimate Service.) - (11.0.0.8593) = C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe [03/11/2018 12:59:14] CPU Usage:0 % 928 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 3.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1004 | [Owner : Système | Parent : 664(services.exe) | 0.42 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1126) = C:\Windows\System32\atiesrxx.exe [29/08/2012 09:10:20] CPU Usage:0 % 340 | [Owner : DWM-1 | Parent : 648(winlogon.exe) | 16.03 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.2.9200.16420) = C:\Windows\System32\dwm.exe [05/03/2013 09:02:00] CPU Usage:0 % 736 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1100 | [Owner : Système | Parent : 664(services.exe) | 29.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1168 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 8.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1224 | [Owner : Système | Parent : 1004(atiesrxx.exe) | 0.47 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe [29/08/2012 09:10:15] CPU Usage:0 % 1276 | [Owner : Système | Parent : 664(services.exe) | 62.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1412 | [Owner : SERVICE RÉSEAU | Parent : 664(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1520 | [Owner : Système | Parent : 664(services.exe) | 40.85 Mo] - (.AVG Technologies CZ, s.r.o. - AVG Service.) - (18.7.4041.0) = C:\Program Files\AVG\Antivirus\AVGSvc.exe [03/11/2018 10:17:39] CPU Usage:0 % 1712 | [Owner : Système | Parent : 664(services.exe) | 2.94 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) = C:\Windows\System32\spoolsv.exe [26/07/2012 00:27:46] CPU Usage:0 % 1768 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 1920 | [Owner : Système | Parent : 664(services.exe) | 0.53 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.29.8644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [13/08/2018 23:27:08] CPU Usage:0 % 1964 | [Owner : Système | Parent : 664(services.exe) | 0.55 Mo] - (.Adobe Inc. - Adobe Update Service.) - (4.7.0.400) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [13/09/2018 01:56:58] CPU Usage:0 % 1992 | [Owner : Système | Parent : 664(services.exe) | 0.94 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (6.0.0.87) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [10/09/2018 11:21:58] CPU Usage:0 % 2024 | [Owner : Système | Parent : 664(services.exe) | 0.57 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (6.0.0.87) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [10/09/2018 11:22:00] CPU Usage:0 % 284 | [Owner : Système | Parent : 664(services.exe) | 1.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 2068 | [Owner : Système | Parent : 664(services.exe) | 0.48 Mo] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe [31/10/2018 12:42:52] CPU Usage:0 % 2208 | [Owner : Système | Parent : 664(services.exe) | 0.5 Mo] - (.Comodo - Comodo Dragon.) - (1.0.0.1) = C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [17/10/2018 12:13:16] CPU Usage:0 % 2216 | [Owner : SERVICE LOCAL | Parent : 1276(svchost.exe) | 4.92 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\dasHost.exe [26/07/2012 03:06:14] CPU Usage:0 % 2256 | [Owner : Système | Parent : 664(services.exe) | 0.36 Mo] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe [28/10/2018 12:30:34] CPU Usage:0 % 2304 | [Owner : Système | Parent : 664(services.exe) | 19.92 Mo] - (.AnchorFree Inc. - Hss.Service.Application.) - (7.13.0.11069) = C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [24/09/2018 12:17:28] CPU Usage:4 % 2408 | [Owner : Système | Parent : 664(services.exe) | 1.09 Mo] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) - (1.1.2.0) = C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [22/09/2014 11:37:34] CPU Usage:0 % 2508 | [Owner : Système | Parent : 664(services.exe) | 0.51 Mo] - (.arvato digital services llc - PsiService PsiService.) - (3.3.0.21) = C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [30/04/2014 15:00:36] CPU Usage:0 % 2540 | [Owner : Système | Parent : 664(services.exe) | 0.37 Mo] - (.arvato digital services llc - PsiService PsiService.) - (3.3.0.24) = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [30/04/2014 15:33:52] CPU Usage:0 % 2616 | [Owner : Système | Parent : 664(services.exe) | 2.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 2660 | [Owner : Système | Parent : 664(services.exe) | 1.82 Mo] - (.- WinZip Compression Smart Monitor Service.) - (2.5.1.6) = C:\Program Files\WinZip\WinZip Smart Monitor\WinZip Compression Smart Monitor Service.exe [01/09/2017 12:15:36] CPU Usage:0 % 2824 | [Owner : Système | Parent : 664(services.exe) | 10.92 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9200.16579) = C:\Windows\System32\SearchIndexer.exe [05/09/2018 08:26:58] CPU Usage:0 % 2980 | [Owner : Système | Parent : 664(services.exe) | 10.95 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.704) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [09/10/2018 01:27:06] CPU Usage:0 % 3836 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 4164 | [Owner : SERVICE LOCAL | Parent : 664(services.exe) | 1.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe [05/03/2013 09:01:53] CPU Usage:0 % 4864 | [Owner : Jean-Marie | Parent : 664(services.exe) | 5.89 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16547) = C:\Windows\System32\taskhostex.exe [05/09/2018 08:20:07] CPU Usage:0 % 4880 | [Owner : Jean-Marie | Parent : 664(services.exe) | 3.44 Mo] - (.Bitsum LLC - Process Lasso process management engine.) - (9.0.0.502) = C:\Program Files\Process Lasso\ProcessGovernor.exe [18/08/2018 22:16:18] CPU Usage:0 % 4888 | [Owner : Jean-Marie | Parent : 664(services.exe) | 6.72 Mo] - (.Bitsum LLC - Process Lasso User Interface.) - (9.0.0.502) = C:\Program Files\Process Lasso\ProcessLasso.exe [18/08/2018 22:16:12] CPU Usage:0 % 4900 | [Owner : Jean-Marie | Parent : 664(services.exe) | 11.8 Mo] - (.IObit - Performance Monitor.) - (11.1.5.1436) = C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [03/11/2018 12:59:18] CPU Usage:0 % 4924 | [Owner : Jean-Marie | Parent : 664(services.exe) | 4.98 Mo] - (.- Advance PC-Care.) - (1.0.0.60) = C:\Program Files\Advance PC-Care\adpc.exe [03/11/2018 10:11:44] CPU Usage:0 % 4468 | [Owner : Jean-Marie | Parent : 3396() | 25.42 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16628) = C:\Windows\explorer.exe [06/09/2018 00:20:25] CPU Usage:0 % 5092 | [Owner : Jean-Marie | Parent : 2408(mepService.exe) | 6.47 Mo] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) - (1.1.2.2) = C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe [10/08/2015 16:05:30] CPU Usage:0 % 1848 | [Owner : Jean-Marie | Parent : 2980(MBAMService.exe) | 7.29 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.1.0.1644) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [13/09/2018 18:46:35] CPU Usage:0 % 5548 | [Owner : Système | Parent : 4856() | 0.49 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe [08/09/2018 08:39:38] CPU Usage:0 % 6036 | [Owner : Système | Parent : 4856() | 0.33 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.17) = C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe [08/09/2018 08:39:44] CPU Usage:0 % 5800 | [Owner : Système | Parent : 784(svchost.exe) | 1.16 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) = C:\Windows\System32\wbem\unsecapp.exe [26/07/2012 00:57:39] CPU Usage:0 % 6088 | [Owner : Jean-Marie | Parent : 2660(WinZip Compression Smart Monitor Service.exe) | 1.67 Mo] - (.Corel Corporation - WinZip Compression Smart Monitor.) - (2.5.1.6) = C:\Program Files\WinZip\WinZip Smart Monitor\WinZipCompressionSmartMonitor.exe [01/09/2017 12:15:36] CPU Usage:0 % 4152 | [Owner : SERVICE LOCAL | Parent : 1276(svchost.exe) | 1.26 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe [26/07/2012 02:00:55] CPU Usage:0 % 5444 | [Owner : Jean-Marie | Parent : 5092(mep.exe) | 1.68 Mo] - (.Microsoft Corporation - Print driver host for applications.) - (6.2.9200.16384) = C:\Windows\splwow64.exe [26/07/2012 02:27:54] CPU Usage:0 % 344 | [Owner : Jean-Marie | Parent : 380() | 3.31 Mo] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.2.1.709) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [19/01/2018 12:15:02] CPU Usage:0 % 4176 | [Owner : Système | Parent : 664(services.exe) | 2.33 Mo] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.2.1.709) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe [19/01/2018 12:14:06] CPU Usage:0 % 3776 | [Owner : Système | Parent : 664(services.exe) | 12.02 Mo] - (.IObit - Advanced SystemCare Ultimate 11 Service.) - (11.1.3.93) = C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe [03/11/2018 12:59:14] CPU Usage:0 % 5836 | [Owner : Système | Parent : 664(services.exe) | 2.31 Mo] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.33.2) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [15/08/2012 14:29:52] CPU Usage:0 % 116 | [Owner : Système | Parent : 664(services.exe) | 1.4 Mo] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.14321) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe [10/10/2018 13:32:07] CPU Usage:0 % 6728 | [Owner : Jean-Marie | Parent : 5268() | 45.5 Mo] - (.AVG Technologies CZ, s.r.o. - AVG Antivirus.) - (18.7.4041.0) = C:\Program Files\AVG\Antivirus\AVGUI.exe [04/11/2018 12:36:07] CPU Usage:0 % 6364 | [Owner : Système | Parent : 2304(cmw_srv.exe) | 5.17 Mo] - (.AnchorFree Inc. - Hotspot Shield 7.13.0.) - (7.13.0.11069) = C:\Program Files (x86)\Hotspot Shield\bin\x64\hydra.exe [24/09/2018 12:17:34] CPU Usage:0 % 6100 | [Owner : Système | Parent : 6364(hydra.exe) | 0.52 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16579) = C:\Windows\System32\conhost.exe [05/09/2018 08:26:51] CPU Usage:0 % 6520 | [Owner : Jean-Marie | Parent : 4468(explorer.exe) | 123.91 Mo] - (.Microsoft Corporation - Gestionnaire des tâches.) - (6.2.9200.16465) = C:\Windows\System32\Taskmgr.exe [06/09/2018 05:46:03] CPU Usage:0 % 6744 | [Owner : Jean-Marie | Parent : 6672() | 33.16 Mo] - (.Microsoft Corporation - Internet Explorer.) - (10.0.9200.16442) = C:\Program Files\Internet Explorer\iexplore.exe [06/09/2018 05:50:59] CPU Usage:0 % 4720 | [Owner : Jean-Marie | Parent : 6744(iexplore.exe) | 42.9 Mo] - (.Microsoft Corporation - Internet Explorer.) - (10.0.9200.16442) = C:\Program Files (x86)\Internet Explorer\iexplore.exe [06/09/2018 05:50:59] CPU Usage:0 % 4332 | [Owner : Jean-Marie | Parent : 7060() | 0.47 Mo] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) - (10.0.9200.16384) = C:\Program Files (x86)\Internet Explorer\ielowutil.exe [26/07/2012 01:43:15] CPU Usage:0 % 6808 | [Owner : Jean-Marie | Parent : 400() | 178.46 Mo] - (.Mozilla Corporation - Firefox.) - (62.0.3.6848) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [04/11/2018 12:47:22] CPU Usage:0 % 1564 | [Owner : Jean-Marie | Parent : 6808(firefox.exe) | 87.67 Mo] - (.Mozilla Corporation - Firefox.) - (62.0.3.6848) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [04/11/2018 12:47:22] CPU Usage:0 % 6544 | [Owner : Jean-Marie | Parent : 6808(firefox.exe) | 40.17 Mo] - (.Mozilla Corporation - Firefox.) - (62.0.3.6848) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [04/11/2018 12:47:22] CPU Usage:0 % 7000 | [Owner : Jean-Marie | Parent : 6808(firefox.exe) | 29.99 Mo] - (.Mozilla Corporation - Firefox.) - (62.0.3.6848) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [04/11/2018 12:47:22] CPU Usage:0 % 7132 | [Owner : Jean-Marie | Parent : 6520(Taskmgr.exe) | 43.14 Mo] - (.SosVirus - QuickDiag.) - (31.8.18.1) = Z:\LFS Hyper 1à2 & UEFM\quickdiag_V4_31.08.18.1 (1).exe [04/11/2018 12:22:44] CPU Usage:0 % 4088 | [Owner : SERVICE RÉSEAU | Parent : 784(svchost.exe) | 8.35 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe [26/07/2012 03:36:07] CPU Usage:0 % 76 | [Owner : Système | Parent : 784(svchost.exe) | 6.1 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe [26/07/2012 03:36:07] CPU Usage:0 % 6948 | [Owner : SERVICE RÉSEAU | Parent : 784(svchost.exe) | 6.89 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16518) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [05/09/2018 15:55:09] CPU Usage:0 % ---------- | Locked Applications ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (.Zemana Ltd..-.Zemana AntiLogger Free.) - (1.8.2.328) -- C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL (.IObit.-.Homepage Protection Notify.) - (11.0.1.20) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\HPProtectNotify64.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1140) -- C:\Windows\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6268) -- C:\Windows\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.451) -- C:\Windows\SYSTEM32\atidxx64.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (.Zemana Ltd..-.Zemana AntiLogger Free.) - (1.8.2.328) -- C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (.Zemana Ltd..-.Zemana AntiLogger Free.) - (1.8.2.328) -- C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL (.IObit.-.Homepage Protection Notify.) - (11.0.1.20) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\HPProtectNotify64.dll ---------- | ZeroAccess Check Zaccess : C:\Users\Jean-Marie\AppData\Local\CyberLink [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Baidu PC Faster Uninstall 4.0.0.0 - (Baidu PC Faster Uninstall 4.0.0.0.lnk [Startup]) - User: LFS_HYPER_UEFM\Jean-Marie Baidu PC Faster Uninstall HK 4.0.0.0 - (Baidu PC Faster Uninstall HK 4.0.0.0.lnk [Startup]) - User: LFS_HYPER_UEFM\Jean-Marie Continue repair 2018-09-25 08.59.58.273 - (Continue repair 2018-09-25 08.59.58.273.lnk [Startup]) - User: LFS_HYPER_UEFM\Jean-Marie SpybotSD TeaTimer - (C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie EPLTarget\P0000000000000000 - (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie WallpaperHd - ("C:\Users\Jean-Marie\AppData\Local\WallpaperHd\WallpaperHd.exe" /regrun [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie Chromium - ("c:\users\jean-marie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie GoogleChromeAutoLaunch_E9AFBAF478AF4722057287C56E730AF4 - ("C:\Users\Jean-Marie\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie Advanced SystemCare Ultimate - ("C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /Auto [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\...\Run]) - User: LFS_HYPER_UEFM\Jean-Marie AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public WinZip UN - (C:\Program Files\WinZip\WZUpdateNotifier.exe [HKLM\SOFTWARE\...\Run]) - User: Public WinZip PreLoader - (C:\Program Files\WinZip\WzPreloader.exe [HKLM\SOFTWARE\...\Run]) - User: Public AVGUI.exe - ("C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Command Processor] "PathCompletionChar"=9 "EnableExtensions"=1 "CompletionChar"=9 "DefaultColor"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=PDF24 PDF,winspool,Ne00: "UserSelectedDefault"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Command Processor] "PathCompletionChar"=9 "EnableExtensions"=1 "CompletionChar"=9 "DefaultColor"=0 "DelayedExpansion"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe "EPLTarget\P0000000000000000"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILPE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-710 Series" "WallpaperHd"="C:\Users\Jean-Marie\AppData\Local\WallpaperHd\WallpaperHd.exe" /regrun "Chromium"="c:\users\jean-marie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session "GoogleChromeAutoLaunch_E9AFBAF478AF4722057287C56E730AF4"="C:\Users\Jean-Marie\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5 "Advanced SystemCare Ultimate"="C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe" /Auto [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "U"=0x020000000000000000000000 "KillCopy"=0x020000000000000000000000 "Adlice CDE"=0x020000000000000000000000 ""=0x020000000000000000000000 "EPLTarget\P0000000000000000"=0x020000000000000000000000 "KeepVidMusicService"=0x020000000000000000000000 "AshSnap"=0x020000000000000000000000 "WallpaperHd"=0x020000000000000000000000 "SpybotSD TeaTimer"=0x020000000000000000000000 "Chromium"=0x020000000000000000000000 "GoogleChromeAutoLaunch_E9AFBAF478AF4722057287C56E730AF4"=0x020000000000000000000000 "Advanced SystemCare Ultimate"=0x020000000000000000000000 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"="Q:\Autres LFS Hyper & UEFM\usbfix-9-053.exe"\1 "MRUList"=wvnfqutsprhgomlkjiecdba "b"="Q:\Autres LFS Hyper & UEFM\UsbFix_10.021.exe"\1 "c"="Q:\Autres LFS Hyper & UEFM\PortableApps.com_Platform_Setup_15.0.2.paf.exe"\1 "d"=C:\Users\Jean-Marie\Downloads\pre-scan_7_16.10.17.1.exe\1 "e"="Q:\Autres LFS Hyper & UEFM\SDI_R1806\SDI_x64_R1806.exe"\1 "f"=iexplore\1 "g"=msconfig\1 "h"=notepad\1 "i"="C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1 (2).exe"\1 "j"="C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1.exe"\1 "k"=C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1.exe\1 "l"=C:\Users\Jean-Marie\Desktop\ZHPDiag.lnk\1 "m"=opera\1 "o"="C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe"\1 "p"="C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe"\1 "q"=C:\Users\Jean-Marie\Desktop\adsfix_V5_04.09.18.1.exe\1 "r"=C:\Users\Jean-Marie\Downloads\processclose_2_08.01.17.1.exe\1 "s"=explorer\1 "t"=cmd\1 "u"=diskmgmt.msc\1 "n"="C:\Program Files\Firefox Nightly\firefox.exe"\1 "v"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"\1 "w"="Z:\LFS Hyper 1à2 & UEFM\quickdiag_V4_31.08.18.1 (1).exe"\1 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "UserSelectedDefault"=1 "Device"=EPSON XP-710 Series,winspool,Ne04: [HKLM\Software\Microsoft\Command Processor] "PathCompletionChar"=64 "EnableExtensions"=1 "CompletionChar"=64 "DefaultColor"=0 "DelayedExpansion"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "WinZip UN"=C:\Program Files\WinZip\WZUpdateNotifier.exe "WinZip PreLoader"=C:\Program Files\WinZip\WzPreloader.exe [02/11/2017 22:00:00] "AVGUI.exe"="C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "AvastUI.exe"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 "WinZip UN"=0x020000000000000000000000 "WinZip PreLoader"=0x020000000000000000000000 "AVGUI.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "StartCCC"=0x040000000000000000000000 "CLMLServer_For_P2G8"=0x040000000000000000000000 "CLVirtualDrive"=0x040000000000000000000000 "Wondershare Helper Compact.exe"=0x020000000000000000000000 "Aimersoft Helper Compact.exe"=0x020000000000000000000000 "JetStart"=0x020000000000000000000000 "KeePass 2 PreLoad"=0x020000000000000000000000 "SDTray"=0x020000000000000000000000 "Adobe Creative Cloud"=0x020000000000000000000000 "Dropbox"=0x020000000000000000000000 "EEventManager"=0x020000000000000000000000 "YouCam Service8"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "Spooler"=yes "DeviceNotSelectedTimeout"=15 "TransmissionRetryTimeout"=90 "ShutdownWarningDialogTimeout"=4294967295 "USERProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "DesktopHeapLogging"=1 "DdeSendTimeout"=0 "USERPostMessageLimit"=10000 "USERNestedWindowLimit"=50 "NaturalInputHandler"=Ninput.dll "ThreadUnresponsiveLogTimeout"=500 "GDIProcessHandleQuota"=10000 "RequireSignedAppInit_DLLs"=0 "AppInit_DLLs"=C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [04/10/2018 13:26:02] "LoadAppInit_DLLs"=1 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "PathCompletionChar"=64 "EnableExtensions"=1 "CompletionChar"=64 "DefaultColor"=0 "DelayedExpansion"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup "EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" "YouCam Service8"="C:\Program Files (x86)\CyberLink\YouCam8\YouCamService8.exe" /s [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "Spooler"=yes "DeviceNotSelectedTimeout"=15 "TransmissionRetryTimeout"=90 "ShutdownWarningDialogTimeout"=4294967295 "USERProcessHandleQuota"=10000 "LoadAppInit_DLLs"=1 "IconServiceLib"=IconCodecService.dll "DesktopHeapLogging"=1 "DdeSendTimeout"=0 "USERPostMessageLimit"=10000 "USERNestedWindowLimit"=50 "NaturalInputHandler"=Ninput.dll "ThreadUnresponsiveLogTimeout"=500 "GDIProcessHandleQuota"=10000 "AppInit_DLLs"=C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [04/10/2018 13:26:02] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Wininit.ini : [rename] c:\tempjunk7227.tmp=C:\ProgramData\Systweak\Advanced System Protector\log.xslt nul=c:\tempjunk3820.tmp c:\tempjunk856.tmp=C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db c:\tempjunk9551.tmp=C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System Protector\Settings.db c:\tempjunk3820.tmp=C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System Protector\Update.ini ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task AdobeGCInvoker-1.0-MicrosoftAccount-jean-marie.carribon@wanadoo.fr Advance PC-Care_Logon Antivirus Emergency Update ASCU11_PerformanceMonitor ASCU11_SkipUac_Jean-Marie Avast Emergency Update CCAVPostInstall CorelUpdateHelperTaskCore DropboxUpdateTaskMachineCore DropboxUpdateTaskMachineUA EPSON XP-710 Series Invitation {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} EPSON XP-710 Series Update {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} Goodgame Empire1 Goodgame Empire2 GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA Norton WSC Integration Opera scheduled Autoupdate 1536011848 Optimize Start Menu Cache Files-S-1-5-21-324915258-2866797553-3726413251-1001 Process Lasso Core Engine Only Process Lasso Management Console (GUI) User_Feed_Synchronization-{894F9756-3BDE-4E8A-AC50-A7CC1E86F4AD} ---------- | Startings up registry ? Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=wuauserv gpsvc trustedinstaller "BootDriverFlags"=28 "CurrentUser"=USERNAME "WaitToKillServiceTimeout"=200 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(5)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(5)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=36 "ServicesPipeTimeout"=60000 [HKLM\System\CurrentControlSet\Control\lsa] "Bounds"=0x0030000000200000 "auditbasedirectories"=0 "fullprivilegeauditing"=0x00 "crashonauditfail"=0 "auditbaseobjects"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u livessp "Authentication Packages"=msv1_0 "LsaPid"=684 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "enabledcom"=y [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "GlobalFlag"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapDeCommitFreeBlockThreshold"=0 "ResourceTimeoutCount"=648000 "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "CriticalSectionTimeout"=2592000 "ProcessorControl"=2 "HeapSegmentReserve"=0 "ExcludeFromKnownDlls"= "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "NumberOfInitialSessions"=2 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "AutoChkTimeout"=5 "PendingFileRenameOperations"=\??\C:\Program Files\AVG\Antivirus\asw 50471a65833d7d5.tmp !\??\C:\Program Files\AVG\Antivirus\SecurityProductInformation.ini \??\C:\Windows\system32\drivers\asw 48f7cdf22458e80.tmp \??\C:\Windows\system32\drivers\asw42201c13d240c199.tmp \??\C:\Windows\system32\drivers\asw4cd23b6be8c02440.tmp \??\C:\Windows\system32\drivers\asw45be055686bca11b.tmp \??\C:\Windows\system32\drivers\aswd40fe084d5a679a8.tmp \??\C:\Windows\system32\drivers\aswa63611fb7774304d.tmp \??\C:\Windows\system32\drivers\aswf459de99217e938b.tmp \??\C:\Windows\system32\drivers\aswd19cd08bc56bb5b8.tmp \??\C:\Windows\system32\drivers\asw12b44cd370f61f46.tmp \??\C:\Windows\system32\drivers\asw89df356a29fdc7c6.tmp \??\C:\Windows\system32\drivers\asw5599c699d365287b.tmp \??\C:\Windows\system32\drivers\aswdb2b58bacd948b2a.tmp \??\C:\Windows\system32\drivers\asw98051779f9369736.tmp \??\C:\Windows\system32\drivers\asw9143c99b5dc5a0bb.tmp \??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted\moza2a94cb8-313b-446a-a5ad-cb42a8fc0fa4 \??\C:\Program Files (x86)\Mozilla Firefox\tobedeleted \??\C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [HKLM\System\CurrentControlSet\Control\Terminal Server] "StartRCM"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "TSUserEnabled"=0 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "DelayConMgrTimeout"=0 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "AllowRemoteRPC"=0 "ProductVersion"=5.1 "fDenyTSConnections"=1 "InstanceID"=80b6c707-f43d-403d-a3b2-ff6c291 "GlassSessionId"=1 "fCredentialLessLogonSupported"=1 ---------- | .LNK with Arguments c:\hp\hpqware\dtshortcuts\ca-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\da_dk\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de-de\aut\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de-de\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de-de\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de-de\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de_at\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de_ch\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\de_de\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\aus\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\hkg\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\mys\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\phl\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\sgp\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en-us\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_au\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_gb\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_ie\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_in\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_nz\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_sg\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\en_us\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\es-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\es-es\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\es_es\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\eu-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr-fr\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr-fr\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr-fr\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr-fr\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr_be\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr_ch\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\fr_fr\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\gl-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\hi-in\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\it-it\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\it-it\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\it_ch\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\it_it\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\ja_jp\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\nb_no\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\nl-nl\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\nl-nl\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\nl_be\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\nl_nl\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\pt_pt\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\sv_se\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\zh-hk\hkg\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\dtshortcuts\zh_cn\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\ca-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\da_dk\music, photos and videos\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de-de\aut\shopping and services\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de-de\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de-de\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de-de\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de_at\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de_ch\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\de_de\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\aus\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\hkg\shopping and services\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=EN_IE&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\mys\shopping and services\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\phl\shopping and services\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\sgp\shopping and services\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en-us\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_au\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_gb\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_ie\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_in\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_nz\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_sg\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\en_us\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\es-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\es-es\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\es_es\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\eu-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr-fr\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr-fr\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr-fr\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr-fr\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr_be\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr_ch\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\fr_fr\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\gl-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\hi-in\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\it-it\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\it-it\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\it_ch\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\it_it\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\ja_jp\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\nb_no\music, photos and videos\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\nl-nl\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\nl-nl\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\nl_be\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\nl_nl\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\pt_pt\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\sv_se\music, photos and videos\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\zh-hk\hkg\shopping and services\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK c:\hp\hpqware\startmenulink\zh_cn\music, photos and videos\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK c:\programdata\microsoft\windows\start menu\programs\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK c:\programdata\microsoft\windows\start menu\programs\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK c:\users\jean-marie\appdata\roaming\microsoft\windows\start menu\programs\goodgame big farm\goodgame big farm.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxps://bigfarm.goodgamestudios.com/?w=376971) - Hidden: False - Status: OK c:\users\jean-marie\appdata\roaming\microsoft\windows\start menu\programs\goodgame empire\goodgame empire.lnk - Encrypted: False - Target: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - Args: ( --app=hxxps://empire.goodgamestudios.com/?w=376971 --app-window-size=1280,1024) - Hidden: False - Status: OK c:\users\jean-marie\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK c:\users\jean-marie\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Control Panel\Desktop] "DragHeight"=4 "CoolSwitchColumns"=7 "ActiveWndTrackTimeout"=0 "MouseCornerClipLength"=6 "DragWidth"=4 "WallpaperStyle"=10 "ScreenSaveActive"=1 "TileWallpaper"=0 "WheelScrollLines"=3 "Pattern"=0 "FontSmoothingType"=2 "WindowArrangementActive"=1 "BlockSendInputResets"=0 "MenuShowDelay"=400 "ClickLockTime"=1200 "CaretWidth"=1 "FocusBorderWidth"=1 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "DragFullWindows"=1 "CoolSwitchRows"=3 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "ForegroundLockTimeout"=200000 "FontSmoothingGamma"=0 "DragFromMaximize"=1 "FontSmoothing"=2 "FocusBorderHeight"=1 "WheelScrollChars"=3 "DockMoving"=1 "SnapSizing"=1 "CursorBlinkRate"=530 "RightOverlapChars"=3 "FontSmoothingOrientation"=1 "PaintDesktopVersion"=0 "ScreenSaverIsSecure"=1 [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Control Panel\Desktop] "DragHeight"=4 "CoolSwitchColumns"=7 "ActiveWndTrackTimeout"=0 "MouseCornerClipLength"=6 "DragWidth"=4 "WallpaperStyle"=10 "ScreenSaveActive"=1 "TileWallpaper"=0 "WheelScrollLines"=3 "FontSmoothingType"=2 "WindowArrangementActive"=1 "BlockSendInputResets"=0 "ClickLockTime"=1200 "CaretWidth"=1 "FocusBorderWidth"=1 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "DragFullWindows"=1 "CoolSwitchRows"=3 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "FontSmoothingGamma"=0 "DragFromMaximize"=1 "FontSmoothing"=2 "FocusBorderHeight"=1 "WheelScrollChars"=3 "DockMoving"=1 "SnapSizing"=1 "CursorBlinkRate"=530 "RightOverlapChars"=3 "FontSmoothingOrientation"=1 "PaintDesktopVersion"=0 "ScreenSaverIsSecure"=1 "UserPreferencesMask"=0xDF1E078012000000 "ActiveWndTrkTimeout"=0 "AutoColorization"=1 "Wallpaper"=Z:\LFS Hyper 1à2 & UEFM\attente de 1ères images bing avec zone drapeaux matthew ozcan.png [01/03/2018 19:50:42] "MaxVirtualDesktopDimension"=1280 "MaxMonitorDimension"=1280 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301005C96000000030000660200004CD8D664CF0AD4015A003A005C004C004600530020004800790070006500720020003100E00032002000260020005500450046004D005C0061007400740065006E007400650020006400650020003100E800720065007300200069006D0061006700650073002000620069006E0067002000610076006500630020007A006F006E00650020006400720061007000650061007500780020006D0061007400740068006500770020006F007A00630061006E002E0070006E00670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ImageColor"=2940581607 "PreferredUILanguages"=fr-FR "ForegroundLockTimeout"=150000 "MenuShowDelay"=0 "AutoEndTasks"=1 "HungAppTimeout"=200 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=0 "TaskbarNoResize"=1 "ConfirmFileDelete"=1 "NoSimpleNetIDList"=1 "NolowDiskSpaceChecks"=1 "NoDriveTypeAutoRun"=221 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003328010000000000000000000000000001000000130000000000000063000000 "SIDUpdatedOnLibraries"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "Browse For Folder Width"=624 "Browse For Folder Height"=473 "GlobalAssocChangedCounter"=86 "link"=0x00000000 "DesktopProcess"=1 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=1 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewShadow"=1 "StartMenuInit"=5 "HideDrivesWithNoMedia"=0 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "TaskbarGlomLevel"=0 "ReindexedProfile"=1 "PersistBrowsers"=0 "EncryptionContextMenu"=1 "FolderContentsInfoTip"=1 "Start_TrackProgs"=1 "TaskbarSmallIcons"=0 "nonetcrawling"=1 "ListviewAlphaSelect"=0 "TaskbarAnimations"=0 "AlwaysShowMenus"=1 "ExtendedUIHoverTime"=0 "DesktopLivePreviewHoverTime"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x020000000100000000000000FFFFFFFF "0"=0x7400630068006F0069006E000000 "1"=0x6E006F00E9006D0069006500200077006100710075006900650072000000 "2"=0x760065007300740069006700650073000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableVirtualization"=1 "EnableInstallerDetection"=1 "PromptOnSecureDesktop"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "ConsentPromptBehaviorAdmin"=5 "ValidateAdminCodeSignatures"=0 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableSecureUIAPath"=1 "SoftwareSASGeneration"=1 "DisableRegistryTools"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=0 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=189 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HKeyRoot"=2147483649 "DefaultValue"=2 "ValueName"=Hidden "Text"=@shell32.dll,-30500 "Type"=radio "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=44 "ShowDriveLettersFirst"=4 "MultipleInvokePromptMinimum"=10000 "Max Cached Icons"=2000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "EnableVirtualization"=1 "EnableInstallerDetection"=1 "PromptOnSecureDesktop"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "ConsentPromptBehaviorAdmin"=5 "ValidateAdminCodeSignatures"=0 "EnableUIADesktopToggle"=0 "EnableCursorSuppression"=1 "ConsentPromptBehaviorUser"=3 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableSecureUIAPath"=1 "SoftwareSASGeneration"=1 "DisableRegistryTools"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"=0 "NoRecentDocsHistory"=0 "NoDriveTypeAutoRun"=189 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HKeyRoot"=2147483649 "DefaultValue"=2 "ValueName"=Hidden "Text"=@shell32.dll,-30500 "Type"=radio "HelpID"=shell.hlp#51105 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "GlobalAssocChangedCounter"=181 "Max Cached Icons"=2000 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ---------- | Winlogon [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=9200 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=9200 "FirstLogon"=0 "ParseAutoexec"=1 "AutoRestartShell"=0 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"=C:\Windows\system32\userinit.exe, "LegalNoticeText"= "Shell"=Explorer.exe "LegalNoticeCaption"= "DebugServerCommand"=no "ForceUnlockLogon"=0 "ReportBootOk"=1 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "Background"=0 0 0 "PasswordExpiryWarning"=5 "CachedLogonsCount"=10 "WinStationsDisabled"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "scremoveoption"=0 "DisableCAD"=1 "ShutdownFlags"=2147483687 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-324915258-2866797553-3726413251-1001 "LastUsedUsername"=Jean-Marie "AutoAdminLogon"=1 "DefaultUserName"=Jean-Marie "LegalNotice Text"= "SFCDisable"=0 "System"= "DefaultDomainName"=LFS_Hyper_UEFM [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"=C:\Windows\SYSWOW64\userinit.exe, "Shell"=explorer.exe "VMApplet"=SystemPropertiesPerformance.exe /pagefile "DefaultDomainName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "DefaultUserName"= "AutoRestartShell"=1 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=ComFile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\System32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "PerceivedType"=text "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=4259840 "BrowserFlags"=4096 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "NeverShowExt"= "EditFlags"=131072 "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForBrowse"=delta ""=Folder "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "ThumbnailCutoff"=0 "NoRecentDocs"= "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=ComFile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\System32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "PerceivedType"=text "Content Type"=application/hta [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=4259840 "BrowserFlags"=4096 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "NeverShowExt"= "EditFlags"=131072 "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 [HKLM\Software\WOW6432Node\Classes\Folder] "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForBrowse"=delta ""=Folder "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "ThumbnailCutoff"=0 "NoRecentDocs"= "TileInfo"=prop:System.Title;System.ItemTypeText [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\BaiduSpark\Shell\open\Command] ""= [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\BaiduSpark\InstallInfo] "ReinstallCommand"= [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Chromium.NVRKRG42C5N6USD6I7WZDS624Y\Shell\open\Command] ""="C:\Users\Jean-Marie\AppData\Local\Chromium\Application\chrome.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Chromium.NVRKRG42C5N6USD6I7WZDS624Y\InstallInfo] "ReinstallCommand"="C:\Users\Jean-Marie\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Firefox-6F193CCC56814779\Shell\open\Command] ""="C:\Program Files\Firefox Nightly\firefox.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Firefox-6F193CCC56814779\InstallInfo] "ReinstallCommand"="C:\Program Files\Firefox Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\K-MELEON.EXE\Shell\open\Command] ""="C:\Program Files (x86)\K-Meleon\k-meleon.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\K-MELEON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\K-Meleon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command] ""="C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo] "ReinstallCommand"="C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command] ""="C:\Program Files\Pale Moon\palemoon.exe" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\BaiduSpark.EXE\Shell\open\Command] ""="D:\Program files\Spark Browser\Spark.exe" [HKLM\Software\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo] "ReinstallCommand"="D:\Program files\Spark Browser\Spark.exe" --type=ToolUtilProcess --action=SetDefault [HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command] ""="C:\Program Files (x86)\Comodo\Dragon\dragon.exe" [HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-6F193CCC56814779\Shell\open\Command] ""="C:\Program Files\Firefox Nightly\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-6F193CCC56814779\InstallInfo] "ReinstallCommand"="C:\Program Files\Firefox Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\K-MELEON.EXE\Shell\open\Command] ""="C:\Program Files (x86)\K-Meleon\k-meleon.exe" [HKLM\Software\Clients\StartMenuInternet\K-MELEON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\K-Meleon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\NAVIGATOR.EXE\Shell\open\Command] ""=C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe [14/09/2018 10:51:14] [HKLM\Software\Clients\StartMenuInternet\NAVIGATOR.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Netscape\Navigator 9\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command] ""="C:\Program Files\Pale Moon\palemoon.exe" [HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\SEAMONKEY.EXE\Shell\open\Command] ""="C:\Program Files (x86)\SeaMonkey\seamonkey.exe" [HKLM\Software\Clients\StartMenuInternet\SEAMONKEY.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\BaiduSpark.EXE\Shell\open\Command] ""="D:\Program files\Spark Browser\Spark.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\BaiduSpark.EXE\InstallInfo] "ReinstallCommand"="D:\Program files\Spark Browser\Spark.exe" --type=ToolUtilProcess --action=SetDefault [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Dragon\Shell\open\Command] ""="C:\Program Files (x86)\Comodo\Dragon\dragon.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Dragon\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Comodo\Dragon\dragon.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-6F193CCC56814779\Shell\open\Command] ""="C:\Program Files\Firefox Nightly\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-6F193CCC56814779\InstallInfo] "ReinstallCommand"="C:\Program Files\Firefox Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\K-MELEON.EXE\Shell\open\Command] ""="C:\Program Files (x86)\K-Meleon\k-meleon.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\K-MELEON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\K-Meleon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\NAVIGATOR.EXE\Shell\open\Command] ""=C:\Program Files (x86)\Netscape\Navigator 9\navigator.exe [14/09/2018 10:51:14] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\NAVIGATOR.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Netscape\Navigator 9\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command] ""="C:\Program Files\Pale Moon\palemoon.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SEAMONKEY.EXE\Shell\open\Command] ""="C:\Program Files (x86)\SeaMonkey\seamonkey.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\SEAMONKEY.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\SeaMonkey\uninstall\helper.exe" /SetAsDefaultAppGlobal ---------- | AppcompatFlags [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\Jean-Marie\Desktop\ComboFix.exe"=1 "C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1.exe"=1 "C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1 (2).exe"=1 "C:\Users\JEAN-M~1\AppData\Local\Temp\HiSuiteDownLoader\Setup.exe"=1 "C:\Program Files\Process Lasso\ProcessLasso.exe"=1 "C:\Program Files\Process Lasso\ProcessGovernor.exe"=1 "C:\Users\JEAN-M~1\AppData\Local\Temp\format mobilemate & combofix\combofix_18.8.8.1.exe"=1 "C:\Users\JEAN-M~1\AppData\Local\Temp\0204mx_nitro_1.2.11.1903\combofix_18.8.8.1.exe"=1 "C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe"=32 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe"=0x534143500100000000000000070000002800000010CA0200B18E0300010000000000000000000106712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000C3E40600000000000100000001000000 "C:\Users\Jean-Marie\Downloads\pre-scan_7_16.10.17.1.exe"=0x5341435001000000000000000700000028000000A8AF2E007DB12E00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000021AC0C05000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\usbfix-9-053.exe"=0x5341435001000000000000000700000028000000A0593A0081893A00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "Q:\Autres LFS Hyper & UEFM\UsbFix_10.021.exe"=0x5341435001000000000000000700000028000000E8386C007ADB6C00010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001C2A0000000000000100000001000000 "C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe"=0x534143500100000000000000070000002800000000F000006C240100010000000000000000000006712200002EF6C8A3A56ACD010000000000000000 "Q:\Autres LFS Hyper & UEFM\PortableApps.com_Platform_Setup_15.0.2.paf.exe"=0x5341435001000000000000000700000028000000E8154E002F254E00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000054EE0000000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\SDI_R1806\SDI_x64_R1806.exe"=0x534143500100000000000000070000002800000000521A000000000001000000000000000000020600210000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000BE01CE04000000000100000001000000 "C:\Program Files (x86)\Avanquest\SystemSuite\SSuite.exe"=0x534143500100000000000000070000002800000018751000CF0D1100010000000000000000000006710200002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000051B2601000000000400000004000000 "Q:\Autres LFS Hyper & UEFM\SafeMSI\SafeMSI.exe"=0x534143500100000000000000070000002800000000900000E3BA0000010000000000000000000105710000002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000092BB0000000000000100000001000000 "C:\Program Files (x86)\PC App Store\5.0.1.8682\bdappdownloader.exe"=0x5341435001000000000000000700000028000000203606006F010700010000000000000000000206712000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000007E919801000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\SystemSuite_Professional_ENU_signed.exe"=0x53414350010000000000000007000000280000000857D4036B1ED503010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000050000000000000000000005000000000000000000000000000000000C656060000000000020000000200000000000000000000100000000000000000000000000000000052FB7B00000000000100000000000000 "C:\Users\Jean-Marie\Desktop\pre-scan_7_16.10.17.1.exe"=0x5341435001000000000000000700000028000000A8AF2E007DB12E00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000F5178800000000000200000002000000 "C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1 (2).exe"=0x53414350010000000000000007000000280000005E5F560026CA5600010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000043AA0100000000000100000001000000 "C:\Users\Jean-Marie\Desktop\combofix_18.8.8.1.exe"=0x53414350010000000000000007000000280000005E5F560026CA5600010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000BBDE1A00000000000200000002000000 "D:\Program files\Spark Browser\spark.exe"=0x534143500100000000000000070000002800000010000F0055720F00010000000000000000000206712200002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000005AFADC00000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\uefm mhx6 1er giveaway after lfsu_uefm_100%sf du 5_9_2018 en photodirector 8\SharewareOnSale_Giveaway_CyberLink_ColorDirector_5_hub.exe"=0x534143500100000000000000070000002800000000FC230083452400010000000000000000000206712200002EF6C8A3A56ACD010000000000000000 "Q:\Autres LFS Hyper & UEFM\uefm mhx6 1er giveaway after lfsu_uefm_100%sf du 5_9_2018 en photodirector 8\SharewareOnSale_Giveaway_CyberLink_AudioDirector_7_hub.exe"=0x5341435001000000000000000700000028000000E0632300155D2400010000000000000000000206712200002EF6C8A3A56ACD010000000000000000 "Q:\Autres LFS Hyper & UEFM\uefm mhx6 1er giveaway after lfsu_uefm_100%sf du 5_9_2018 en photodirector 8\SharewareOnSale_Giveaway_CyberLink_PhotoDirector_8_Deluxe_hub.exe"=0x5341435001000000000000000700000028000000D8C12300D8962400010000000000000000000206712200002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000008D425400000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\uefm mhx6 1er giveaway after lfsu_uefm_100%sf du 5_9_2018 en photodirector 8\SharewareOnSale_Giveaway_CyberLink_PowerDirector_15_hub.exe"=0x5341435001000000000000000700000028000000187D260045BA2600010000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000014294700000000000100000001000000 "C:\Program Files\CyberLink\PhotoDirector8\OLRSubmission\OLRSubmission.exe"=0x5341435001000000000000000700000028000000B8F40400FBF40400010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B5EB0200000000000100000001000000 "C:\Users\Jean-Marie\Downloads\keepvid-music_setup_full2323.exe"=0x5341435001000000000000000700000028000000C0AC100058F91000010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000000BA53501000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\directfolders.exe"=0x53414350010000000000000007000000280000006078390030943900010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000005A510000000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\temp\SoftwareUpdate_Temp\Data\Setup.exe"=0x5341435001000000000000000700000028000000F8C10500C74C0600010000000000000000000206002100002EF6C8A3A56ACD0100000080000000000200000028000000000000000000004000000000000000000000000000000000C3BD0400000000000100000001000000 "C:\Users\Jean-Marie\Desktop\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000DFF30100000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080433000051B3100010000000000000000000206002100002EF6C8A3A56ACD01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006B4C0000000000000100000001000000 "C:\Users\Jean-Marie\Desktop\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080433000051B3100010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000BE500100000000000100000001000000 "C:\Users\Jean-Marie\AppData\Roaming\ZHP\ZHPDiag3.exe"=0x5341435001000000000000000700000028000000804730003CD33000010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000050000000000000000000004000000000000000000000000000000000294A09000000000003000000020000000000000000000000000000000000000000000000000000003C140500000000000100000000000000 "Q:\Autres LFS Hyper & UEFM\transmission-2.94-x64.msi"=0x534143500100000000000000070000002800000000E60100BC93020001000000000000000000010500100000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B4A70000000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\jetstart.exe"=0x5341435001000000000000000700000028000000484D0E0056650E00010000000000000000000206412200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000025B0B101000000000100000001000000 "C:\Users\Jean-Marie\Downloads\ashampoo_snap_9_9.0.6_sm.exe"=0x5341435001000000000000000700000028000000C88F780389D27803010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000E5A0DF00000000000100000001000000 "Q:\Autres LFS Hyper & UEFM\CorelPainter2019.exe"=0x534143500100000000000000070000002800000080050F001A2B0F00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "SIGN.MEDIA=1D1304 HISUITEDOWNLOADER.EXE"=0x5341435001000000000000000700000028000000C8DA1D009C1D1E00010000000000000000000206712200002EF6C8A3A56ACD010000000000000000 "C:\Users\Jean-Marie\Downloads\HFS4WIN.msi"=0x534143500100000000000000070000002800000000E60100BC93020001000000000000000000010500100000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000FE460B00000000000100000001000000 "C:\Users\Jean-Marie\Desktop\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080F93100CD483200010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe"=0x5341435001000000000000000700000028000000A0837100729B7100010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000A062B619000000000500000005000000 "C:\Program Files (x86)\SysTools Google Apps Backup\Startup.exe"=0x5341435001000000000000000700000028000000B8DB05008EFA0500010000000000000000000206F3220000647CA60EA56ACD010000000000000000 "C:\Program Files (x86)\Moo0\RightClicker Pro 1.56\RightClicker.exe"=0x534143500100000000000000070000002800000000E230000000000001000000000000000000020673220000647CA60EA56ACD010000000000000000 "Q:\Autres LFS Hyper & UEFM\don pour maintenir & garder lfs ultra, uefm & 100% sécurisé finalisés\SystemSuite_Professional_ENU_signed.exe"=0x53414350010000000000000007000000280000000857D4036B1ED503010000000000000000000106000100002EF6C8A3A56ACD010000000000000000 "C:\Users\Jean-Marie\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080493000A5D73000010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000ACDE4600000000000200000002000000 "C:\Users\Jean-Marie\Downloads\rkill.exe"=0x5341435001000000000000000700000028000000D0811B0066BA1B00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000060332E00000000000100000001000000 "C:\Users\Jean-Marie\Desktop\adwcleaner_7.2.3.1.exe"=0x5341435001000000000000000700000028000000D0867300E8577400010000000000000000000206002100002EF6C8A3A56ACD010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000036D30000000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\Temp\PotUpdate\PotPlayerSetup64_97.exe"=0x5341435001000000000000000700000028000000D84B9E015B899E01010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000091940000000000000100000001000000 "C:\Users\Jean-Marie\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6655.exe"=0x534143500100000000000000070000002800000068A4BF041B9CC004010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000020510E005E6E0E00010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000223F0000000000000100000001000000 "C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE"=0x5341435001000000000000000700000028000000B0732A0074F42A00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000ED59360B000000000300000003000000 "C:\Program Files (x86)\PDF24\pdf24-Launcher.exe"=0x5341435001000000000000000700000028000000880A08002F9D0800010000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000800000000000000000000000000000000000000093A03300000000000200000002000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00A7180F0001000000000000000000000600010000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001C8F6704000000000E0000000E000000 "C:\Program Files (x86)\Silent Install Builder 5\Sib.exe"=0x5341435001000000000000000700000028000000C8100C001BCF0C00010000000000000000000206802100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000472B9A00000000000200000002000000 "Q:\Autres LFS Hyper & UEFM\format_mobilemate_&_combofix_sib.exe"=0x5341435001000000000000000700000028000000825D3E0700000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000D9950E00000000000100000001000000 "C:\Program Files (x86)\UTILILAB\SystemOPTIMIZER\USO.exe"=0x5341435001000000000000000700000028000000B01A3100CCCA3100010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000080001000000000000000000000000000004CCB5600000000000100000001000000 "C:\Users\Jean-Marie\AppData\Roaming\GlarySoft\SoftwareUpdatePro\UpdateDownload\Google_Drive_v3.36.6721.3394.msi"=0x534143500100000000000000070000002800000000F6000039910100010000000000000000000105001000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000008BD20000000000000100000001000000 "C:\Users\Jean-Marie\AppData\Roaming\GlarySoft\SoftwareUpdatePro\UpdateDownload\Dropbox_v56.4.94.exe"=0x5341435001000000000000000700000028000000B0A5570524185805010000000000000000000106000100002EF6C8A3A56ACD010000008000000000020000002800000000000000000000000000000000000000000000000000000059F70800000000000100000001000000 "C:\Program Files (x86)\Xvid\autoupdate-windows.exe"=0x5341435001000000000000000700000028000000C6DB610000000000010000000000000000000106000100002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000BDF60100000000000600000006000000 "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe"=0x5341435001000000000000000700000028000000D03F0700FF4C0700010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B8237500000000000100000001000000 "C:\Users\Jean-Marie\Downloads\BonjourPSSetup.exe"=0x534143500100000000000000070000002800000048F5520068CF5300010000000000000000000106710200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000E8F90100000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\Temp\IXP167.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000481B0100AAFD0100010000000000000000000106712200002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C01A0000000000000100000001000000 "D:\Program files\Baidu PC Faster\PCFasterSvc.exe"=0x5341435001000000000000000700000028000000F0530A00A23D0B00010000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000018C90200000000000C0000000C000000 "C:\Users\Jean-Marie\Desktop\adwcleaner_7.2.4.0.exe"=0x5341435001000000000000000700000028000000D0D87300EEAB7400010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000CBCE7204000000000100000001000000 "C:\Users\Jean-Marie\Downloads\processclose_2_08.01.17.1.exe"=0x5341435001000000000000000700000028000000A8270F003B5B0F00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000050000000000000000000000000000000000000000000000000000000EF680000000000000100000001000000000000000000004000000000000000000000000000000000E2AEC30E000000000100000000000000 "C:\Users\Jean-Marie\Downloads\rufus-3.3.exe"=0x534143500100000000000000070000002800000038AC0F0060DE0F00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000800200000028000000000000000000008000000000000000000000000000000000CD8D0100000000000100000001000000 "C:\Users\Jean-Marie\Downloads\USBFormatToolSetup.exe"=0x5341435001000000000000000700000028000000DAB4080000000000010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000008000000000000000000000000000000000659B0300000000000100000001000000 "C:\Users\Jean-Marie\Downloads\EmsisoftEmergencyKit.exe"=0x5341435001000000000000000700000028000000301B8A142F2B8A14010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000781E0200000000000100000001000000 "C:\EEK\Start Emergency Kit Scanner.exe"=0x5341435001000000000000000700000028000000C02414002F291400010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000047637400000000000300000003000000 "SIGN.IE=0651940 Zemana.AntiLogger.Setup.exe"=0x534143500100000000000000070000002800000040196500CC091A00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "SIGN.IE=0EDC360 ApplicationManager_v0905_rv198726(1_1)_STD_APM180612-01.exe"=0x534143500100000000000000070000002800000060C3ED002985EE00010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000080000000000000000000000000000000000000003BC61C00000000000100000001000000 "C:\Users\Jean-Marie\Desktop\adsfix_V5_04.09.18.1.exe"=0x534143500100000000000000070000002800000098615700F90E5800010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000002F5D8703000000000200000002000000 "C:\Users\Jean-Marie\Downloads\AfterShotPro3.exe"=0x5341435001000000000000000700000028000000600C0A00B95F0A00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000E6232B00000000000100000001000000 "C:\Users\Jean-Marie\Downloads\AfterShotPro3 (1).exe"=0x5341435001000000000000000700000028000000600C0A00B95F0A00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000061924700000000000100000001000000 "C:\Users\Jean-Marie\Downloads\JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B00010000000000000000000106710200002EF6C8A3A56ACD010000000000000000 "C:\Users\Jean-Marie\Downloads\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000800D320073353200010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 "C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe"=0x534143500100000000000000070000002800000090B8F00025AAF100010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000EA270000000000000200000002000000 "C:\ProgramData\Malwarebytes\MBAMService\instlrupdate\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.7123.exe"=0x53414350010000000000000007000000280000002086D0047C5FD104010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000603B2E04000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x534143500100000000000000070000002800000070447C0084337D00010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000F3106400000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\1-LFS Ultra & 100% Sécurisé\Start.exe"=0x534143500100000000000000070000002800000000CD1500D90A1600010000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000013AF2200000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe"=0x5341435001000000000000000700000028000000001800000000000001000000000000000000020673220000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000002E000000000000000100000001000000 "C:\Program Files\MultiCommander (x64)\MultiCommander.exe"=0x534143500100000000000000070000002800000000B476000000000001000000000000000000020600210000647CA60EA56ACD010000000000000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\data copy tools for photodirector 9 & youcam 8\teracopy.exe"=0x534143500100000000000000070000002800000088BB2800BE832900010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000CDE54800000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\zinstall-backup.exe"=0x5341435001000000000000000700000028000000B02A4309FA6E4309010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000080000040000000000000000000000000000000007D053200000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\zinstall_winwin.exe"=0x53414350010000000000000007000000280000008034C00559F4C005010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000800000400000000000000000000000000000000048F03000000000000100000001000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A32200C5032300010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000EFB40C2E000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\Temp\PotUpdate\PotPlayerSetup64_98.exe"=0x53414350010000000000000007000000280000003839A901FD4DA901010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000077EB0000000000000100000001000000 "C:\Program Files (x86)\Comodo\Dragon\modules\dragon_helper.exe"=0x534143500100000000000000070000002800000000D132009924330001000000000000000000020673200000647CA60EA56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000064A92102000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\Temp\bitsum\processlasso\pl4sfx.exe"=0x5341435001000000000000000700000028000000E8D3250000422600010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000008000000000000000000000000000000000000000621F0000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\cyberlink youcam 8 essentials\youcam 8 utilities\youcam 8 portable\Cameyo.exe"=0x53414350010000000000000007000000280000007D92EB001F2A1C00010000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000082FE9401000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\cyberlink youcam 8 essentials\youcam 8 utilities\youcam 8 setup\CyberLink_YouCam_Downloader.exe"=0x5341435001000000000000000700000028000000B8EA110036D21200010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000CCC46A01000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\digital-video-duplicator_1_16766.exe"=0x534143500100000000000000070000002800000004CBA50300000000010000000000000000000105710000002EF6C8A3A56ACD01000000000000000002000000280000000000000000080040000000000000000000000000000000003C1C1601000000000100000001000000 "C:\Program Files (x86)\CyberLink\YouCam8\OLRSubmission\OLRSubmission.exe"=0x5341435001000000000000000700000028000000B8F6040058950500010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000003EB20200000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\eXpertPDF_FR.exe"=0x5341435001000000000000000700000028000000486F1C00BEFA1C00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B9C11600000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\fr-logomaker4-web-trial.exe"=0x534143500100000000000000070000002800000087E5D61500000000010000000000000000000206412200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000DA7A1600000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\NewsMailStudioEval\SetupNewsMailStudio.msi"=0x534143500100000000000000070000002800000000E60100BC93020001000000000000000000010500100000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000EE990000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\OnlineVideoRecorder_3_4_4_AQFR.exe"=0x5341435001000000000000000700000028000000208F0101A5BA0101010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000095650400000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\PDF_to_Excel_French_demo.exe"=0x5341435001000000000000000700000028000000629C110000000000010000000000000000000105710000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000C2AC0000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\pdf2html_demo_FR.exe"=0x5341435001000000000000000700000028000000EAEF0A0000000000010000000000000000000105710000002EF6C8A3A56ACD01000000000000000002000000280000000000000000080040000000000000000000000000000000002D470000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\pdf2wordd.exe"=0x53414350010000000000000007000000280000005DB60C0000000000010000000000000000000105710000002EF6C8A3A56ACD01000000000000000002000000280000000000000000080040000000000000000000000000000000002D360000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\RegistryFirstAid_AQFR.exe"=0x5341435001000000000000000700000028000000E8388B0056F18B00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000045EE1200000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\Setup_SupersonicPC_2015.exe"=0x534143500100000000000000070000002800000010599B0076929B00010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000A88E1200000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\ShouldIRemoveIt_Setup.exe"=0x5341435001000000000000000700000028000000383F210063072200010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000E7D70000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\SmartPrivacyCleaner_FR (1).exe"=0x534143500100000000000000070000002800000000EA14008BAE1500010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001DE81000000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\Video_Explosion_Ultimate_Setup.exe"=0x5341435001000000000000000700000028000000B82EA825517DA825010000000000000000000106710200002EF6C8A3A56ACD01000000000000000002000000280000000000000000000050000000000000000000000000000000004B9F2400000000000100000001000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\muscade-moulu de widen - vaincre peur malware - adsfix - avanquest trials\WebAnime_eval.exe"=0x53414350010000000000000007000000280000007585310000000000010000000000000000000206412200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000064A00B00000000000100000001000000 "C:\Program Files (x86)\Digital Video Duplicator\DVDRemote.exe"=0x534143500100000000000000070000002800000000600D00E6C50D00010000000000000000000105712000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000004000000000000000000000000000009DE50100000000000100000001000000 "C:\Users\Jean-Marie\AppData\Local\Programs\Opera\launcher.exe"=0x534143500100000000000000070000002800000058DE14006FF7140001000000000000000000020600210000647CA60EA56ACD010000000000000000 "C:\Users\Jean-Marie\AppData\Local\Temp\CloseFAH.exe"=0x53414350010000000000000007000000280000000036010000000000010000000000000000000206712200002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000008B0A0000000000000100000001000000 "C:\Program Files\Firefox Nightly\firefox.exe"=0x5341435001000000000000000700000028000000D02108005FC4080001000000000000000000020600210000647CA60EA56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000059A14505000000000200000002000000 "Z:\LFS Hyper 1à2 & UEFM\2-barrow 2 à 6 & widen 1 à 7\manage barrow 2 à 6 & widen 1 à 7 - remove empty folders superflus on b2à6&w1à7 folders\red-v2.2-portable\RED2.exe"=0x5341435001000000000000000700000028000000007A020000000000010000000000000000000106F5200000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000006F6B0400000000000100000001000000 "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Suo12_StartupManager.exe"=0x5341435001000000000000000700000028000000107B3C009CBF3C00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B2370100000000000200000002000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0450600FAFF0600010000000000000000000206002100002EF6C8A3A56ACD010000000100000000 "Z:\LFS Hyper 1à2 & UEFM\quickdiag_V4_31.08.18.1 (1).exe"=0x534143500100000000000000070000002800000098214A00D8C84A00010000000000000000000206002100002EF6C8A3A56ACD010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "DoubleClickSpeed"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "DragFullWindows"=USR:Control Panel\Desktop ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "MouseSpeed"=#USR:Control Panel\Mouse "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "CoolSwitch"=USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DoubleClickWidth"=#USR:Control Panel\Mouse "SnapToDefaultButton"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "ScreenSaveActive"=#USR:Control Panel\Desktop "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "PowerOffTimeOut"=#USR:Control Panel\Desktop "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:Software\Swearware\dump [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon "SCRNSAVE.EXE"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "ScreenSaverActive"=USR:Control Panel\Desktop [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "DoubleClickSpeed"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "MouseSpeed"=#USR:Control Panel\Mouse "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "CoolSwitch"=USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DoubleClickWidth"=#USR:Control Panel\Mouse "SnapToDefaultButton"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "ScreenSaveActive"=#USR:Control Panel\Desktop "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "PowerOffTimeOut"=#USR:Control Panel\Desktop "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon "SCRNSAVE.EXE"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "ScreenSaverActive"=USR:Control Panel\Desktop [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=0 "UpdatesDisableNotify"=0 [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 "UpdatesDisableNotify"=0 "FirewallDisableNotify"=0 "AntiVirusDisableNotify"=0 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=129877610663917518 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "ProductType"=2 "ProductStatus"=0 "TrustedImageIdentifier"=P004N3-B2V "InstallTime"=0x6E43D281DB42D401 "DisableAntiVirus"=1 [HKLM\Software\WOW6432Node\Microsoft\Security Center] "AutoUpdateDisableNotify"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts [41] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.206.14] avec 32 octets de donn?es?: D?lai d'attente de la demande d?pass?. D?lai d'attente de la demande d?pass?. D?lai d'attente de la demande d?pass?. D?lai d'attente de la demande d?pass?. Statistiques Ping pour 216.58.206.14: Paquets?: envoy?s = 4, re?us = 0, perdus = 4 (perte 100%), ---------- | @ [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Internet Explorer\Main] "Start Page"=http://g.uk.msn.com/CQDSK13/3 "First Home Page"=http://g.uk.msn.com/CQDSK13/3 "Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3 [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\CurrentVersion\Internet settings] "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "IE5_UA_Backup_Flag"=5.0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "XMLHTTP"=1 "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x010000002A000000804A9B152BCBEAAEC003CEBFB41210852AD45E2B80FD2F41EE55B5AA470D7D082536A145884F88E456F7020000000E00000058356774517A6770783563253364 "IconCache"=ut7u0hl "OperationalData"=1 "CompatibilityFlags"=0 "IE10TourNoShow"=1 "FullScreen"=no "Window_Placement"=0x2C000000020000000300000000000000BC030000FFFFFFFFFFFFFFFF240000002400000044030000A4020000 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x88A7443C8546D401 "RunOnceHasShown"=1 "RunOnceComplete"=1 "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "FormSuggest PW Ask"=no "Check_Associations"=no "Error Dlg Displayed On Every Error"=no "AllowWindowReuse"=0 "ApplicationTileImmersiveActivation"=0 "Use Search Asst"=no "Search Bar"=https://www.google.com/ "AutoSearch"=1 "Start Page"=http://samsung17win10.msn.com/?pc=SMTE "NoUpdateCheck"=1 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "IE5_UA_Backup_Flag"=5.0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ZonesSecurityUpgrade"=0xE159FE70DC42D401 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "SecureProtocols"=2720 "PrivacyAdvanced"=0 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "GlobalUserOffline"=0 "WarnonBadCertRecving"=1 "WarnOnPostRedirect"=0 "WarnOnHTTPSToHTTPRedirect"=1 "SyncMode5"=3 "MaxConnectionsPerServer"=10 "MaxConnectionsPer1_0Server"=10 "ProxyHttp1.1"=1 "ProxyOverride"=*.local "WarNonBadCertReceving"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://g.uk.msn.com/CQDSK13/3 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "OfflineInformation"=res://ieframe.dll/offcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// "gopher"=gopher:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "WarnOnPost"=0x01000000 "WarnonBadCertRecving"=1 "WarnOnPostRedirect"=0 "WarnOnZoneCrossing"=1 "WarnOnHTTPSToHTTPRedirect"=1 "AutoConfigProxy"=wininet.dll "ProxyEnable"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3 "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://g.uk.msn.com/CQDSK13/3 "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "DoNotTrack"=1 "SearchAssistant"=about:blank [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Search] "SearchAssistant"=https://www.google.com/ie [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "OfflineInformation"=res://ieframe.dll/offcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "EnablePunycode"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] : SDWinLogon.dll ---------- | Execution FileExts [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apk] "Progid"=.apkHisuite [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm] "Progid"=SparkSafeHTML [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html] "Progid"=SparkSafeHTML [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht] "Progid"=SparkSafeHTML [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml] "Progid"=SparkSafeHTML [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSR] "progid"=Potplayer.nsr [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc] "ProgID"=SNAP.DOC ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveCloudOverlayIconHandler] - {7CB4D2F7-77AE-4A08-9BDF-21370FF8D6BD} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDrivePinnedOverlayIconHandler] - {C9F7D7A1-D13F-4C72-9AB0-06FDC65AA931} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveProgressOverlayIconHandler] - {96836CC1-31EA-4F1C-A7F4-D67863D5D4FD} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll [01/11/2018 19:13:39] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -- C:\Program Files\Google\Drive\googledrivesync64.dll [04/10/2018 19:44:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -- C:\Program Files\Google\Drive\googledrivesync64.dll [04/10/2018 19:44:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -- C:\Program Files\Google\Drive\googledrivesync64.dll [04/10/2018 19:44:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ !SugarSyncPending] - {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} -- C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [21/06/2018 19:16:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ !SugarSyncShared] - {1574C9EF-7D58-488F-B358-8B78C1538F51} -- C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [21/06/2018 19:16:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ !SugarSyncSharedSyncing] - {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} -- C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [21/06/2018 19:16:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ !SugarSyncSynced] - {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} -- C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [21/06/2018 19:16:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock] - -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [26/07/2012 02:03:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt01] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt02] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt03] - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt04] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt05] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt06] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt07] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt08] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt09] - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ DropboxExt10] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -- C:\Program Files (x86)\Dropbox\Client\DropboxExt.26.0.dll [01/11/2018 19:13:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- ---------- | Toolbar [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100002001600000001000000800600005E01000007000000C1020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030F11C209CE25C4EA73FCD197DEFA6AE00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=22 [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "KnownProvidersUpgradeTime"=0x878FA23F8546D401 "Version"=3 "UpgradeTime"=0xE79DB3428546D401 "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=Norton Toolbar "{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=E-Web Print ---------- | Extensions [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping] : () - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}] : (Spybot - Search & Destroy Configuration) - [] ---------- | SearchScopes [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : ---------- | ElevationPolicy [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] - (C:\Program Files\Internet Explorer) - iexplore.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files\Internet Explorer) - ielowutil.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] - (C:\Windows\System32) - winfxdocobj.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}] - (C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27) - symerr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29c98170-8bb5-4f76-bb88-1dc420a04f53}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IARNLPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] - (C:\Program Files\Java\jre1.8.0_181\bin) - jp2launcher.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - (C:\Program Files\Java\jre1.8.0_181\bin) - javaws.exe : C:\Program Files (x86)\Java\jre6\bin\wsdetect.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b71395d-ff8a-4ebc-bca3-abbb32790bec}] - (%SystemRoot%\system32\IME\IMESC\) - IMSCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{615e8347-1708-47e8-9eb2-7da0e68cadce}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_IPRELPE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B723F941-52A2-4392-B500-60F3889659B4}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] - (C:\Program Files\Java\jre1.8.0_181\bin) - ssvagent.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] - (C:\Program Files (x86)\Internet Explorer) - iexplore.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files (x86)\Internet Explorer) - ielowutil.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] - (C:\Windows\SysWOW64) - winfxdocobj.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}] - (C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27) - symerr.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\SysWOW64) - msdt.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\) - AcroBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34372DD3-19BF-454f-BF23-8761F26CFFD2}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewps.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] - (C:\Program Files (x86)\Windows Live\Contacts\) - wlcomm.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61}] - (C:\Windows\SysWOW64\Adobe\Shockwave 12) - SwHelper_1234204.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] - (C:\Program Files (x86)\Java\jre6\bin) - unpack200.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] - (C:\Program Files (x86)\Java\jre6\bin) - jp2launcher.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - (C:\Program Files (x86)\Java\jre6\bin) - javaws.exe : C:\Program Files (x86)\Java\jre6\bin\wsdetect.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b71395d-ff8a-4ebc-bca3-abbb32790bec}] - (%SystemRoot%\system32\IME\IMESC\) - IMSCPROP.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68934FDE-CDB1-42CC-A38B-A44B43B0785C}] - (C:\Windows\SysWOW64\Adobe\Director) - SWDNLD.EXE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}] - (C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\) - AdobeARM.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC06A6F-4C88-4707-8DEC-61017CB50E1E}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{82821E4E-4B46-430D-8BB8-8B480FC9D8A5}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886D9852-A9A8-4b88-83D4-50FC6616C21D}] - (C:\Program Files (x86)\Epson Software\E-Web Print) - ewpsbw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader) - AdobeCollabSync.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] - (C:\Program Files (x86)\Windows Live\Installer\) - wlstartup.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7278BD0-7970-47D6-8954-99B2343EED88}] - (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF) - RdrCEF.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] - (C:\Program Files (x86)\Google\Update\1.3.33.17) - GoogleUpdateBroker.exe : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] - (C:\Program Files (x86)\Google\Update\1.3.33.17) - GoogleUpdateWebPlugin.exe : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] - (C:\Program Files (x86)\Java\jre6\bin) - ssvagent.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] : : C:\Program Files (x86)\Java\jre6\bin\ssv.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] : : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll ---------- | Ext\Stats [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12A66224-5E8A-4679-8941-0B9B960BF5EA}] : : %SystemRoot%\system32\wuwebv.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{233C1507-6A77-46A4-9443-F871F945D258}] : : C:\Windows\SysWow64\Adobe\Director\SwDir_1234204.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\SysWOW64\mshtml.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53707962-6F74-2D53-2644-206D7942484F}] : : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}] : : %SystemRoot%\system32\wmp.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] : : C:\Program Files (x86)\Java\jre6\bin\ssv.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] : : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] : : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9BE31822-FDAD-461B-AD51-BE1D1C159921}] : : [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0}] : : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] : : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}] : : C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8c77137-e224-5791-b6e9-ff0305797a13}] : : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] : : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] : : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8c77137-e224-5791-b6e9-ff0305797a13}] : : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre6\bin\ssv.dll [09/10/2018 05:23:32] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [09/10/2018 05:23:30] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] -> (E-Web Print) : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [27/11/2014 11:38:00] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] -> () : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] -> (Norton Identity Protection) : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [07/09/2018 00:25:05] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] -> (Norton Vulnerability Protection) : C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [05/09/2018 09:00:41] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre6\bin\ssv.dll [09/10/2018 05:23:32] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [09/10/2018 05:23:30] ---------- | Chrome C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\bejnhdlplbjhffionohbdnpcbobfejcc = : Norton Safe Search and Safe Web warn you of dangerous sites when you search shop or browse online. - Norton Security Toolbar - permissions:[tabshistorywebNavigationnativeMessagingmanagement\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\fcebahaopmklkfaaacddffiomjjldmkk = : Direct access to free web search through New Tab page and Default Search. - MySearchApp - permissions:[alarmscontextMenustabsstorageactiveTabwebNavigationwebRequestBlockingwebRequest\u003Call_urls>managementdownloadscookies] - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepaooicaho = : __MSG_res_PRODUCT_NAME_TRADEMARKED__ - __MSG_res_PRODUCT_NAME_TRADEMARKED__ - permissions:[tabs\u003Call_urls>downloadsnativeMessagingwebRequeststorage] - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\Jean-Marie\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Google\Chrome\Extensions\fcebahaopmklkfaaacddffiomjjldmkk] [HKLM\Software\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc] [HKLM\Software\Google\Chrome\Extensions\fcebahaopmklkfaaacddffiomjjldmkk] [HKLM\Software\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] [HKLM\Software\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fcebahaopmklkfaaacddffiomjjldmkk] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn] ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ "{4963C948-9C4E-40B8-9291-CE0234B47210}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi "e-webprint@epson.com"=C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 31.0.0.108 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.181.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 31.0.0.108 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\Windows\SysWOW64\Adobe\Director\np32dsw_1234204.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45] - () : C:\Windows\SysWOW64\npdeployJava1.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5786dgji.default\Prefs.js user_pref("browser.startup.homepage", "https://fr.yahoo.com/?fr=fp-comodo&type=81_25050030004_68.0.3440.107_u_hp_sp"); user_pref("browser.startup.homepage_override.buildID", "20181001155545"); user_pref("browser.startup.homepage_override.mstone", "62.0.3"); user_pref("extensions.blocklist.lastModified", "Mon, 08 Oct 2018 10:58:55 GMT"); user_pref("extensions.blocklist.pingCountTotal", 15); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.databaseSchema", 27); user_pref("extensions.getAddons.cache.lastUpdate", 1541327827); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppBuildId", "20180920131237"); user_pref("extensions.lastAppVersion", "62.0.3"); user_pref("extensions.lastPlatformVersion", "62.0.3"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"e58e9a81-c235-4dc2-834a-8a5370336af7\",\"webcompat@mozilla.org\":\"c447731b-051c-4ff9-9645-c3e4ab7d38ad\",\"screenshots@mozilla.org\":\"c1d58a00-4c84-4cd3-9076-ca07cefb47f5\"}"); user_pref("network.http.max-persistent-connections-per-proxy", 16); [Profile0] - Name=default -> Profiles/5786dgji.default ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B389AB24-C362-4FAB-B29C-601C91B5A911}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B389AB24-C362-4FAB-B29C-601C91B5A911}] "DhcpNameServer"=192.168.1.1 ---------- | ActiveX [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - -> "C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] - (Java (Sun)) - -> C:\Program Files (x86)\Java\jre6\bin\regutils.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{30500C7C-2206-3DC6-9792-96E95A04669D}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] - (Java Plug-in 1.6.0_45) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab | C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}] - (Java Plug-in 1.6.0_45) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab | C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] - (Java Plug-in 1.6.0_45) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab | C:\Program Files (x86)\Java\jre6\bin\npjpi160_45.dll ---------- | Applications [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\AddSpeedMenuSkin.exe] : "C:\Program Files (x86)\RedFox\AnyDVD\AddSpeedMenuSkin.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\Launcher.exe] : "C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe" -noautoupdate -- "%1" [HKLM\SOFTWARE\Classes\Applications\MovieCreator.exe] : C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MovieCreator.exe "%1" [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\Photo Explosion.exe] : "C:\Program Files (x86)\Photo Explosion 6.0\Photo Explosion.exe" -file "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\RegAnyDVD.exe] : "C:\Program Files (x86)\RedFox\AnyDVD\RegAnyDVD.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\SumatraPDF.exe] : "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %* [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\AddSpeedMenuSkin.exe] : "C:\Program Files (x86)\RedFox\AnyDVD\AddSpeedMenuSkin.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Launcher.exe] : "C:\Users\Jean-Marie\AppData\Local\Programs\Opera\Launcher.exe" -noautoupdate -- "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieCreator.exe] : C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MovieCreator.exe "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Photo Explosion.exe] : "C:\Program Files (x86)\Photo Explosion 6.0\Photo Explosion.exe" -file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\RegAnyDVD.exe] : "C:\Program Files (x86)\RedFox\AnyDVD\RegAnyDVD.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SumatraPDF.exe] : "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %* [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: hpqwmiex - AppID: {0018752E-7735-4B30-9DA9-4A01F024F270} Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3} Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: WinStore OM - AppID: {03e64e17-b220-4052-9b9b-155f9cb8e016} Name: CELERITASWMSecureShell - AppID: {0545D0D4-6CF7-4088-B65A-65F1EA53A70F} Name: GSService - AppID: {0547389D-9569-41f6-B844-4829FC8001BB} Name: DVCRenderingAdapter - AppID: {063478AF-BDB8-41A6-8A85-E1D78CF80998} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B} Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A} Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323} Name: SwapAPODll - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: IIS W3 Control - AppID: {119817C9-666D-4053-AEDA-627D0E25CCEF} Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011} Name: MACustomSource - AppID: {11F92289-DFDF-4DA5-83FA-DE8F66E79060} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80} Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0} Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B} Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC} Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A} Name: WsDrvInst - AppID: {1909e113-997e-4759-baa3-bcb780797176} Name: SimpleExt - AppID: {19B3F3E6-9650-4CF6-AD8F-2EBB675D8BF0} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: Disc soft DT Pro bus service - AppID: {1E9D16CB-FF03-481F-ABE2-F406C2808FE2} Name: MyEpson Portal Service - AppID: {1EA8AE6B-3E49-4C56-B4F6-91BC83604BEB} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: WinZip Smart Monitor Service - AppID: {2CA75AD3-A844-4DF9-999D-CB82069C55C3} Name: VSUtil - AppID: {2DB4F9B7-144E-4319-B14A-432AC74C0CEF} Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C} Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606} Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97} Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d} Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB} Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2} Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B} Name: C:\Program Files (x86)\Winamp\Elevator.exe - AppID: {3B29AB5C-52CB-4a36-9314-E3FEE0BA7468} Name: Fb2kShellExt - AppID: {3B3052C5-E430-4A00-84C9-BFD43336940B} Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1} Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E} Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85} Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C} Name: PIFUAC - AppID: {45CB30B1-B453-488a-9E8F-CE3C2ABFAAA7} Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a} Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E} Name: ShellMenu - AppID: {4762840D-A0E0-4CA0-9BBE-2CDE5C2B84C0} Name: RadioManagement Lib Class - AppID: {478B41E6-3257-4519-BDA8-E971F9843849} Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d} Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: MAFilters - AppID: {4BC72581-DE6E-4554-99E1-71D12ACABED7} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: SecureShell - AppID: {50091E98-FF49-46d4-8B23-AACA30D11691} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: NavShExt - AppID: {50FBD810-BC18-42A9-B2D4-0E8352AA8CA5} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b} Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC} Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Keepvid.AppFrame.Client - AppID: {5a07dad5-34f6-47a9-9033-add615d70b91} Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B} Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0} Name: %SystemRoot%\System32\wsclient.dll - AppID: {5C917E9C-0B2F-40D6-928B-5C43FDB16DF4} Name: WLXMP4ParserThumbnailProvider - AppID: {5D6E8BC8-01F3-41CC-BF7D-D7EEF436896E} Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1} Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3} Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: IIS CertObj - AppID: {62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: CLMLSvc_P2G8 - AppID: {64260897-BFB4-451c-A60E-89377BAC66D3} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: AvAScr - AppID: {66A841F2-956C-4631-BFE7-C90225F417D6} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Sensors CPL Change Device Permission LUA Helper - AppID: {6CE51F75-0448-438e-B9CA-69C352A248A7} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: UACObject - AppID: {70059090-33FC-404F-BEFC-7A8C0C55C2FC} Name: Windows SideShow AutoWake Configuration Helper - AppID: {71B804C5-5577-471D-8FE5-C4A45B654EB8} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: ServiceModule - AppID: {76E258F0-DE86-4CEC-9D30-3F728A898741} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7} Name: AppFramework.Services.ProductionManagerOutProc - AppID: {7c1b0cb3-32c3-4af9-85de-109385acb27d} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: Dispatch - AppID: {7D7B609B-D089-4687-9606-264A9AA2FBB2} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} Name: hputils - AppID: {8195693E-0C55-4BE2-A2DB-32376ABC24C4} Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B} Name: Wondershare.AppFrame.Client - AppID: {83045d03-658e-471c-ac48-edf4cb87f1a7} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: SymDgnHc - AppID: {8933BDBF-DADC-44c3-BA6D-F944EBF16362} Name: UACObject - AppID: {8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC} Name: AQFileRestore - AppID: {8AA07539-D174-4a6d-BF11-BCCC3C0F6B05} Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: MAAudioEffects - AppID: {8ED23FB9-F922-4036-8CA3-7A9A8DC3B712} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60} Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139} Name: BitLockerAnywhereShell - AppID: {93F734C3-473B-4093-BFF8-3D3092C3F42D} Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410} Name: ServiceModule - AppID: {96D1EED3-701E-4FE5-B996-A543A8465897} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276} Name: UACObject - AppID: {9CDFC8E0-D8E3-4A87-AD2E-38DBBDCB05ED} Name: MalwareHunterContextHandler - AppID: {9D8C0710-8D32-4A42-84E5-210927BC6CB0} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: ahadmin - AppID: {9fa5c497-f46d-447f-8011-05d03d7d7ddc} Name: contextmenu - AppID: {A0E45FE6-E6DD-444D-8ACC-577D8F0C14F8} Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe} Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134} Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121} Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: KvAppFramework.Services.ProductionManagerOutProc - AppID: {a7aafee1-4b44-44f2-ab3a-ad8e9ed5cecf} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: Windows Live Social Object Extractor Engine - AppID: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d} Name: SwHelper_1234204 - AppID: {AF551664-D2DF-4E34-85DE-46320B13A0B4} Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1} Name: MADynamicEffects - AppID: {B0A32428-4974-44F5-87C8-D90893F4B0BF} Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA} Name: Dispatch - AppID: {B1463312-25D9-4de4-96DC-FE9213084065} Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: WinStore OM - AppID: {B3823009-106A-4898-8C5A-F28A7CA83ED6} Name: WsAppService - AppID: {b3ce22d7-739b-4dd3-ba38-b67cb26c3ed1} Name: UACObject - AppID: {B49FBDA8-D846-43c4-ACAA-06D7794374C8} Name: KeyScrambler - AppID: {B4E5C8E2-DB42-48FA-9423-AAA706BCE970} Name: RichVideo64 - AppID: {B58B304A-D419-4c50-BE1F-6F6CD234B7EF} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: ShellExtBridge119 - AppID: {ba3bdfe6-1ca3-43e9-907f-7b00567be2c9} Name: CloudSer - AppID: {BABD83F8-E723-4D8F-B5D1-B03E1F1108F5} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: ewpsie_tb - AppID: {BBFE69BB-2EA4-49A6-99F3-9408974D0684} Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b} Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D} Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: CLWFLService8 - AppID: {C3E48125-FA94-4209-8AA6-50AECED5AA93} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: Mp3tagShell - AppID: {C4A76138-4C6F-49EB-906C-CE806841A851} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83} Name: LockScreen Application Notification Broker - AppID: {C89FC3EF-A0DC-4feb-BFBC-F13A9C334D4F} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: EPTBL - AppID: {CACC252F-95A7-4741-BBE8-FB1F18C2826F} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Windows SideShow Device Configuration Helper - AppID: {D3667F1E-CCB8-4A69-99DF-59A2B2A6753F} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: URLReqService - AppID: {D4859CE9-3B25-4235-8973-A74F5D9A04F2} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: WinZip Compression Smart Monitor Service - AppID: {D6F79CD8-3495-4C34-BAD2-AA0C46560D6E} Name: UACObject - AppID: {D8239E84-D6EC-41dc-B7EA-98CDBF472200} Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6} Name: NGPE.Autoplay - AppID: {D9FAC7F6-9EA2-48AA-BDDE-7F4940FFC432} Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E} Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7} Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: iisctl - AppID: {E8FB8615-588F-11D2-9D61-00C04F79C5FE} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: SWDNLD - AppID: {ED372EB0-5B14-484F-A27C-05FF89B6DF25} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: Windows SideShow PropertyPage Host - AppID: {F056D291-A2AB-45f7-8EE4-40454493B351} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: KvAppService - AppID: {f478871a-1301-429a-a174-8fa966d17284} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: WinStore OM - AppID: {fc470800-12e0-4da3-81f3-e67240d19093} Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C} Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{119817C9-666D-4053-AEDA-627D0E25CCEF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{119817C9-666D-4053-AEDA-627D0E25CCEF}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3B29AB5C-52CB-4a36-9314-E3FEE0BA7468}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{70059090-33FC-404F-BEFC-7A8C0C55C2FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{70059090-33FC-404F-BEFC-7A8C0C55C2FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7D7B609B-D089-4687-9606-264A9AA2FBB2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7D7B609B-D089-4687-9606-264A9AA2FBB2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8933BDBF-DADC-44c3-BA6D-F944EBF16362}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{9CDFC8E0-D8E3-4A87-AD2E-38DBBDCB05ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9CDFC8E0-D8E3-4A87-AD2E-38DBBDCB05ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{B1463312-25D9-4de4-96DC-FE9213084065}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B1463312-25D9-4de4-96DC-FE9213084065}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B49FBDA8-D846-43c4-ACAA-06D7794374C8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{CE166E40-1E72-45B9-94C9-3B2050E8f180}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D8239E84-D6EC-41dc-B7EA-98CDBF472200}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D8239E84-D6EC-41dc-B7EA-98CDBF472200}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DeviceInstall DcomLaunch "regsvc"=RemoteRegistry "iissvcs"=w3svc was [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=PlugPlay DeviceInstall DcomLaunch "iissvcs"=w3svc was ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\AC3Filter] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Gabest] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\GNU] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Mine] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Policies] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\AC3Filter] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Adlice Software] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Adobe] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Aimersoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Aiseesoft Studio] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Akeo Consulting] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\AnyMedia Player] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\AppDataLow] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Ashampoo] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ATI] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Authorsoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\AVG] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Baidu Security] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Blackmagic Design] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Browser Cleanup] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\BVRP Software] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Cameyo] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Caphyon] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Chromium] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Citrix] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Clients] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Code Sector] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Comodo] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Corel] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\CyberLink] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\DAUM] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Disc Soft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\DivxNetWorks] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\DMGR2.0.0] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Dragon] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Dropbox] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\DropboxUpdate] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\efixmypc.com] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ej-technologies] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Elecard] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\EPSON] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\EPSON Software Updater] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Ewaycom] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\FlashPeak] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\freeware] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Gabest] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\giveawayoftheday.com] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\GNU] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Google] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\GPL Ghostscript] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\GRETECH] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\HotspotShield] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Icaros] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Informer Technologies, Inc.] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\InstallShield] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\IObit] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\iSkysoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\J. River] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Keepvid] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\KillSoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Licenses] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\LogMeInRescueCallingCard] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Macromedia] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Magnet] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Malwarebytes] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\MediaArea] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Mine] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Moo0] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Mozilla] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\MPC-HC] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\MultiCommander] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Netscape] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Nico Mak Computing] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Norton] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Online Video Recorder] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Opera Software] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Participatory Culture Foundation] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\PDF Tools AG] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\PDFPrint] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Piriform] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Policies] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ProcessLasso] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\QFX Software] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\QtProject] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\RealNetworks] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\RegisteredApplications] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Remo Software] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Ritlabs] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Seifert] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Seiko Epson Corporation] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\SharewareOnSale] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Sharpcast] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ShellExtBridge110] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Start Menu Reviver] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Sysinternals] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\TeamViewer] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Trolltech] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Ultracopier] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\undefined] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\VOS] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Wget] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Winamp] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\WinRAR] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\WinRAR SFX] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\WinZip Computing] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\WixSharp] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Wondershare] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Wow6432Node] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Zemana] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ZHP] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\ZVT Inc.] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\{B488507A-7130-4bbe-BA93-ECB95DD00C0A}] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\AppDataLow\Software\Adobe] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\AdsFix] [HKLM\Software\AMD] [HKLM\Software\Ashampoo] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\AVG] [HKLM\Software\Bitsum] [HKLM\Software\Blackmagic Design] [HKLM\Software\calibre 64bit] [HKLM\Software\Clients] [HKLM\Software\Code Sector] [HKLM\Software\Corel] [HKLM\Software\CPUID] [HKLM\Software\CyberLink] [HKLM\Software\DAUM] [HKLM\Software\DFX] [HKLM\Software\Disc Soft] [HKLM\Software\efixmypc.com] [HKLM\Software\Emsisoft] [HKLM\Software\EPSON] [HKLM\Software\ESET] [HKLM\Software\FileZilla 3] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GNU] [HKLM\Software\Google] [HKLM\Software\Hasleo] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HitmanPro] [HKLM\Software\Huawei technologies] [HKLM\Software\Icaros] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KeyCryptSDK] [HKLM\Software\Khronos] [HKLM\Software\license_IS] [HKLM\Software\Logitech] [HKLM\Software\Macrium] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nico Mak Computing] [HKLM\Software\ODBC] [HKLM\Software\Oracle] [HKLM\Software\PDF Tools AG] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\PostgreSQL] [HKLM\Software\PostgreSQL Global Development Group] [HKLM\Software\ProcessLasso] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Remo Software] [HKLM\Software\Software] [HKLM\Software\SRS Labs] [HKLM\Software\Start Menu Reviver] [HKLM\Software\SumatraPDF] [HKLM\Software\swearware] [HKLM\Software\sysinternals] [HKLM\Software\TAP-Windows] [HKLM\Software\UVK - Ultra virus killer] [HKLM\Software\UVK - Ultra virus killer backups] [HKLM\Software\VideoLAN] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node] [HKLM\Software\Zemana] [HKLM\Software\ZmnGlobalSDK] [HKLM\Software\ZWZpeG15cGMuY29t] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Aimersoft] [HKLM\Software\WOW6432Node\Aimersoft Helper Compact] [HKLM\Software\WOW6432Node\AnyMedia Player] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASDMA] [HKLM\Software\WOW6432Node\Ashampoo] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\avery] [HKLM\Software\WOW6432Node\AVG] [HKLM\Software\WOW6432Node\Baidu Security] [HKLM\Software\WOW6432Node\Bitsum] [HKLM\Software\WOW6432Node\Blackmagic Design] [HKLM\Software\WOW6432Node\Borland] [HKLM\Software\WOW6432Node\BVRP Software] [HKLM\Software\WOW6432Node\Citrix] [HKLM\Software\WOW6432Node\Comodo] [HKLM\Software\WOW6432Node\ComodoGroup] [HKLM\Software\WOW6432Node\Corel] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\DFX] [HKLM\Software\WOW6432Node\Disc Soft] [HKLM\Software\WOW6432Node\Dragon] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\FileZilla 3] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\FlashPeak] [HKLM\Software\WOW6432Node\Florian Heidenreich] [HKLM\Software\WOW6432Node\FTPWare] [HKLM\Software\WOW6432Node\g3n-h@ckm@n] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GRETECH] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HotspotShield] [HKLM\Software\WOW6432Node\Icaros] [HKLM\Software\WOW6432Node\IN Wallpaper ProjectTool] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\iSkysoft] [HKLM\Software\WOW6432Node\J. River] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\K-Meleon] [HKLM\Software\WOW6432Node\K-Meleon 75.0] [HKLM\Software\WOW6432Node\Keepvid] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\KillSoft] [HKLM\Software\WOW6432Node\KLCodecPack] [HKLM\Software\WOW6432Node\Lake] [HKLM\Software\WOW6432Node\LAV] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\LogMeInRescueCallingCard] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\magnet] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Morgan] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nico Mak Computing] [HKLM\Software\WOW6432Node\Norton] [HKLM\Software\WOW6432Node\NVDA] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Online Video Recorder] [HKLM\Software\WOW6432Node\Panda Software] [HKLM\Software\WOW6432Node\Participatory Culture Foundation] [HKLM\Software\WOW6432Node\PDFPrint] [HKLM\Software\WOW6432Node\ProcessLasso] [HKLM\Software\WOW6432Node\QFX Software] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Remo Software] [HKLM\Software\WOW6432Node\Seiko Epson Corporation] [HKLM\Software\WOW6432Node\Sharpcast] [HKLM\Software\WOW6432Node\SlySoft] [HKLM\Software\WOW6432Node\Swearware] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\SymNRT] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\UsbFix] [HKLM\Software\WOW6432Node\VobSub] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\WinPcap] [HKLM\Software\WOW6432Node\WiseCleaner] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\Xvid Team] [HKLM\Software\WOW6432Node\Zemana] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | FeatureControl [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "MirrorGo.exe"="10001" "softinfo.exe"="11000" "KeepVid Music.exe"="11000" "ashsnap.exe"="10001" "PotPlayerMini64.exe"="10000" "UI7.exe"="10001" "AcroRd32.exe"="10001" "Trial.exe"="8888" "UVKInstaller.exe"="10001" ""="10000" "hsscp.exe"="10000" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801] "ashsnap.exe"="1" "UI7.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "ashsnap.exe"="1" "UI7.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION] "PotPlayerMini64.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "MirrorGo.exe"="1" "softinfo.exe"="0" "KeepVid Music.exe"="1" "ashsnap.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "iexplore.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "ashsnap.exe"="10" "UI7.exe"="10" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "ashsnap.exe"="10" "UI7.exe"="10" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "ashsnap.exe"="1" "UI7.exe"="1" [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "WindowsAnytimeUpgradeUI.exe"="1" "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "prevhost.exe"="1" "HelpPane.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "iexplore.exe"="1" "*"="1" "infopath.exe"="0" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION] "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "prevhost.exe"="1" "HelpPane.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "prevhost.exe"="8000" "HelpPane.exe"="10000" "mshta.exe"="9999" "softinfo.exe"="11000" "PhotoDirector8.exe"="10000" "googledrivesync.exe"="8000" "PhotoDirector10.exe"="10000" "AudioDirector.exe"="9000" "ColorDirector.exe"="11000" "PDR.exe"="11000" "winzip64.exe"="8000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "iexplore.exe"="1" "SAPLOGON.exe"="0" "SAPLgPad.exe"="0" "explorer.exe"="1" "SAPGuiIT.exe"="0" "wmplayer.exe"="1" "SAPfewgsrv.exe"="0" "Scale_for_R3.exe"="0" "SAPGUI.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "iexplore.exe"="1" "ieuser.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "helppane.exe"="1" "devenv.exe"="1" "dexplore.exe"="1" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "mshta.exe"="1" "softinfo.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"="1" "cs.exe"="1" "waol.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI] "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "prevhost.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="10" "iexplore.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="10" "iexplore.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "prevhost.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "sidebar.exe"="1" "outlook.exe"="1" "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE] "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "iexplore.exe"="0" "explorer.exe"="0" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "prevhost.exe"="1" "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "prevhost.exe"="1" "HelpPane.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "prevhost.exe"="1" "winmail.exe"="1" "msimn.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "prevhost.exe"="1" "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "HelpPane.exe"="1" "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "prevhost.exe"="0" "HelpPane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING] "mshta.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"="1" "msimn.exe"="1" "outlook.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" "winword.exe"="1" "excel.exe"="1" "powerpnt.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "prevhost.exe"="1" "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XMLHTTP] "mshta.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "prevhost.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "prevhost.exe"="1" "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "iexplore.exe"="1" "*"="1" "infopath.exe"="0" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION] "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" "mshta.exe"="9999" "GOM.EXE"="10001" "mbamtray.exe"="11000" "mbam.exe"="11000" "YouCam8.exe"="9000" "cmw_srv.exe"="10000" "WebAuthBroker.exe"="10000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "iexplore.exe"="1" "SAPLOGON.exe"="0" "SAPLgPad.exe"="0" "explorer.exe"="1" "SAPGuiIT.exe"="0" "wmplayer.exe"="1" "SAPfewgsrv.exe"="0" "Scale_for_R3.exe"="0" "SAPGUI.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "iexplore.exe"="1" "ieuser.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "helppane.exe"="1" "PresentationHost.exe"="0" "devenv.exe"="1" "dexplore.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"="1" "cs.exe"="1" "waol.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI] "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "explorer.exe"="1" "PresentationHost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "iexplore.exe"="10" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "iexplore.exe"="10" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "sidebar.exe"="1" "outlook.exe"="1" "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE] "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "iexplore.exe"="0" "explorer.exe"="0" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "winmail.exe"="1" "prevhost.exe"="1" "msimn.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "HelpPane.exe"="1" "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING] "mshta.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"="1" "msimn.exe"="1" "outlook.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" "winword.exe"="1" "excel.exe"="1" "powerpnt.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "iexplore.exe"="1" "explorer.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XMLHTTP] "mshta.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "iexplore.exe"="1" "prevhost.exe"="1" "explorer.exe"="1" "PresentationHost.exe"="1" "wmplayer.exe"="1" "mshta.exe"="0" ---------- | The Created last ones ? Modified [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:51] - |D| - [35088515] - C:\Program Files (x86)\Hotspot Shield [MD5.00000000000000000000000000000000] - [03/11/2018 12:56:35] - |D| - [796497754] - C:\Program Files (x86)\IObit [MD5.9F95F91612B880703294B1CF985BE29E] - [03/11/2018 09:15:01] - |A| - [778] - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/11/2018 09:15:01] - |A| - [0] - C:\Windows\setuperr.log [MD5.21A81B08A128754E63660014B46FBA3D] - [04/11/2018 12:30:48] - |A| - [90223] - C:\Windows\ZAM.krnl.trace [MD5.F3BE637AB0CB6A9A4D4012FC18B9A946] - [04/11/2018 12:30:48] - |A| - [55377] - C:\Windows\ZAM_Guard.krnl.trace [MD5.1F55603B61BD24E1A163D66B58CD8BC5] - [02/11/2018 23:49:31] - |A| - [57413632] - C:\Windows\Installer\dbb8cbc.msi [MD5.6703B0035022F61AE9222133D24F28B8] - [03/11/2018 10:18:05] - |A| - [172220416] - C:\Windows\Installer\ff818b0.msi [MD5.00000000000000000000000000000000] - [03/11/2018 10:21:32] - |D| - [0] - C:\Windows\Installer\MSI1438.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:07] - |D| - [0] - C:\Windows\Installer\MSI33EF.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:10] - |D| - [0] - C:\Windows\Installer\MSI40DB.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:14] - |D| - [0] - C:\Windows\Installer\MSI5095.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:19:37] - |D| - [0] - C:\Windows\Installer\MSI52E3.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:20:56] - |D| - [0] - C:\Windows\Installer\MSI83C9.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:28] - |D| - [0] - C:\Windows\Installer\MSI8A1C.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:20:58] - |D| - [0] - C:\Windows\Installer\MSI9170.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:36] - |D| - [0] - C:\Windows\Installer\MSIA721.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:19:05] - |D| - [0] - C:\Windows\Installer\MSID199.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:49] - |D| - [0] - C:\Windows\Installer\MSID96E.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:50] - |D| - [0] - C:\Windows\Installer\MSIDD36.tmp- [MD5.00000000000000000000000000000000] - [03/11/2018 10:15:50] - |D| - [0] - C:\Windows\Installer\MSIE024.tmp- [MD5.88A15908116D7E5ADFF2443A1ADF271D] - [02/11/2018 23:50:09] - |A| - [20480] - C:\Windows\Installer\SourceHash{608EBDC6-D18A-4CF6-AD54-EE6B71D29065} [MD5.CFACF9CA52FAB6AEB7BB38F505287CE6] - [03/11/2018 10:15:29] - |A| - [20480] - C:\Windows\Installer\SourceHash{AF599C42-A2E5-4251-B7EE-4925C1F7AE60} [MD5.D52935306E271822D3941201C042EC90] - [03/11/2018 10:26:16] - |A| - [20480] - C:\Windows\Installer\SourceHash{CD95F661-A5C4-44F5-A6AA-ECDD91C24115} [MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/11/2018 10:19:41] - |A| - [0] - C:\Windows\Installer\wix{AF599C42-A2E5-4251-B7EE-4925C1F7AE60}.SchedServiceConfig.rmi [MD5.00000000000000000000000000000000] - [02/11/2018 23:50:22] - |D| - [1030332] - C:\Windows\Installer\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065} [MD5.00000000000000000000000000000000] - [03/11/2018 10:32:10] - |D| - [573440] - C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115} [MD5.C937C1D2CA3771E426330B080B69E8EE] - [04/11/2018 12:33:26] - |A| - [378640] - C:\Windows\system32\avgBoot.exe [MD5.26DA272DAD54CD3EFFD2D6F30432A7A4] - [03/11/2018 10:20:13] - |A| - [230880] - C:\Windows\system32\Drivers\asw 48f7cdf22458e80.tmp [MD5.C87E121882597016F8E301094D041A17] - [03/11/2018 10:20:29] - |A| - [46920] - C:\Windows\system32\Drivers\asw12b44cd370f61f46.tmp [MD5.455F012979E72FA5484C1ED5C5A5860E] - [03/11/2018 10:20:28] - |A| - [202296] - C:\Windows\system32\Drivers\asw42201c13d240c199.tmp [MD5.872A4AD5F40AA6D3F9A3E8943ADA1CF0] - [03/11/2018 10:20:28] - |A| - [59520] - C:\Windows\system32\Drivers\asw45be055686bca11b.tmp [MD5.23ED881938EA94E5EACEEE981E1030E7] - [03/11/2018 10:20:28] - |A| - [346616] - C:\Windows\system32\Drivers\asw4cd23b6be8c02440.tmp [MD5.45F6CD37D27CF6C0BC7C8E929803AC81] - [03/11/2018 10:20:29] - |A| - [87968] - C:\Windows\system32\Drivers\asw5599c699d365287b.tmp [MD5.80FD4BB639E24900883AF9BA96C85867] - [03/11/2018 10:20:29] - |A| - [163224] - C:\Windows\system32\Drivers\asw89df356a29fdc7c6.tmp [MD5.AE31C5549CA0CA57F0DAF07CF95BF9FB] - [03/11/2018 10:20:31] - |A| - [208488] - C:\Windows\system32\Drivers\asw9143c99b5dc5a0bb.tmp [MD5.3C38627F17B47EEC7378D325C81D622D] - [03/11/2018 10:20:30] - |A| - [380992] - C:\Windows\system32\Drivers\asw98051779f9369736.tmp [MD5.4192A07E3148794CDF758EA2B60278F6] - [03/11/2018 10:20:29] - |A| - [42312] - C:\Windows\system32\Drivers\aswa63611fb7774304d.tmp [MD5.C61876AACA6CE822BE18ADB9D9BD4260] - [03/11/2018 10:20:29] - |A| - [201264] - C:\Windows\system32\Drivers\aswd19cd08bc56bb5b8.tmp [MD5.5E31FF65CBE9C45422F9B6F56939A021] - [03/11/2018 10:20:28] - |A| - [1028696] - C:\Windows\system32\Drivers\aswd40fe084d5a679a8.tmp [MD5.05B25A1DD09B7FD4319D24EE3CCE43B6] - [03/11/2018 10:20:29] - |A| - [467760] - C:\Windows\system32\Drivers\aswdb2b58bacd948b2a.tmp [MD5.37AA86A8E4D7693405DEC74710D36F97] - [03/11/2018 10:20:29] - |A| - [111816] - C:\Windows\system32\Drivers\aswf459de99217e938b.tmp [MD5.C61876AACA6CE822BE18ADB9D9BD4260] - [04/11/2018 12:33:45] - |A| - [201264] - C:\Windows\system32\Drivers\avgArPot.sys [MD5.26DA272DAD54CD3EFFD2D6F30432A7A4] - [04/11/2018 12:33:45] - |A| - [230880] - C:\Windows\system32\Drivers\avgbidsdrivera.sys [MD5.455F012979E72FA5484C1ED5C5A5860E] - [04/11/2018 12:33:45] - |A| - [202296] - C:\Windows\system32\Drivers\avgbidsha.sys [MD5.23ED881938EA94E5EACEEE981E1030E7] - [04/11/2018 12:33:45] - |A| - [346616] - C:\Windows\system32\Drivers\avgbloga.sys [MD5.872A4AD5F40AA6D3F9A3E8943ADA1CF0] - [04/11/2018 12:33:45] - |A| - [59520] - C:\Windows\system32\Drivers\avgbuniva.sys [MD5.C87E121882597016F8E301094D041A17] - [04/11/2018 12:33:45] - |A| - [46920] - C:\Windows\system32\Drivers\avgHwid.sys [MD5.4192A07E3148794CDF758EA2B60278F6] - [04/11/2018 12:33:45] - |A| - [42312] - C:\Windows\system32\Drivers\avgKbd.sys [MD5.80FD4BB639E24900883AF9BA96C85867] - [04/11/2018 12:33:45] - |A| - [163224] - C:\Windows\system32\Drivers\avgMonFlt.sys [MD5.37AA86A8E4D7693405DEC74710D36F97] - [04/11/2018 12:33:45] - |A| - [111816] - C:\Windows\system32\Drivers\avgRdr2.sys [MD5.45F6CD37D27CF6C0BC7C8E929803AC81] - [04/11/2018 12:33:45] - |A| - [87968] - C:\Windows\system32\Drivers\avgRvrt.sys [MD5.5E31FF65CBE9C45422F9B6F56939A021] - [04/11/2018 12:33:45] - |A| - [1028696] - C:\Windows\system32\Drivers\avgSnx.sys [MD5.05B25A1DD09B7FD4319D24EE3CCE43B6] - [04/11/2018 12:33:45] - |A| - [467760] - C:\Windows\system32\Drivers\avgSP.sys [MD5.AE31C5549CA0CA57F0DAF07CF95BF9FB] - [04/11/2018 12:33:45] - |A| - [208488] - C:\Windows\system32\Drivers\avgStm.sys [MD5.3C38627F17B47EEC7378D325C81D622D] - [04/11/2018 12:33:45] - |A| - [380992] - C:\Windows\system32\Drivers\avgVmm.sys [MD5.CB258766E99AB3B57E6FDF32177804A2] - [04/11/2018 12:31:54] - |A| - [260480] - C:\Windows\system32\Drivers\mbamswissarmy.sys [MD5.7C6A3C53F6412013465D253DBB0916D6] - [03/11/2018 13:01:29] - |A| - [520032] - C:\Windows\system32\Drivers\trufos.sys ---------- | Drives D: [02/09/2018 17:46:58] - |ASH| - (.-.) - [44] - (0.0.0.0) - D:\language.ini E: [29/10/2018 10:19:22] - |A| - (.-.) - [377] - (0.0.0.0) - E:\MONTRE ESPI (D) - Raccourci.lnk [29/10/2018 10:26:40] - |A| - (.-.) - [15582048] - (0.0.0.0) - E:\ApplicationManager_v0905_rv198726(1_1)_STD_APM180612-01.exe [29/10/2018 10:26:41] - |A| - (.Ashampoo GmbH & Co. KG - Ashampoo Snap 9 Setup .) - [58232776] - (9.0.6.0) - E:\ashampoo_snap_9_9.0.6_sm.exe [29/10/2018 10:26:45] - |A| - (.Ashampoo GmbH & Co. KG - Ashampoo Video Optimizer Pro Setup .) - [92712216] - (1.0.0.0) - E:\ashampoo_video_optimizer_pro_1.0.0_sm.exe [29/10/2018 10:26:51] - |A| - (.© Microsoft Corporation. - Win32 Cabinet Self-Extractor .) - [10513112] - (6.0.2800.1168) - E:\BingDesktopSetup.exe [29/10/2018 10:26:53] - |A| - (.Pehoricab - Tuhosanebe Setup .) - [1877816] - (5.5.1.3) - E:\BitlordSetup_VRhuSJ_1625885219.exe [29/10/2018 10:26:53] - |A| - (.Copyright © 2015 - Cameyo.Player.) - [15142784] - (1.0.0.0) - E:\Cameyo.exe [29/10/2018 10:27:00] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1174128] - (3.0.0.2816) - E:\CyberLink_PhotoDirector_Downloader.exe [29/10/2018 10:27:00] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1174200] - (3.0.0.2816) - E:\CyberLink_YouCam_Downloader.exe [29/10/2018 10:27:00] - |A| - (.-.) - [1035970816] - (0.0.0.0) - E:\CyberLinkDirectorSuite7.0_Trial_DRS180831-01_TR180913-025.exe [29/10/2018 10:28:00] - |A| - (.Copyright©2017 Wondershare. - wondershare-filmora-(fr)_setup_full1084.exe.) - [1038440] - (2.0.9.2) - E:\filmora_setup_full1084 (1).exe [29/10/2018 10:28:01] - |A| - (.Copyright©2017 Wondershare. - wondershare-filmora-(fr)_setup_full1084.exe.) - [1038440] - (2.0.9.2) - E:\filmora_setup_full1084.exe [29/10/2018 10:28:01] - |A| - (.Mozilla - Firefox.) - [45955760] - (18.5.0.0) - E:\firefox-65.0a1.fr.win64.installer.exe [29/10/2018 10:28:05] - |A| - (.(c) 2015 Nero AG and its affiliates - NeroInstaller.) - [3269816] - (1.12.0.1) - E:\Nero2019-1.12.0.1_stub_trial.exe [29/10/2018 10:28:05] - |A| - (.Copyright (c) 2012 Flexera Software LLC. - Setup Launcher Unicode.) - [78864656] - (9.0.1.9107) - E:\NTI_Media_Maker_9.0.1.9107_Express_Trial (1).exe [29/10/2018 10:28:13] - |A| - (.-.) - [259584] - (1.0.5.0) - E:\OTH.exe [29/10/2018 10:28:14] - |A| - (.-.) - [299058632] - (0.0.0.0) - E:\PhotoDirector_10_0_2103_69885_GM2_1_Es_Essential_PTD180725-03.exe [29/10/2018 10:28:32] - |A| - (.? Kakao Corp. - PotPlayer Setup File.) - [22416064] - (1.7.3344.0) - E:\potplayer-1-7-3344.exe [29/10/2018 10:28:33] - |A| - (.©IObit. - Smart Defrag 6 .) - [14526296] - (6.1.0.118) - E:\smart-defrag-setup (1).exe [29/10/2018 10:28:35] - |A| - (.©IObit. - Smart Defrag 6 .) - [14526296] - (6.1.0.118) - E:\smart-defrag-setup.exe [29/10/2018 10:28:37] - |A| - (.© 1999-2017 Code Sector. - TeraCopy Setup .) - [4575312] - (3.2.6.0) - E:\teracopy.exe [29/10/2018 10:28:38] - |A| - (.Copyright © 2018 Wondershare. - Wondershare TidyMyMusic Setup .) - [19475696] - (1.6.0.3) - E:\tidymymusic-bing_full1701.exe [29/10/2018 10:28:41] - |A| - (.-.) - [27257680] - (1.0.0.0) - E:\U_4.9.5718.72544%20(Prod)_Free_YOU180806-03.exe [29/10/2018 10:28:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [475760] - (3.0.2.3014) - E:\UAppInst.exe [29/10/2018 10:28:43] - |A| - (.-.) - [64759928] - (1.0.0.0) - E:\UWebinar_4.9.0.3313.226446_PLK180813-01.exe [29/10/2018 10:28:47] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [476344] - (3.0.2.3014) - E:\UWebinarInst.exe [29/10/2018 10:28:47] - |A| - (.Adlice Software Copyright © 2015 - WhyIGotInfected.) - [329800] - (2.2.0.0) - E:\WhyIGotInfected.exe [29/10/2018 10:28:48] - |A| - (.Adlice Software Copyright © 2015 - WhyIGotInfected.) - [292424] - (2.1.0.0) - E:\WhyIGotInfected-WIGI-_2.1.0.0.exe [29/10/2018 10:28:48] - |A| - (.-.) - [24285912] - (0.0.0.0) - E:\x-video-cutter2-fr.exe [29/10/2018 10:28:50] - |A| - (.-.) - [24392312] - (0.0.0.0) - E:\x-video-splitter2-fr.exe [29/10/2018 10:28:51] - |A| - (.-.) - [305486616] - (0.0.0.0) - E:\YouCam_8.0.0925.0a_Essential_Essential_YUC180820-01.exe H: I: [14/09/2018 13:50:50] - |H| - (.-.) - [16] - (0.0.0.0) - I:\AUTORUN.INF [10/05/2017 22:03:43] - |N| - (.-.) - [415] - (0.0.0.0) - I:\SmartClean.ini K: L: M: Z: ---------- | C: [13/09/2018 10:39:49] - |SHD| - [0] - C:\$RECYCLE.BIN [21/11/2014 22:30:21] - |D| - [5224802567] - C:\$Windows.~BT [04/10/2018 13:39:03] - |D| - [3983810429] - C:\AdsFix [MD5.76C2DED42D5B50954CA93CAC317A0276] - [04/10/2018 13:41:15] - |A| - (.-.) - [79245] - (0.0.0.0) - C:\AdsFix_31_10_2018_03_20_35.txt [12/09/2018 04:56:30] - |D| - [64965139] - C:\AdwCleaner [12/09/2018 12:22:01] - |D| - [2] - C:\autorun.inf [02/08/2012 03:02:18] - |D| - [18175260] - C:\Boot [MD5.21BF183C15AFE62A8D1137BB9007B2A3] - [26/07/2012 09:18:43] - |RASH| - (.-.) - [398156] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 09:18:43] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [30/09/2018 17:25:35] - |HD| - [148963656] - C:\BOXRoot [MD5.F42962AD1710C223E3F862963446985A] - [13/09/2018 10:39:34] - |A| - (.-.) - [37221] - (0.0.0.0) - C:\ComboFix.txt [10/10/2018 01:54:21] - |SHD| - [47600] - C:\Config.Msi [21/09/2018 13:20:05] - |D| - [13030] - C:\Dactylo [MD5.F21C6A7367ABE80307EA64CE7D5A38E4] - [06/09/2018 14:57:03] - |A| - (.-.) - [2528] - (0.0.0.0) - C:\DelFix.txt [26/07/2012 08:22:08] - |SD| - [0] - C:\Documents and Settings [13/09/2018 19:44:01] - |D| - [225772521] - C:\eclipse [04/10/2018 09:15:38] - |D| - [734372930] - C:\EEK [04/09/2018 13:00:24] - |D| - [21624477] - C:\Exiland Backup Standard [MD5.834BEA0C82C7D907F8E8400642D15893] - [08/09/2018 08:47:40] - |A| - (.-.) - [2216] - (0.0.0.0) - C:\GUDownLoaddebug.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/10/2018 03:20:35] - |ASH| - (.-.) - [3070001152] - (0.0.0.0) - C:\hiberfil.sys [07/01/2013 12:49:41] - |RD| - [4053232] - C:\hp [01/08/2012 18:09:20] - |D| - [61626] - C:\inetpub [08/09/2018 10:00:42] - |D| - [296645] - C:\Look_my_hardware [06/09/2018 14:35:01] - |D| - [1394] - C:\MaConfig [MD5.BBF4AB4BF6EE9F29963C8F768F24AB85] - [05/09/2018 14:31:29] - |A| - (.-.) - [9454] - (0.0.0.0) - C:\MINI.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 08:30:46] - |RAS| - (.-.) - [0] - (0.0.0.0) - C:\OS [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/09/2018 17:38:39] - |ASH| - (.-.) - [1291845632] - (0.0.0.0) - C:\pagefile.sys [13/09/2018 15:11:39] - |D| - [114326] - C:\PCPinBackup [11/09/2018 16:31:06] - |D| - [22956880] - C:\PcPinPoint [11/09/2018 14:45:22] - |D| - [1274471530] - C:\Pre_Scan [MD5.4D7A497A4986236A1A83C207C49762C0] - [11/09/2018 16:00:31] - |RA| - (.-.) - [32182] - (0.0.0.0) - C:\Pre_Scan_11_09_2018_17_00_28.txt [26/07/2012 06:37:58] - |D| - [9293324002] - C:\Program Files [26/07/2012 06:37:58] - |RD| - [13966885665] - C:\Program Files (x86) [26/07/2012 06:37:58] - |D| - [5751225045] - C:\ProgramData [10/09/2018 22:27:25] - |D| - [3184311] - C:\Qoobox [04/11/2018 13:15:03] - |D| - [68684] - C:\QuickDiag [MD5.E59FA42AFB2F2125A6724272854F9D65] - [04/11/2018 13:15:15] - |A| - (.-.) - [377762] - (0.0.0.0) - C:\QuickDiag.txt [MD5.073713C3CE82E304A5822A8C3BA4C484] - [06/09/2018 15:48:59] - |A| - (.-.) - [157] - (0.0.0.0) - C:\RecorderProtectionError.txt [07/09/2018 06:22:47] - |D| - [0] - C:\Recovery [12/09/2018 13:50:04] - |D| - [170040698] - C:\RegBackup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/09/2018 17:38:40] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [02/08/2012 04:15:28] - |AD| - [1059213823] - C:\SWSETUP [02/09/2018 17:38:38] - |SHD| - [10734779216] - C:\System Volume Information [01/08/2012 10:57:15] - |RAD| - [39069433] - C:\SYSTEM.SAV [26/07/2012 06:37:58] - |RD| - [125296410622] - C:\Users [26/07/2012 06:37:59] - |D| - [22146701124] - C:\Windows [04/09/2018 10:24:31] - |D| - [223469] - C:\_Backup [04/09/2018 10:24:44] - |RSHD| - [363949787] - C:\_Backup.RC ---------- | C:\Windows [26/07/2012 09:12:59] - |D| - [802] - C:\Windows\addins [26/07/2012 09:12:59] - |D| - [28361604] - C:\Windows\AppCompat [26/07/2012 09:12:59] - |D| - [12495634] - C:\Windows\apppatch [26/07/2012 09:12:58] - |RSD| - [1154525801] - C:\Windows\assembly [MD5.A026C82C0D688AF780AA987F0898C72A] - [12/09/2012 03:22:10] - |A| - (.-.) - [38316] - (0.0.0.0) - C:\Windows\atiogl.xml [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 00:09:53] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\AUInstallAgent [MD5.059AE72BB6B928804D5385AF2896D2DC] - [26/07/2012 02:59:23] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [75264] - (6.2.9200.16384) - C:\Windows\bfsvc.exe [26/07/2012 09:12:59] - |D| - [38555035] - C:\Windows\Boot [MD5.0CF98018C4E4EF9D8B789C0F84C505B4] - [26/07/2012 08:21:26] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [26/07/2012 09:12:59] - |D| - [2294248] - C:\Windows\Branding [26/07/2012 08:59:48] - |D| - [31952] - C:\Windows\CbsTemp [MD5.A59F3E4CFD0FFC84FEBCFB548EC0F064] - [26/07/2012 10:46:02] - |A| - (.-.) - [31497] - (0.0.0.0) - C:\Windows\Core.xml [MD5.B749466D1A93B0BFE3590BD487A793BF] - [05/03/2013 00:14:16] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\csup.txt [26/07/2012 09:12:59] - |D| - [2113488] - C:\Windows\Cursors [26/07/2012 09:12:59] - |D| - [5311] - C:\Windows\debug [26/07/2012 09:12:59] - |RD| - [21094] - C:\Windows\DesktopTileResources [MD5.050C668A459D689E7C033DBCA4417642] - [06/09/2018 22:29:56] - |A| - (.-.) - [22863] - (0.0.0.0) - C:\Windows\diagerr.xml [26/07/2012 09:12:59] - |D| - [3513266] - C:\Windows\diagnostics [MD5.050C668A459D689E7C033DBCA4417642] - [06/09/2018 22:29:56] - |A| - (.-.) - [22863] - (0.0.0.0) - C:\Windows\diagwrn.xml [26/07/2012 09:18:12] - |D| - [0] - C:\Windows\DigitalLocker [MD5.2C83A092EFB3986D8BF4A27AC2CF64A3] - [30/10/2018 14:59:45] - |A| - (.-.) - [16929] - (0.0.0.0) - C:\Windows\DirectX.log [26/07/2012 09:12:59] - |SD| - [65] - C:\Windows\Downloaded Program Files [26/07/2012 09:12:59] - |D| - [46896] - C:\Windows\ELAMBKUP [26/07/2012 10:43:43] - |D| - [116160] - C:\Windows\en-GB [26/07/2012 09:18:12] - |D| - [0] - C:\Windows\en-US [04/09/2018 11:42:34] - |D| - [183434292] - C:\Windows\erdnt [06/09/2018 14:57:43] - |D| - [91835498] - C:\Windows\ERUNT [MD5.0E8E6463F81C80AFBED533E0F1F8895D] - [06/09/2018 00:20:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2391280] - (6.2.9200.16628) - C:\Windows\explorer.exe [26/07/2012 06:37:59] - |RSD| - [392462081] - C:\Windows\Fonts [05/03/2013 00:46:39] - |D| - [116648] - C:\Windows\fr [05/03/2013 08:53:36] - |D| - [113664] - C:\Windows\fr-FR [26/07/2012 09:12:59] - |D| - [74391260] - C:\Windows\Globalization [MD5.9E05A9C264C8A908A8E79450FCBFF047] - [10/09/2018 22:28:55] - |A| - (.-.) - [80412] - (0.0.0.0) - C:\Windows\grep.exe [26/07/2012 09:12:59] - |D| - [3727826] - C:\Windows\Help [MD5.10BBA7938E28716B96F79DE54BE04CFC] - [06/09/2018 05:39:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [883712] - (6.2.9200.16451) - C:\Windows\HelpPane.exe [MD5.AAFA7BB276B802F8D791ECACFC380FBD] - [26/07/2012 03:15:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17408] - (6.2.9200.16384) - C:\Windows\hh.exe [26/07/2012 09:12:59] - |D| - [202329669] - C:\Windows\IME [26/07/2012 09:12:59] - |RD| - [1201447] - C:\Windows\ImmersiveControlPanel [26/07/2012 06:37:59] - |D| - [126916929] - C:\Windows\Inf [26/07/2012 09:12:59] - |SHD| - [2124011098] - C:\Windows\Installer [26/07/2012 09:12:59] - |D| - [57303] - C:\Windows\L2Schemas [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\LiveKernelReports [26/07/2012 06:37:59] - |D| - [46653874] - C:\Windows\Logs [MD5.0277C027A26428DB64EF4F64F52BB4FD] - [10/09/2018 22:28:55] - |A| - (.-.) - [208896] - (0.0.0.0) - C:\Windows\MBR.exe [26/07/2012 09:12:59] - |RSD| - [12703521] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [25/07/2012 21:37:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [26/07/2012 09:12:58] - |D| - [714294160] - C:\Windows\Microsoft.NET [05/09/2018 18:49:41] - |D| - [1536] - C:\Windows\Migration [07/09/2018 16:23:46] - |D| - [0] - C:\Windows\Minidump [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\ModemLogs [MD5.753BC16326FEE4A421ACB636CCD602F4] - [10/09/2018 22:28:55] - |A| - (.Copyright © 2003 - 2009 Nir Sofer - NirCmd.) - [60416] - (2.3.5.189) - C:\Windows\NIRCMD.exe [MD5.E48A573A7E96A81CB97385768F6CFA4E] - [05/09/2018 14:42:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243712] - (6.2.9200.17434) - C:\Windows\notepad.exe [26/07/2012 09:12:59] - |RD| - [65] - C:\Windows\Offline Web Pages [02/08/2012 03:02:31] - |D| - [2941498] - C:\Windows\Panther [05/03/2013 00:46:12] - |D| - [0] - C:\Windows\PCHEALTH [26/07/2012 09:12:59] - |D| - [45290833] - C:\Windows\Performance [MD5.F042EE4C8D66248D9B86DCF52ABAE416] - [10/09/2018 22:28:55] - |A| - (.-.) - [256000] - (0.0.0.0) - C:\Windows\PEV.exe [MD5.5D98950B6A3DB8B8D64DCE825AB3658C] - [31/10/2018 07:50:12] - |A| - (.-.) - [5866] - (0.0.0.0) - C:\Windows\PFRO.log [26/07/2012 09:12:59] - |D| - [1136441] - C:\Windows\PLA [26/07/2012 09:12:59] - |D| - [2407576] - C:\Windows\PolicyDefinitions [01/08/2012 18:03:20] - |D| - [18277367] - C:\Windows\Prefetch [04/09/2018 13:21:18] - |D| - [40960] - C:\Windows\pss [MD5.FBBAD33ED97E961CC1500872DE5D96DD] - [26/07/2012 02:14:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [159232] - (6.2.9200.16384) - C:\Windows\regedit.exe [26/07/2012 09:12:59] - |D| - [1071164] - C:\Windows\Registration [26/07/2012 09:12:59] - |D| - [4733517] - C:\Windows\rescache [26/07/2012 09:12:59] - |D| - [2480380] - C:\Windows\Resources [MD5.2A7B78F4CFA0F1A5655891DDAACEFAD9] - [05/03/2013 00:18:17] - |A| - (.Copyright (C) 2012 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1706640] - (1.0.3.8) - C:\Windows\RtlExUpd.dll [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\SchCache [26/07/2012 09:12:59] - |D| - [99253] - C:\Windows\schemas [26/07/2012 09:12:59] - |D| - [1057250] - C:\Windows\security [MD5.2B657A67AEBB84AEA5632C53E61E23BF] - [10/09/2018 22:28:55] - |A| - (.-.) - [98816] - (0.0.0.0) - C:\Windows\sed.exe [26/07/2012 08:19:54] - |D| - [53383139] - C:\Windows\ServiceProfiles [26/07/2012 06:37:59] - |D| - [125850706] - C:\Windows\servicing [26/07/2012 08:20:02] - |D| - [42] - C:\Windows\Setup [MD5.9F95F91612B880703294B1CF985BE29E] - [03/11/2018 09:15:01] - |A| - (.-.) - [778] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/11/2018 09:15:01] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [26/07/2012 10:45:49] - |D| - [9383] - C:\Windows\ShellNew [26/07/2012 10:45:49] - |D| - [16378336] - C:\Windows\SKB [13/09/2018 08:43:40] - |D| - [150657545] - C:\Windows\SoftwareDistribution [26/07/2012 09:12:59] - |D| - [100049735] - C:\Windows\Speech [MD5.974A3A675E5E0CECA74F62F6C39AF592] - [26/07/2012 02:27:54] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [126464] - (6.2.9200.16384) - C:\Windows\splwow64.exe [MD5.E8F40F7C46A1D730763AFC1D9BD96326] - [26/07/2012 08:59:47] - |A| - (.-.) - [31537] - (0.0.0.0) - C:\Windows\Starter.xml [MD5.A46842C9B0C567A5A9584E83A163560C] - [10/09/2018 22:28:55] - |A| - (.Copyright © Frank Staal 1999-2008 - Freeware implementation of REG.EXE.) - [518144] - (3.0.0.0) - C:\Windows\SWREG.exe [MD5.0297C72529807322B152F517FDB0A9FC] - [10/09/2018 22:28:55] - |A| - (.Copyright © Frank Staal 1999-2006 - Freeware implementation of SC.EXE.) - [406528] - (2.0.0.5) - C:\Windows\SWSC.exe [MD5.B1A9CF0B6F80611D31987C247EC630B4] - [10/09/2018 22:28:55] - |A| - (.Copyright © Frank Staal 1999-2006 - Freeware implementation of XCACLS.) - [212480] - (1.0.1.1) - C:\Windows\SWXCACLS.exe [26/07/2012 09:12:59] - |AD| - [1969288] - C:\Windows\System [MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - [26/07/2012 06:26:52] - |A| - (.-.) - [215] - (0.0.0.0) - C:\Windows\system.ini [26/07/2012 06:38:00] - |D| - [4466518434] - C:\Windows\System32 [26/07/2012 06:38:00] - |AD| - [1588372990] - C:\Windows\SysWOW64 [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\TAPI [26/07/2012 09:12:59] - |D| - [9034] - C:\Windows\Tasks [11/09/2018 13:32:57] - |D| - [1666735] - C:\Windows\Temp [26/07/2012 09:12:59] - |RD| - [19134] - C:\Windows\ToastData [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\tracing [26/07/2012 09:12:59] - |D| - [43083340] - C:\Windows\twain_32 [MD5.DA7EB5D3652FE2B1676AAA9E6E241E68] - [26/07/2012 02:19:02] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [50176] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - [12/09/2018 13:50:09] - |A| - (.-.) - [207] - (0.0.0.0) - C:\Windows\tweaking.com-regbackup-LFS_HYPER_UEFM-Windows-8-(64-bit).dat [26/07/2012 09:12:59] - |D| - [12420] - C:\Windows\Vss [26/07/2012 09:12:59] - |D| - [18301935] - C:\Windows\Web [MD5.6B7673BC06AA498E9F963678C770D0AE] - [26/07/2012 06:26:52] - |A| - (.-.) - [128] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [02/06/2012 15:32:56] - |RA| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.C8C9B9D84D28A4089033A8199C46CA45] - [11/10/2018 16:25:08] - |A| - (.-.) - [1327004] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.EADA08C87AD2A913563244CCF4391E5D] - [26/07/2012 03:09:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10752] - (6.2.9200.16384) - C:\Windows\winhlp32.exe [MD5.6F03CA7FEB5EEC5E945645CDC93C9870] - [16/09/2018 07:28:31] - |A| - (.-.) - [426] - (0.0.0.0) - C:\Windows\wininit.ini [26/07/2012 09:12:59] - |D| - [1312539] - C:\Windows\WinStore [26/07/2012 06:38:00] - |D| - [10273259007] - C:\Windows\WinSxS [MD5.D935AD9372C6858C04E3FB423149134C] - [28/07/2012 03:54:00] - |A| - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [321472] - (16.4.3503.728) - C:\Windows\WLXPGSS.SCR [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [02/06/2012 15:34:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.CDEE22097674B556817D09AA96467902] - [26/07/2012 03:00:48] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10752] - (6.2.9200.16384) - C:\Windows\write.exe [MD5.21A81B08A128754E63660014B46FBA3D] - [04/11/2018 12:30:48] - |A| - (.-.) - [90223] - (0.0.0.0) - C:\Windows\ZAM.krnl.trace [MD5.F3BE637AB0CB6A9A4D4012FC18B9A946] - [04/11/2018 12:30:48] - |A| - (.-.) - [55377] - (0.0.0.0) - C:\Windows\ZAM_Guard.krnl.trace [MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - [10/09/2018 22:28:55] - |A| - (.-.) - [68096] - (0.0.0.0) - C:\Windows\zip.exe ---------- | C:\Windows\System32\GroupPolicy [MD5.C57F2E759C7EBFE8C8285F5D2F2BFC6A] - [10/09/2018 22:17:21] - |A| - (.-.) - [127] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\GPT.INI [10/09/2018 22:17:21] - |D| - [150] - C:\Windows\System32\GroupPolicy\Machine [10/09/2018 22:17:21] - |D| - [0] - C:\Windows\System32\GroupPolicy\User ---------- | Systemroot\System [22/01/2018 12:18:44] - |A| - [1384] - C:\Windows\System\linjqbyk.kfl () - () [03/09/2018 22:59:50] - |A| - [935632] - C:\Windows\System\Vb40016.dll (Copyright © 1987-1995 Microsoft Corp.) - (Visual Basic 4.0 runtime library) [03/09/2018 22:59:51] - |A| - [271264] - C:\Windows\System\vbrun100.dll () - () [03/09/2018 22:59:51] - |A| - [356992] - C:\Windows\System\vbrun200.dll (Copyright © 1987-1992 Microsoft Corp) - (Visual Basic 2.0 runtime library) [03/09/2018 22:59:51] - |A| - [398416] - C:\Windows\System\Vbrun300.dll (Copyright © 1987-1993 Microsoft Corp) - (Visual Basic 3.0 runtime library) [10/09/1999 12:06:00] - |A| - [5600] - C:\Windows\System\WINASPI.DLL (Copyright © 1989-1999 Adaptec, Inc.) - (ASPI for Win16 (95/NT) DLL) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [13/09/2018 15:30:27] - C:\Windows\Installer\10c5101.msi : (Google Drive - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/05/2018 05:35:56] - C:\Windows\Installer\10c5114.msi : (Citrix Receiver Inside - Citrix Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/09/2018 07:48:05] - C:\Windows\Installer\10c5122.msi : (SD Card Formatter - SD Association) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/09/2018 11:34:41] - C:\Windows\Installer\10c51ac.msi : (3-Heights(TM) PDF Analysis & Repair - PDF Tools AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:02] - C:\Windows\Installer\1285da2b.msi : (Corel AfterShot Pro 3 x64 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:07] - C:\Windows\Installer\1285da32.msi : (Corel AfterShot Pro 3 - IPM x64 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:07] - C:\Windows\Installer\1285da39.msi : (Corel AfterShot Pro 3 - IPM Content x64 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:06] - C:\Windows\Installer\1285da40.msi : (Corel AfterShot Pro 3 - HDR x64 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:08] - C:\Windows\Installer\1285da47.msi : (Corel AfterShot Pro 3 - ICA x64 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2018 06:54:06] - C:\Windows\Installer\1285da4a.msi : (Corel Update Helper v2 - Corel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 19:23:50] - C:\Windows\Installer\15b2ee.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/08/2012 06:20:32] - C:\Windows\Installer\15b2f8.msi : (HP Postscript Converter - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/07/2012 22:54:11] - C:\Windows\Installer\15b301.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2012 03:07:50] - C:\Windows\Installer\15b307.msi : ( - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2012 00:12:59] - C:\Windows\Installer\15b310.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/07/2007 13:45:34] - C:\Windows\Installer\19c38780.msi : (Logiciel d'apprentissage de la dactylographie - Jean-Jacques Gaudoz) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/09/2018 10:19:16] - C:\Windows\Installer\1b8148.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 09:41:29] - C:\Windows\Installer\25a22cb.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/07/2012 23:22:32] - C:\Windows\Installer\2dfc7.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:54] - C:\Windows\Installer\2dfcc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:05:09] - C:\Windows\Installer\2dfd2.msi : (AMD Catalyst Install Manager Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 08:59:01] - C:\Windows\Installer\2dfd7.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:33] - C:\Windows\Installer\2dfdc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:42] - C:\Windows\Installer\2dfe1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:46] - C:\Windows\Installer\2dfe6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:52] - C:\Windows\Installer\2dfeb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:58] - C:\Windows\Installer\2dff0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:04] - C:\Windows\Installer\2dff5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:11] - C:\Windows\Installer\2dffa.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:16] - C:\Windows\Installer\2dfff.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:20] - C:\Windows\Installer\2e004.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:27] - C:\Windows\Installer\2e009.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:33] - C:\Windows\Installer\2e00e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:37] - C:\Windows\Installer\2e013.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:43] - C:\Windows\Installer\2e018.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:47] - C:\Windows\Installer\2e01d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:52] - C:\Windows\Installer\2e022.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:02:59] - C:\Windows\Installer\2e027.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:03] - C:\Windows\Installer\2e02c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:10] - C:\Windows\Installer\2e031.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:14] - C:\Windows\Installer\2e036.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:20] - C:\Windows\Installer\2e03b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:26] - C:\Windows\Installer\2e040.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:32] - C:\Windows\Installer\2e045.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:36] - C:\Windows\Installer\2e04a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:03:44] - C:\Windows\Installer\2e04f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:04:11] - C:\Windows\Installer\2e054.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:01:24] - C:\Windows\Installer\2e05a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/08/2012 09:05:35] - C:\Windows\Installer\2e05f.msi : (AMD Accelerated Parallel Processing SDK - Advanced Micro Devices Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2013 00:20:47] - C:\Windows\Installer\2e065.msi : (HP Support Assistant - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2012 08:46:42] - C:\Windows\Installer\2e06a.msi : (Blank Project Template - Hewlett-Packard Company) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2013 00:24:47] - C:\Windows\Installer\2e06f.msi : (Blank Project Template - Hewlett-Packard) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/07/2012 02:38:58] - C:\Windows\Installer\2e073.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2012 23:03:55] - C:\Windows\Installer\2e081.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2012 22:59:51] - C:\Windows\Installer\2e086.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/09/2018 08:36:40] - C:\Windows\Installer\314808e.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/09/2018 21:36:49] - C:\Windows\Installer\3396347.msi : (Paragon HFS+ for Windows - Paragon Software) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/09/2018 16:04:50] - C:\Windows\Installer\3787a7.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/01/2016 12:09:58] - C:\Windows\Installer\4425be2c.msi : (Epson Event Manager - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/04/2016 12:20:00] - C:\Windows\Installer\442d37fd.msi : (MyEpson Portal Setup - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/08/2017 00:00:00] - C:\Windows\Installer\442d3804.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/05/2015 08:45:36] - C:\Windows\Installer\442d3812.msi : (Epson E-Web Print - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/03/2012 18:23:58] - C:\Windows\Installer\4ef4b866.msi : (Newsletter et emailing - Ewaycom) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/05/2011 12:24:36] - C:\Windows\Installer\4f010dda.msi : (Blank Project Template - Avanquest) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2018 09:17:26] - C:\Windows\Installer\4f66bd.msi : (The Bat! v8.6.0 (64-bit) - Ritlabs, SRL) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/08/2018 03:49:00] - C:\Windows\Installer\51503b.msi : (Epson Software Updater - Seiko Epson Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2018 09:33:21] - C:\Windows\Installer\5df3d6.msi : (calibre Installer - Kovid Goyal) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/10/2018 05:19:54] - C:\Windows\Installer\6806cb.msi : (Java(TM) SE Runtime Environment 6.0 - Oracle) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2018 10:01:15] - C:\Windows\Installer\77874f.msi : (Java SE Runtime Environment 8 Update 181 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2018 10:02:54] - C:\Windows\Installer\778755.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/09/2018 18:51:07] - C:\Windows\Installer\a2b6407.msi : (Silent Install Builder 5 - Aprel Tech, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2018 15:11:10] - C:\Windows\Installer\a5dedb.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2018 06:02:58] - C:\Windows\Installer\d14445.msi : (DaVinci Resolve Panels - Blackmagic Design) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/11/2018 23:49:31] - C:\Windows\Installer\dbb8cbc.msi : (Backup and Sync from Google - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [24/09/2018 12:19:58] - C:\Windows\Installer\ff818a8.msi : (Hotspot Shield 7.13.0 - AnchorFree Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/03/2013 00:24:49] - [10134] - C:\Windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:08] - [88102] - C:\Windows\Installer\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}\ARPPRODUCTICON.exe () - () [05/03/2013 00:37:42] - [300318] - C:\Windows\Installer\{0FA995CC-C849-4755-B14B-5404CC75DC24}\_853F67D554F05449430E7E.exe () - () [05/03/2013 00:20:03] - [88102] - C:\Windows\Installer\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}\ARPPRODUCTICON.exe () - () [14/09/2018 08:02:12] - [167360] - C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [14/09/2018 08:02:12] - [167360] - C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut11_9F21041712364E7FBB19D6D84D3AFF1D.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [14/09/2018 08:02:12] - [167360] - C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\NewShortcut1_69C2B9A012C943F8B6BC658D1AC73474.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [05/10/2018 07:11:20] - [60568] - C:\Windows\Installer\{135781FB-026A-4164-838C-0C447783C32B}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [05/03/2013 00:20:02] - [88102] - C:\Windows\Installer\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:04] - [88102] - C:\Windows\Installer\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:11] - [88102] - C:\Windows\Installer\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}\ARPPRODUCTICON.exe () - () [05/03/2013 00:28:50] - [156903] - C:\Windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe () - () [05/03/2013 00:37:25] - [101879] - C:\Windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe () - () [05/10/2018 07:18:58] - [60592] - C:\Windows\Installer\{2B482BD8-191A-4D79-8E8B-10AB97176A34}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [05/03/2013 00:20:16] - [88102] - C:\Windows\Installer\{2E2526C8-51A8-F6EB-8289-6787E880CE27}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:16] - [88102] - C:\Windows\Installer\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}\ARPPRODUCTICON.exe () - () [21/09/2018 12:18:46] - [766] - C:\Windows\Installer\{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED}\ARPPRODUCTICON.exe () - () [21/09/2018 12:18:46] - [40960] - C:\Windows\Installer\{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED}\NewShortcut1.exe (Copyright © 2000) - (InstallShield) [21/09/2018 12:18:46] - [40960] - C:\Windows\Installer\{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED}\NewShortcut2.exe (Copyright © 2000) - (InstallShield) [05/03/2013 00:25:52] - [74032] - C:\Windows\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:23] - [10134] - C:\Windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:06] - [88102] - C:\Windows\Installer\{5AD25D5C-C813-146B-4FB0-76561F7875B7}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:09] - [88102] - C:\Windows\Installer\{5B4886EE-5A95-C257-A68F-2DCADE47A273}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:12] - [88102] - C:\Windows\Installer\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}\ARPPRODUCTICON.exe () - () [30/10/2018 14:43:58] - [4286] - C:\Windows\Installer\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}\_3FBE2728FBB0DE4E7CABFD.exe () - () [30/10/2018 14:43:58] - [4286] - C:\Windows\Installer\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}\_61F0397B0B7994F03ECC60.exe () - () [30/10/2018 14:43:58] - [4286] - C:\Windows\Installer\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}\_6FEFF9B68218417F98F549.exe () - () [30/10/2018 14:43:58] - [4286] - C:\Windows\Installer\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}\_FC3F1B2CBE74CF138F3D41.exe () - () [05/03/2013 00:20:01] - [88102] - C:\Windows\Installer\{5F5ACD0C-A454-32A7-E206-EE89B1510128}\ARPPRODUCTICON.exe () - () [05/03/2013 00:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\ARPPRODUCTICON.exe () - () [05/03/2013 00:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/03/2013 00:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/03/2013 00:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/03/2013 00:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe () - () [05/03/2013 00:20:11] - [88102] - C:\Windows\Installer\{67087BB4-19B4-C169-3E52-2BED796D8AB3}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:08] - [88102] - C:\Windows\Installer\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}\ARPPRODUCTICON.exe () - () [28/10/2018 12:31:17] - [1278016] - C:\Windows\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe (Copyright (C) SEIKO EPSON CORPORATION 2010-2013.) - (E-Web Print Preview) [05/03/2013 00:24:44] - [53248] - C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe (Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/03/2013 00:19:59] - [10134] - C:\Windows\Installer\{7474548C-E456-4818-8ED0-4A1F00EF77A1}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:04] - [88102] - C:\Windows\Installer\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:00] - [88102] - C:\Windows\Installer\{839D1577-5415-6C89-6642-515DFFE6432F}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:07] - [88102] - C:\Windows\Installer\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}\ARPPRODUCTICON.exe () - () [05/10/2018 07:14:58] - [60568] - C:\Windows\Installer\{85082869-BCD7-40ED-A119-DBA8A78C460F}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [07/10/2018 07:33:01] - [101528] - C:\Windows\Installer\{95841B8F-1C5A-45A7-BACF-0D5DA1D2090D}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [28/10/2018 12:22:22] - [1241296] - C:\Windows\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe (Copyright (C) 2011) - (EProjManager Application) [05/03/2013 00:20:13] - [88102] - C:\Windows\Installer\{A666A6E7-3A51-E289-559B-BF3486036ABF}\ARPPRODUCTICON.exe () - () [05/03/2013 00:19:36] - [88102] - C:\Windows\Installer\{ABA39912-380C-0EF3-C820-868115EB1DAC}\ARPPRODUCTICON.exe () - () [25/09/2018 16:05:29] - [10134] - C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824298644}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:03] - [88102] - C:\Windows\Installer\{AC7A441A-353F-75F6-6ABA-3BF98161B530}\ARPPRODUCTICON.exe () - () [05/03/2013 00:49:28] - [10134] - C:\Windows\Installer\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}\_6FB06134364694D5797749.exe () - () [05/03/2013 00:20:05] - [88102] - C:\Windows\Installer\{B6480ED1-448E-813B-4FE0-BED811D1C01F}\ARPPRODUCTICON.exe () - () [05/10/2018 07:21:58] - [60568] - C:\Windows\Installer\{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [05/03/2013 00:20:00] - [88102] - C:\Windows\Installer\{BDBF9803-B57C-AB2A-8830-CBED34703840}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:09] - [88102] - C:\Windows\Installer\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}\ARPPRODUCTICON.exe () - () [05/03/2013 00:29:54] - [79345] - C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe () - () [03/11/2018 10:32:10] - [143360] - C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}\ARPPRODUCTICON.exe (Copyright (c) 2016 Flexera Software LLC.) - (InstallShield) [03/11/2018 10:32:10] - [143360] - C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}\WinZip64_Shortcut_Desktop.exe (Copyright (c) 2016 Flexera Software LLC.) - (InstallShield) [03/11/2018 10:32:10] - [143360] - C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}\WinZip64_Shortcut_MenuGroup.exe (Copyright (c) 2016 Flexera Software LLC.) - (InstallShield) [03/11/2018 10:32:10] - [143360] - C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}\WinZip64_Shortcut_StartMenu.exe (Copyright (c) 2016 Flexera Software LLC.) - (InstallShield) [05/03/2013 00:20:06] - [88102] - C:\Windows\Installer\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}\ARPPRODUCTICON.exe () - () [05/03/2013 00:43:25] - [297086] - C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe () - () [05/03/2013 00:17:28] - [53248] - C:\Windows\Installer\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}\ARPPRODUCTICON.exe (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/03/2013 00:20:20] - [88102] - C:\Windows\Installer\{E8406BA9-5D47-4A62-08C3-759EA677229A}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:14] - [88102] - C:\Windows\Installer\{F193812F-83C0-3CED-1EDE-BE2525267303}\ARPPRODUCTICON.exe () - () [05/03/2013 00:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_853F67D554F05449430E7E.exe () - () [05/03/2013 00:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_E6113B9D6EB98153552F17.exe () - () [05/03/2013 00:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_E8C9E3A9CF262083682835.exe () - () [05/03/2013 00:20:13] - [88102] - C:\Windows\Installer\{F754BC24-2C04-F76E-C403-0175F0954560}\ARPPRODUCTICON.exe () - () [05/03/2013 00:20:10] - [88102] - C:\Windows\Installer\{FC62C740-2339-618C-467B-36CE6D409E5F}\ARPPRODUCTICON.exe () - () [05/03/2013 00:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\ARPPRODUCTICON.exe (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/03/2013 00:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\HPSF.exe2_2EBA634C3DB04BEC8765F065A06AB6AA.exe (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/03/2013 00:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\NewShortcut2_06EDE08E9D6342F1AC2C30BC31ED1770.exe (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield) [05/10/2018 07:08:17] - [60592] - C:\Windows\Installer\{FF7EE438-AD34-4E89-9ADE-F1792EC86016}\ARPPRODUCTICON.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) [05/10/2018 07:08:18] - [335024] - C:\Windows\Installer\{FF7EE438-AD34-4E89-9ADE-F1792EC86016}\NewShortcut1_D3558AC52ECB4A64AD2F6920864958B4.exe (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield) ---------- | %System%\*.in* [26/07/2012 09:13:14] - [75] - C:\Windows\System32\desktop.ini [25/07/2012 23:57:48] - [25185] - C:\Windows\System32\ieuinit.inf [26/10/2012 08:42:22] - [29494] - C:\Windows\System32\lvcoin64.ini [26/07/2012 08:28:09] - [1778962] - C:\Windows\System32\PerfStringBackup.INI [02/06/2012 21:26:07] - [60124] - C:\Windows\System32\tcpmon.ini [29/09/2018 12:53:34] - [36] - C:\Windows\Syswow64\Error.ini [25/07/2012 23:54:50] - [25185] - C:\Windows\Syswow64\ieuinit.inf [27/08/2002 00:42:18] - [1199] - C:\Windows\Syswow64\panadv.inf [01/08/2012 18:09:37] - [915038] - C:\Windows\Syswow64\PerfStringBackup.INI ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.60AB39637FD7496E21DE870FDA4CC5CA] - |A| - [25/07/2012 21:35:41] - (.-.) - [6.71 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb [MD5.AF1EE098731BA9D2C1273E031B734B4E] - |A| - [05/09/2018 22:21:49] - (.-.) - [379.67 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64 [MD5.F52E0457B0F49563885ECFB76E3CF4BE] - |ASH| - [04/09/2018 13:21:20] - (.-.) - [40 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [04/09/2018 13:21:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG1 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [04/09/2018 13:21:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG2 [MD5.966BF956A949B9670D56BDB3DEF97FDB] - |A| - [01/11/2018 12:03:46] - (.-.) - [2.26 Ko] - (0.0.0.0) - C:\Windows\Temp\AdobeARM.log [MD5.8F681D88EDEC8930968031A4F2BAEB42] - |A| - [01/11/2018 12:05:48] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\Windows\Temp\AdobeARM_NotLocked.log [MD5.85D41D3779ECB9FFDCDB0CB2331180F3] - |A| - [31/10/2018 07:50:54] - (.-.) - [281.09 Ko] - (0.0.0.0) - C:\Windows\Temp\adobegc.log [MD5.00000000000000000000000000000000] - |D| - [04/11/2018 12:33:02] - [0 Ko] - C:\Windows\Temp\avg_ash2 [MD5.CA739C4788CE0F432E2F62486F460DE2] - || - [31/10/2018 07:50:52] - (.-.) - [244 Ko] - (0.0.0.0) - C:\Windows\Temp\AVQBootEvents.etl [MD5.00000000000000000000000000000000] - |D| - [31/10/2018 07:50:55] - [17.03 Ko] - C:\Windows\Temp\Comodo LogsFolder [MD5.00000000000000000000000000000000] - |D| - [31/10/2018 07:53:10] - [0 Ko] - C:\Windows\Temp\comtypes_cache [MD5.00000000000000000000000000000000] - |D| - [04/11/2018 12:33:03] - [47.81 Ko] - C:\Windows\Temp\cpuz143 [MD5.00000000000000000000000000000000] - |D| - [31/10/2018 07:50:54] - [215.82 Ko] - C:\Windows\Temp\CreativeCloud [MD5.00000000000000000000000000000000] - |D| - [04/11/2018 00:35:13] - [0 Ko] - C:\Windows\Temp\F06EB15E-F964-4024-8590-A31E4D38B68C [MD5.F01D8534B49D07E8391662A7A6F4A64C] - |A| - [31/10/2018 07:51:06] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20181031-075106-0.log [MD5.DB695A42CD705ACA78CDD044C5046AA0] - |A| - [04/11/2018 12:31:55] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20181104-123155-0.log [MD5.277240365E1581F097D5175898170181] - |A| - [01/11/2018 12:05:37] - (.-.) - [97.11 Ko] - (0.0.0.0) - C:\Windows\Temp\MSIa85e.LOG [MD5.A7764C3AF011B0FA309F73000414B964] - |A| - [15/10/2018 08:07:55] - (.-.) - [8.89 Ko] - (0.0.0.0) - C:\Windows\Temp\optboottime.dat [MD5.A7984EAEDA0891B91465CE432C4EBDFF] - |A| - [03/11/2018 11:20:38] - (.-.) - [148.42 Ko] - (0.0.0.0) - C:\Windows\Temp\sd_3392.tmp [MD5.8C754C980D6216D9F8276B1AC6FB0A96] - |A| - [04/11/2018 12:33:01] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\Windows\Temp\sd_43D2.tmp [MD5.89AD4297689008936AA47B2EFAE7F9E9] - |A| - [03/11/2018 12:21:58] - (.-.) - [148.36 Ko] - (0.0.0.0) - C:\Windows\Temp\sd_5A66.tmp [MD5.985A3774D69220328F8BA2622B086E4C] - |A| - [03/11/2018 12:22:19] - (.-.) - [148.44 Ko] - (0.0.0.0) - C:\Windows\Temp\sd_AC10.tmp [MD5.00000000000000000000000000000000] - |D| - [04/11/2018 07:20:32] - [0 Ko] - C:\Windows\Temp\tmp00000375 [MD5.5AEAB3A7B5E0B32EFB61DEF19D120F47] - |A| - [30/10/2018 21:31:29] - (.-.) - [154.56 Ko] - (0.0.0.0) - C:\Windows\Temp\winstore.log [MD5.00000000000000000000000000000000] - |D| - [03/11/2018 14:26:39] - [0 Ko] - C:\Windows\Temp\_avg_ [MD5.00000000000000000000000000000000] - |D| - [01/11/2018 12:04:41] - [0 Ko] - C:\Windows\Temp\{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 08:53:31] - [0 Ko] - C:\Windows\System32\040C [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [3888 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.2EB8152BF8417C530318099F3F813DED] - |A| - [08/08/2012 12:08:50] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.1 Runtime.) - [16079 Ko] - (10.0.938.2) - C:\Windows\System32\amdocl64.dll [MD5.74E366268F3E2B491C8250BC4B617B13] - |A| - [12/09/2012 03:22:06] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll [MD5.926C753C058B5E589CF38AAC72166702] - |A| - [04/09/2018 01:09:14] - (.-.) - [404.84 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [05/09/2018 18:49:40] - [9558.14 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [245 Ko] - C:\Windows\System32\ar-SA [MD5.E73EFF9B6CCC973C1623250614D92634] - |A| - [29/08/2012 09:08:48] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [528 Ko] - (6.14.10.1106) - C:\Windows\System32\atiadlxx.dll [MD5.9038E5631C6812E2833114333BB687AB] - |A| - [12/09/2012 03:22:18] - (.-.) - [264.18 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb [MD5.DE9DA51A82F3BA8DC8228F51E10CB28A] - |A| - [12/09/2012 03:22:04] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [160 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe [MD5.749584902AE80A53EFDA4F8FA03E1713] - |A| - [29/08/2012 09:08:57] - (.Copyright (C) 2008 Advanced Micro Devices, Inc. - ATIBRTMON.) - [116 Ko] - (2.0.0.0) - C:\Windows\System32\atibtmon.exe [MD5.452B3FCF1E2B7723481D83D210EC0BC2] - |A| - [12/09/2012 03:22:12] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [43.5 Ko] - (6.14.10.1741) - C:\Windows\System32\aticalcl64.dll [MD5.7B85E80AE95B1BAB3A46253D8936961E] - |A| - [12/09/2012 03:22:16] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15658.5 Ko] - (6.14.10.1741) - C:\Windows\System32\aticaldd64.dll [MD5.7A28A3D07858AEE6CE45A7888B4129FA] - |A| - [12/09/2012 03:22:10] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [50 Ko] - (6.14.10.1741) - C:\Windows\System32\aticalrt64.dll [MD5.0894995092DEA47EB8397527FDAF1EE8] - |A| - [29/08/2012 09:09:55] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1086 Ko] - (8.17.10.1140) - C:\Windows\System32\aticfx64.dll [MD5.9ADDEAEED02CD0001FE53D77F9134975] - |A| - [29/08/2012 09:09:58] - (.2002-2012 - Graphics DEM.) - [432 Ko] - (2.0.4623.37100) - C:\Windows\System32\atidemgy.dll [MD5.057B795F1CCAB92C5EDB051CEBF2078D] - |A| - [29/08/2012 09:10:12] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [6887 Ko] - (8.17.10.451) - C:\Windows\System32\atidxx64.dll [MD5.19F972A2C7F16A331797D9FA182C119B] - |A| - [29/08/2012 09:10:15] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [522 Ko] - (6.14.11.1126) - C:\Windows\System32\atieclxx.exe [MD5.8AEDF2DD935DB0CE183E4D3C0D0EF9DB] - |A| - [12/09/2012 03:22:14] - (.Copyright (c) ATI Technologies Inc. 2003-2009 - atiedu64.) - [58 Ko] - (6.14.10.2514) - C:\Windows\System32\atiedu64.dll [MD5.A0AD13A9D41647B71611BFB601579DB4] - |A| - [29/08/2012 09:10:20] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [234 Ko] - (6.14.11.1126) - C:\Windows\System32\atiesrxx.exe [MD5.619D256A77594BE8D7EA5CCCBEF7AE11] - |A| - [12/09/2012 03:22:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [17.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atig6pxx.dll [MD5.843610CCA74EDC5CC2A951CAA21DB622] - |A| - [12/09/2012 03:22:12] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [41 Ko] - (8.14.1.6268) - C:\Windows\System32\atig6txx.dll [MD5.5E06F5B29182E215B9BCF574135C1241] - |A| - [12/09/2012 03:22:18] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [14.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiglpxx.dll [MD5.E94666EE349D54F0FD71AFE2E99A5C06] - |A| - [29/08/2012 09:10:29] - (.-.) - [622.8 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat [MD5.6AC45248E6F540A35B12A92DE7F1152B] - |A| - [12/09/2012 03:22:04] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll [MD5.3F96A46316D2C5922CD31D44FBD47298] - |A| - [12/09/2012 03:22:10] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [21 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll [MD5.0D5A0D679340262F64B0030778B76F2C] - |A| - [12/09/2012 03:22:16] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24272 Ko] - (6.14.10.11774) - C:\Windows\System32\atio6axx.dll [MD5.A6BAAA6608A9B00220E9D5C023FC53D1] - |A| - [29/08/2012 09:11:07] - (.Copyright (C) 2008 - ATIODCLI Application.) - [50 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe [MD5.463FFBD3350E3EB57F7D5746EBD233CA] - |A| - [29/08/2012 09:11:09] - (.Copyright (C) 2008 - ATIODE Application.) - [325 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe [MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [29/08/2012 09:11:43] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\System32\atipblag.dat [MD5.5F95EC830038C880383C6801B83CCA54] - |A| - [12/09/2012 03:22:18] - (.Copyright 2006 - TMM Clone Control Module.) - [117.5 Ko] - (6.14.11.23) - C:\Windows\System32\atitmm64.dll [MD5.158D96F740F3631863CA6198199A226B] - |A| - [29/08/2012 09:11:51] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [101.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiu9p64.dll [MD5.687DB423A9702F83B5F4039BD531BB5B] - |A| - [29/08/2012 09:12:05] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [6520.5 Ko] - (9.14.10.924) - C:\Windows\System32\atiumd64.dll [MD5.8A0C05FF322C291872F47A9C6D33D678] - |A| - [29/08/2012 09:12:14] - (.-.) - [3076.72 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap [MD5.F2F1E464C785763418BBA814DFB318D8] - |A| - [29/08/2012 09:12:21] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [4168.5 Ko] - (8.14.10.363) - C:\Windows\System32\atiumd6a.dll [MD5.3B1F42B2DF22E39DDD1A5F4D58DF57C8] - |A| - [29/08/2012 09:12:47] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [126.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiuxp64.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [29/08/2012 09:12:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [29/08/2012 09:12:54] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat [MD5.D8632E54B9D4BA45916B0E0D4DD73535] - |A| - [06/09/2018 05:43:16] - (.-.) - [10.84 Ko] - (0.0.0.0) - C:\Windows\System32\AutoconfigV2.cab [MD5.00000000000000000000000000000000] - |D| - [06/09/2018 09:18:08] - [9.97 Ko] - C:\Windows\System32\AutoUpdateLicense [MD5.C937C1D2CA3771E426330B080B69E8EE] - |A| - [04/11/2018 12:33:26] - (.Copyright (C) 2018 AVG Technologies CZ, s.r.o. - AVG start-up scanner.) - [369.77 Ko] - (18.7.4041.0) - C:\Windows\System32\avgBoot.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [219.5 Ko] - C:\Windows\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [4976.84 Ko] - C:\Windows\System32\Boot [MD5.F7801B03B7E1D01B0935C588B9D0A9C4] - |A| - [26/07/2012 02:14:01] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [88.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0.93 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [75831.59 Ko] - C:\Windows\System32\catroot [MD5.00000000000000000000000000000000] - |D| - [12/09/2018 14:22:55] - [36940.86 Ko] - C:\Windows\System32\catroot2 [MD5.D71E5F62C81108A14C798C87F8231708] - |A| - [08/08/2012 12:09:30] - (.-.) - [183 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [5384.03 Ko] - C:\Windows\System32\CodeIntegrity [MD5.E3DBE14C932792572143E79FABCD5C47] - |A| - [12/09/2012 03:22:06] - (.AMD. - CoInstaller DLL.) - [68.5 Ko] - (1.0.4.7) - C:\Windows\System32\coinst_8.982.10.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [355.5 Ko] - C:\Windows\System32\Com [MD5.00000000000000000000000000000000] - |SD| - [05/09/2018 18:49:40] - [1443.69 Ko] - C:\Windows\System32\CompatTel [MD5.A797EED94B22B29D3974CB20B66BE6C6] - |A| - [22/11/2012 09:22:06] - (.2012 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [108 Ko] - (1.0.0.2) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [331933.07 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [264.5 Ko] - C:\Windows\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [261.5 Ko] - C:\Windows\System32\da-DK [MD5.B4743BA626D14159468B473B846B72EC] - |A| - [31/10/2018 12:42:52] - (.Dropbox, Inc. - Dropbox Service.) - [49.83 Ko] - (1.0.24.0) - C:\Windows\System32\DbxSvc.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [287 Ko] - C:\Windows\System32\de-DE [MD5.06DD7B88FC18BAC825546AF1CA816855] - |A| - [02/10/2018 10:29:19] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\debug.log [MD5.08750A50CF027F93070C8BB78E27C3B7] - |ASH| - [26/07/2012 09:13:14] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 08:42:22] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\Windows\System32\DevManagerCore.dll [MD5.1749D47359EFCA9BB044104E32B9CA04] - |A| - [13/12/2012 16:38:50] - (.-.) - [25.62 Ko] - (0.0.0.0) - C:\Windows\System32\dfx11.ico [MD5.04BB836EDA0DA51B06F8BDCA925C18FD] - |A| - [13/09/2018 14:55:03] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\Windows\System32\diskpart.txt [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [6280.5 Ko] - C:\Windows\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [106217.77 Ko] - C:\Windows\System32\Drivers [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:08:10] - [1215160.18 Ko] - C:\Windows\System32\DriverStore [MD5.00000000000000000000000000000000] - |DC| - [05/03/2013 00:37:30] - [641.72 Ko] - C:\Windows\System32\DRVSTORE [MD5.FC92D8161879F7AB5626B094DDCA3801] - |ASH| - [10/09/2018 22:12:06] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\eahgsxtjuxgxpcqn.tbl [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [290 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [204 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [255 Ko] - C:\Windows\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [277.5 Ko] - C:\Windows\System32\es-ES [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [28/10/2018 11:05:53] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\Windows\System32\E_GCINST.DLL [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [28/10/2018 11:05:51] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\Windows\System32\E_ID4BLPE.DLL [MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [28/10/2018 11:05:51] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\Windows\System32\E_ILMBLPE.DLL [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [264.5 Ko] - C:\Windows\System32\fi-FI [MD5.DBCCA9BF33ACDF9F27A6BCB00BF8144D] - |A| - [06/09/2018 13:28:00] - (.-.) - [367.21 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 08:53:31] - [1710 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [39471 Ko] - C:\Windows\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.BC9CCCBE9800C732940C7F8ED335B7D9] - |A| - [02/06/2012 15:31:20] - (.-.) - [42.95 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |HD| - [26/07/2012 09:12:59] - [0.27 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [234 Ko] - C:\Windows\System32\he-IL [MD5.67FC2C86490CB84F4AD74B6F5AF3A89C] - |A| - [05/03/2013 00:35:48] - (.© Copyright 2012 HPDC - Port Monitor Server DLL.) - [347.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbprtmon.dll [MD5.D0519B40392DB0D156B61502D5F650F4] - |A| - [05/03/2013 00:35:48] - (.© Copyright 2012 HPDC - Port Monitor UI DLL.) - [166.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbprtmonui.dll [MD5.06F13BD51FB6A9B199B73C1605238BBF] - |A| - [05/03/2013 00:35:48] - (.© Copyright 2012 HPDC - Real Port Monitor DLL.) - [368.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbrprtmon.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/03/2013 00:53:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\HPCheckOA21.err [MD5.3083DEF0BC30D66A5D320B9979C178EC] - |A| - [05/03/2013 00:53:16] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\HPCheckOA21.txt [MD5.1A4695BDC5017B37E6D23A88CFEC0760] - |A| - [05/03/2013 00:14:27] - (.Copyright (C) 2011 -.) - [114.5 Ko] - (1.3.0.0) - C:\Windows\System32\HPMUIDir.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [213.5 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [268 Ko] - C:\Windows\System32\hu-HU [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [25/07/2012 21:22:54] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\Windows\System32\igcompkrng500.bin [MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [25/07/2012 21:22:54] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\Windows\System32\igfcg500m.bin [MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [25/07/2012 21:22:54] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\Windows\System32\igkrng500.bin [MD5.9A014CE65642722D72588D5196F147CE] - |A| - [25/07/2012 21:22:54] - (.-.) - [1945.25 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa [MD5.DB945DDE9D7825BB4A173CD108193C49] - |A| - [25/07/2012 21:22:56] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp [MD5.A980B0ED5543E3DFD1C21058B06C5A65] - |A| - [25/07/2012 21:22:56] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp [MD5.82001B2CC6728CE282EF036ABC2BC975] - |A| - [25/07/2012 21:22:56] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp [MD5.3B6C78580EC3B9A0346D2AD63EC7906A] - |A| - [25/07/2012 21:22:56] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp [MD5.0E74C595B6F7276F41425F50D414B680] - |A| - [25/07/2012 21:22:56] - (.-.) - [5.3 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp [MD5.32E57C3BE45FD62673C2C40D3462A197] - |A| - [16/10/2018 04:41:19] - (.Copyright © 2005-2008 Olof Lagerkvist. - ImDisk I/O Packet Forwarder Service.) - [21.51 Ko] - (1.1.3.23) - C:\Windows\System32\imdsksvc.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [25948.17 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [3933.54 Ko] - C:\Windows\System32\inetsrv [MD5.D506921989872994B9C5615D4761882C] - |A| - [11/10/2018 08:06:18] - (.Copyright © 2005-2016 - IObit Smart Defrag Extension.) - [125.28 Ko] - (1.0.0.25) - C:\Windows\System32\IObitSmartDefragExtension.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [281.5 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [203 Ko] - C:\Windows\System32\ja-JP [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [202 Ko] - C:\Windows\System32\ko-KR [MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [26/07/2012 09:13:07] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [113.79 Ko] - C:\Windows\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [5580.54 Ko] - C:\Windows\System32\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 08:42:20] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\Windows\System32\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 08:42:20] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\Windows\System32\LogiDPPApp.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [211.5 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [212.5 Ko] - C:\Windows\System32\lv-LV [MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [26/10/2012 08:42:20] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\Windows\System32\lvco1380853.dll [MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [26/10/2012 08:42:22] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\Windows\System32\lvcod64.dll [MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [26/10/2012 08:42:22] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoin64.ini [MD5.74AA8B444802BC94AC5631DE6B38C907] - |A| - [07/09/2018 11:20:16] - (.-.) - [19.43 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoinst.log [MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [26/10/2012 08:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\Windows\System32\LVUI64.dll [MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [26/10/2012 08:42:20] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\Windows\System32\LVUIRC64.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [87070.73 Ko] - C:\Windows\System32\Macromed [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [25/07/2012 21:17:25] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf [MD5.00000000000000000000000000000000] - |SD| - [26/07/2012 08:19:50] - [5.55 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [4336.5 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [40302.25 Ko] - C:\Windows\System32\migwiz [MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [25/07/2012 21:18:14] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk [MD5.00000000000000000000000000000000] - |D| - [05/09/2018 15:10:44] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [4180.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [25.22 Ko] - C:\Windows\System32\MUI [MD5.FEF9EC9C9B538E61C9981FD5C3ADC66C] - |A| - [04/09/2018 08:39:37] - (.-.) - [34.18 Ko] - (0.0.0.0) - C:\Windows\System32\mxntdfg.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [257 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [384 Ko] - C:\Windows\System32\NDF [MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [26/07/2012 08:21:16] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-119437.txt [MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [26/07/2012 08:21:17] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-120093.txt [MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [26/07/2012 08:21:18] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-120828.txt [MD5.0D1B9A4AA0E64E1D3C9B23D4C33E8646] - |A| - [26/07/2012 08:21:18] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-121015.txt [MD5.670571AEA7547824368AAFF1210E5219] - |A| - [26/07/2012 08:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-121796.txt [MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [26/07/2012 08:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122078.txt [MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [26/07/2012 08:21:19] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122250.txt [MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [26/07/2012 08:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122625.txt [MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [26/07/2012 08:21:20] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122828.txt [MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [26/07/2012 08:21:20] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-123046.txt [MD5.9F72E06493E8E034E4F3E287B2F6D5D4] - |A| - [01/08/2012 18:10:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-303172.txt [MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [01/08/2012 18:03:24] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40170.txt [MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [01/08/2012 18:03:24] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40591.txt [MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [01/08/2012 18:03:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40934.txt [MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [01/08/2012 18:03:25] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41340.txt [MD5.670571AEA7547824368AAFF1210E5219] - |A| - [01/08/2012 18:03:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41667.txt [MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [01/08/2012 18:03:26] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41933.txt [MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [01/08/2012 18:03:26] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42213.txt [MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [01/08/2012 18:03:26] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42510.txt [MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [01/08/2012 18:03:27] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42947.txt [MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [01/08/2012 18:03:27] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-43290.txt [MD5.E4843FF1AB51E26581AC8DB00AF1A4C5] - |A| - [01/08/2012 18:03:29] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-44959.txt [MD5.E8B1395E16EADC6DF8A46B495B18ECEE] - |A| - [26/07/2012 08:20:47] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-89875.txt [MD5.5CC4F3864BDCE5E9213C52939312AC01] - |A| - [26/07/2012 08:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93281.txt [MD5.5801C1FACB698C5002EEDBA6250335EF] - |A| - [26/07/2012 08:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93328.txt [MD5.821921F348A22369B1C581EA13BBC758] - |A| - [26/07/2012 08:20:50] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93375.txt [MD5.0D8BF6EF6C21BECB154A7436A59566A3] - |A| - [26/07/2012 08:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93593.txt [MD5.AEAF58F9892C9A4FF1908484C39ED304] - |A| - [26/07/2012 08:20:50] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93625.txt [MD5.7D493C49123B6DE8B0B54C2423F999A6] - |A| - [26/07/2012 08:20:50] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93671.txt [MD5.36F91CAF533BED05AFE56F61F4C71219] - |A| - [26/07/2012 08:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93734.txt [MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [26/07/2012 08:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94359.txt [MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [26/07/2012 08:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94625.txt [MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [26/07/2012 08:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94906.txt [MD5.9AC5678D9C90D7448A66AEB137851A6B] - |A| - [26/07/2012 08:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95156.txt [MD5.330FC34920FBECA5CC97FF6B3EF494EE] - |A| - [26/07/2012 08:20:52] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95218.txt [MD5.001C4FC0D09C74099E7D249DDACE46E2] - |A| - [26/07/2012 08:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95500.txt [MD5.811E3BF0C6E28021B6F86BCC82657796] - |A| - [26/07/2012 08:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95828.txt [MD5.A312E3421569C57EACF369953FFC7B12] - |A| - [26/07/2012 08:20:53] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96078.txt [MD5.2F8ADAACE1FD789259BABC0F76B6168B] - |A| - [26/07/2012 08:20:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96140.txt [MD5.556DC677D7AE5C9C16E753DC56266CD4] - |A| - [26/07/2012 08:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96203.txt [MD5.FDDCED8294A694F146FD5FE85F40EF00] - |A| - [26/07/2012 08:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96437.txt [MD5.8FF69A1CCC2A8135E57664C4D0F20EB5] - |A| - [26/07/2012 08:20:54] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-97218.txt [MD5.3299FC715DC4E50EC28C3E4139F61F72] - |A| - [26/07/2012 08:20:55] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-97875.txt [MD5.DCBE2C1A0A9B0381DC878592682ACDBB] - |A| - [26/07/2012 08:20:55] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98187.txt [MD5.008033CDCE4B5F060BA01839A2CE184F] - |A| - [26/07/2012 08:20:55] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98390.txt [MD5.794DCE04F1DE3EA60F3B74A4931CAC4E] - |A| - [26/07/2012 08:20:55] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98625.txt [MD5.DF60AA1767C2940E700D8B078A477793] - |A| - [26/07/2012 08:20:56] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-99140.txt [MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [25/07/2012 21:23:38] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [275.5 Ko] - C:\Windows\System32\nl-NL [MD5.976773F90E055314CCA82223606139C9] - |A| - [26/07/2012 09:13:05] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [25/07/2012 21:17:10] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [73595.95 Ko] - C:\Windows\System32\oobe [MD5.FEA7C5495FA97FA85091260BA99F443A] - |A| - [08/08/2012 12:09:14] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [74 Ko] - (10.0.938.2) - C:\Windows\System32\OpenVideo64.dll [MD5.FD4964DC69D2CA2F77872224A0F2EBBF] - |A| - [08/08/2012 12:09:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [62 Ko] - (10.0.938.2) - C:\Windows\System32\OVDecode64.dll [MD5.652F1F54E573AF4D59E0AE658376D077] - |A| - [16/07/2010 01:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [103.52 Ko] - (4.1.0.2001) - C:\Windows\System32\Packet.dll [MD5.7FA3E66DB7894DF1170E9F81768A0DA1] - |A| - [26/07/2012 09:15:05] - (.-.) - [134.76 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.78A6B49617969C25A03F0B46270E1429] - |A| - [05/03/2013 08:54:08] - (.-.) - [160.08 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [25/07/2012 21:21:53] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [26/07/2012 09:15:05] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [05/03/2013 08:54:08] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.A6025CAD0053223F0C018EA56DA25D2A] - |A| - [26/07/2012 09:15:05] - (.-.) - [671.88 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.5AB2969CAC171B58228DD4A121BB29E0] - |A| - [05/03/2013 08:54:08] - (.-.) - [750.49 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.BFEE0984EB4CF908DED3DA94384A785B] - |A| - [26/07/2012 08:28:09] - (.-.) - [1737.27 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.5A004AAD2DABFD4CD88D8B55A794045C] - |SH| - [10/09/2018 22:12:07] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\phddpaxcplhjwxbm.dat [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [272 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:41] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [02/06/2012 15:34:22] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [268.5 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [271 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [23.75 Ko] - C:\Windows\System32\ras [MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [26/10/2012 08:42:20] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\Windows\System32\Repository.reg [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0.07 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [216.5 Ko] - C:\Windows\System32\ro-RO [MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [16/07/2012 10:46:28] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll [MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [16/07/2012 10:46:32] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll [MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [16/07/2012 10:46:47] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll [MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [16/07/2012 10:46:49] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll [MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [16/07/2012 10:46:52] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll [MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [16/07/2012 10:46:55] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/09/2018 00:00:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\SBRC.dat [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [02/06/2012 15:50:36] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.C7DBD12C17A53F10E791769025953B34] - |A| - [13/09/2018 18:40:53] - (.Copyright © 2008-2018 Safer-Networking Limited. -.) - [31.41 Ko] - (2.7.64.1001) - C:\Windows\System32\sdnclean64.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [3.92 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [02/06/2012 21:25:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [07/09/2018 12:20:32] - [7395 Ko] - C:\Windows\System32\ShellExtBridge [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [217.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [213.5 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [49.83 Ko] - C:\Windows\System32\slmgr [MD5.5DA94C1082B9331928DFC87F5E13EAB2] - |A| - [23/01/2012 14:15:14] - (.- SlotMaximizerAg.dll.) - [120 Ko] - (1.0.2.32) - C:\Windows\System32\SlotMaximizerAg.dll [MD5.E93999885EA5519A5D4B1EEF6EA448B3] - |A| - [23/01/2012 14:15:14] - (.- SlotMaximizerBe.dll.) - [2420.5 Ko] - (1.0.2.32) - C:\Windows\System32\SlotMaximizerBe.dll [MD5.A259831E0101895A9102D394F5C49A6D] - |A| - [11/10/2018 08:06:09] - (.Copyright © 2005-2013 - SmartDefrag.) - [35.44 Ko] - (2.0.0.0) - C:\Windows\System32\SmartDefragBootTime.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [11849.02 Ko] - C:\Windows\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [25875 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [207625.82 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [3155.28 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [23.55 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [216 Ko] - C:\Windows\System32\sr-Latn-CS [MD5.65CF29D0A4CC17686E0622DAEFAE73D5] - |A| - [14/07/2012 03:00:47] - (.-.) - [42.85 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [16/07/2012 10:49:35] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll [MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [16/07/2012 10:49:38] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [27408 Ko] - C:\Windows\System32\sru [MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [25/07/2012 21:21:57] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [262 Ko] - C:\Windows\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [3554.01 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [544 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.6D93E318269732EE13E019D01F3554B9] - |A| - [21/07/2012 02:44:51] - (.-.) - [117.11 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [456.33 Ko] - C:\Windows\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [02/06/2012 21:26:07] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.D5AA255705D410C0D2D257B01350E6E4] - |A| - [07/07/2012 03:00:48] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [202 Ko] - C:\Windows\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [258.5 Ko] - C:\Windows\System32\tr-TR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [212.5 Ko] - C:\Windows\System32\uk-UA [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [90323.85 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:42] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [51621.45 Ko] - C:\Windows\System32\wdi [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [25/07/2012 23:55:55] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [128 Ko] - C:\Windows\System32\wfp [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [88 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.8C45771461058A0A112578A4774A3BC9] - |A| - [13/09/2018 10:02:34] - (.Copyright © 2018 - Java(TM) Platform SE binary.) - [108.37 Ko] - (8.0.1810.13) - C:\Windows\System32\WindowsAccessBridge-64.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [6289.72 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [104468 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [1284.5 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [107.53 Ko] - C:\Windows\System32\winrm [MD5.26D7951C928C8BF6920E381E37F8A6F0] - |A| - [04/09/2018 08:02:57] - (.Copyright (C) 2013-2018. - WiperSoft Native removal.) - [27.23 Ko] - (1.0.4.0) - C:\Windows\System32\wiperrm.exe [MD5.A2473CC88ABA67391CE7929E5C69E767] - |A| - [16/07/2010 01:45:42] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [360.52 Ko] - (4.1.0.2001) - C:\Windows\System32\wpcap.dll [MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [02/06/2012 15:31:26] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin [MD5.FB00CD74A5F35E89A7FBDD3C1D05375A] - |A| - [26/07/2012 02:14:19] - (.-.) - [253 Ko] - (0.0.0.0) - C:\Windows\System32\WSDScDrv.dll [MD5.CD7C2F7D2E54C2BA8BE9B037C9286161] - |A| - [14/09/2018 11:06:35] - (.-.) - [166 Ko] - (0.0.0.0) - C:\Windows\System32\xvid.ax [MD5.6470BDBE4552BDA2FE5F44ABAEFBF155] - |A| - [14/09/2018 11:06:35] - (.-.) - [689.5 Ko] - (0.0.0.0) - C:\Windows\System32\xvidcore.dll [MD5.91DA5FD52D6A67770234DE1B351908B2] - |A| - [14/09/2018 11:06:35] - (.-.) - [245.5 Ko] - (0.0.0.0) - C:\Windows\System32\xvidvfw.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [179.5 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [180.5 Ko] - C:\Windows\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [180.5 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 08:53:33] - [0 Ko] - C:\Windows\SysWOW64\040C [MD5.AD666E2117B38BC7D2479DB29873753B] - |A| - [30/10/2018 10:11:08] - (.Copyright © 2002 by Vigovsky Alexander - ac3filter.) - [168 Ko] - (0.6.8.0) - C:\Windows\SysWOW64\ac3filter.cpl [MD5.00000000000000000000000000000000] - |D| - [13/09/2018 15:47:08] - [35545.44 Ko] - C:\Windows\SysWOW64\Adobe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [2207 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.996AEE07EA1C5A1C438AC3846C72975B] - |A| - [08/08/2012 12:08:04] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.1 Runtime.) - [12708.5 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\amdocl.dll [MD5.C8B502C33D7D200E32482F75FA7A00B5] - |A| - [12/09/2012 03:22:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55.5 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [230.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.41FEC1C3F3ED552C9ACD9074E17C609B] - |A| - [12/09/2012 03:22:16] - (.Copyright (c) ATI Technologies Inc. 2003-2009 - ati2edxx.) - [42.5 Ko] - (6.14.10.2514) - C:\Windows\SysWOW64\ati2edxx.dll [MD5.D9D1DFD5B38693AF94E644211F74D075] - |A| - [12/09/2012 03:22:06] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [360 Ko] - (6.14.10.1106) - C:\Windows\SysWOW64\atiadlxy.dll [MD5.9038E5631C6812E2833114333BB687AB] - |A| - [12/09/2012 03:22:18] - (.-.) - [264.18 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb [MD5.572B0E30C56063C36C5759194FC8F633] - |A| - [12/09/2012 03:22:06] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [43 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticalcl.dll [MD5.F2F00BC35EDC2913DCCC1F93CAD45088] - |A| - [12/09/2012 03:22:10] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13287 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticaldd.dll [MD5.AB335E4C0BD053D438676CF9B36F530A] - |A| - [12/09/2012 03:22:10] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [45 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticalrt.dll [MD5.BA2BB91E8D65EF8262DDE662CC222D37] - |A| - [29/08/2012 09:09:52] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [906 Ko] - (8.17.10.1140) - C:\Windows\SysWOW64\aticfx32.dll [MD5.FC8E2A50CBFE63D56790F9DFDD621454] - |A| - [29/08/2012 09:10:03] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [6279.5 Ko] - (8.17.10.451) - C:\Windows\SysWOW64\atidxx32.dll [MD5.6D26A26147D5E051A5D63E02053510D5] - |A| - [12/09/2012 03:22:06] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [32.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atigktxx.dll [MD5.5E06F5B29182E215B9BCF574135C1241] - |A| - [12/09/2012 03:22:18] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [14.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiglpxx.dll [MD5.A0ED80F65812DDF189ED4426595FECE7] - |A| - [12/09/2012 03:22:14] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55.5 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll [MD5.0CE49ABA08A34DB3287507FEBB1DEDF0] - |A| - [12/09/2012 03:22:10] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [19966 Ko] - (6.14.10.11774) - C:\Windows\SysWOW64\atioglxx.dll [MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [29/08/2012 09:11:43] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atipblag.dat [MD5.2DAAA4ECDF2298B24562D5A43476B1B5] - |A| - [29/08/2012 09:11:53] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [81.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiu9pag.dll [MD5.338BDAFF4AAB4541F20FD8EC690D7416] - |A| - [12/09/2012 03:22:14] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [5410.16 Ko] - (9.14.10.924) - C:\Windows\SysWOW64\atiumdag.dll [MD5.CB06D68069F3B033482907725FCA5B10] - |A| - [29/08/2012 09:12:37] - (.-.) - [3112.44 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap [MD5.420DB01EBFAC15D4A9A96EDCED7823BE] - |A| - [12/09/2012 03:22:12] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [4642 Ko] - (8.14.10.363) - C:\Windows\SysWOW64\atiumdva.dll [MD5.24747BB411115830C4FFE75255B99221] - |A| - [29/08/2012 09:12:49] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [107 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [29/08/2012 09:12:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [29/08/2012 09:12:54] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat [MD5.C79FFEB78671A56DEB1B6A94FB269035] - |A| - [10/05/2001 16:00:00] - (.-.) - [180 Ko] - (5.2.0.2) - C:\Windows\SysWOW64\bdeadmin.cpl [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [202.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [308 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [25730.35 Ko] - C:\Windows\SysWOW64\config [MD5.C27CB9AF7ACD6DCC164C386E4B46259D] - |A| - [24/08/2012 11:05:44] - (.© Copyright 2006 - cPC_DMIRDll Dynamic Link Library.) - [248 Ko] - (1.3.1.1) - C:\Windows\SysWOW64\cPC_DMIRD.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [248 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [245.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [269.5 Ko] - C:\Windows\SysWOW64\de-DE [MD5.EF3B22817B0C612B42D25409ACE1ECA8] - |A| - [09/10/2018 05:24:12] - (.Copyright © 2013 - Java(TM) Platform SE binary.) - [462.42 Ko] - (6.0.450.6) - C:\Windows\SysWOW64\deployJava1.dll [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [26/10/2012 08:42:22] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\DevManagerCore.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [4828.5 Ko] - C:\Windows\SysWOW64\Dism [MD5.0902754B4F3041FD31673CB63B34012D] - |A| - [03/09/2018 18:28:39] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\dllhost.exe.config [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [3589.07 Ko] - C:\Windows\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\DriverStore [MD5.9B8413CAD2279F7D2C92506270FD820E] - |A| - [11/12/2002 09:19:59] - (.Copyright (C) 2001-2002 Gabest - DirectVobSub.) - [244 Ko] - (2.0.23.0) - C:\Windows\SysWOW64\DVobSub.ax [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [271 Ko] - C:\Windows\SysWOW64\el-GR [MD5.5ABCD9F2323D7E4AC51728CC32F17CC6] - |A| - [09/03/2018 03:17:06] - (.Copyright © 2000 - 2016 Elaborate Bytes AG - ElbyCDIO DLL.) - [93.6 Ko] - (6.1.9.1) - C:\Windows\SysWOW64\ElbyCDIO.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [188 Ko] - C:\Windows\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [239.5 Ko] - C:\Windows\SysWOW64\en-US [MD5.D9EC109B950CA8BEAA19C9BFCB1EB318] - |A| - [29/09/2018 12:53:34] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Error.ini [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [259.5 Ko] - C:\Windows\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [190 Ko] - C:\Windows\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [247.5 Ko] - C:\Windows\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 08:53:33] - [1686 Ko] - C:\Windows\SysWOW64\fr [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [34596.25 Ko] - C:\Windows\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0.01 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.CC8206C9288EA409781DE1D7FC754A39] - |A| - [30/10/2018 14:44:47] - (.2005-2013 - Generic Service.) - [478.72 Ko] - (2.4.4.0) - C:\Windows\SysWOW64\GSService.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [220 Ko] - C:\Windows\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [197.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [251 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [25/07/2012 21:22:54] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igcompkrng500.bin [MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [25/07/2012 21:22:54] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igfcg500m.bin [MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [25/07/2012 21:22:54] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igkrng500.bin [MD5.32E57C3BE45FD62673C2C40D3462A197] - |A| - [16/10/2018 04:41:23] - (.Copyright © 2005-2008 Olof Lagerkvist. - ImDisk I/O Packet Forwarder Service.) - [21.51 Ko] - (1.1.3.23) - C:\Windows\SysWOW64\imdsksvc.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [20445.67 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [3130.07 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [264 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [192 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.988C37FEBB3AFEEEF8C69E130B81F083] - |A| - [09/10/2018 05:24:12] - (.Copyright © 2013 - Java(TM) Platform SE binary.) - [146.42 Ko] - (6.0.450.6) - C:\Windows\SysWOW64\java.exe [MD5.8879B592948C0EF7FF3AB947A10D7C95] - |A| - [09/10/2018 05:24:12] - (.Copyright © 2013 - Java(TM) Platform SE binary.) - [146.42 Ko] - (6.0.450.6) - C:\Windows\SysWOW64\javaw.exe [MD5.9AB1AE628EB7A78C77DA5E46ADF713EF] - |A| - [09/10/2018 05:24:12] - (.Copyright © 2013 - Java(TM) Web Start Launcher.) - [158.42 Ko] - (6.0.450.6) - C:\Windows\SysWOW64\javaws.exe [MD5.5ACD11DF2AA5F3E3F30F785589B70347] - |A| - [13/11/2005 19:07:12] - (.-.) - [6.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\kc.exe [MD5.6315AB54B0156C7B5B1B6E499601C171] - |A| - [29/10/2006 16:36:54] - (.Killer{R} -.) - [1158 Ko] - (2.8.4.0) - C:\Windows\SysWOW64\killcopy.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [191.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [26/07/2012 09:13:10] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [113.79 Ko] - C:\Windows\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [26/10/2012 08:42:20] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [26/10/2012 08:42:20] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\LogiDPPApp.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [195.5 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [196 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [26/10/2012 08:42:20] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\lvcodec2.dll [MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [26/10/2012 08:42:20] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\LVUI2.dll [MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [26/10/2012 08:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\Windows\SysWOW64\LVUI2RC.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [67128.04 Ko] - C:\Windows\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |SD| - [12/09/2018 03:20:13] - [0 Ko] - C:\Windows\SysWOW64\Microsoft [MD5.D2DE9D6B9B0BA17D0A0AC75A973848BD] - |A| - [05/09/2018 05:02:58] - (.-.) - [0.42 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [3077.5 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [35650.3 Ko] - C:\Windows\SysWOW64\migwiz [MD5.61A0E62679B865D98C941F8D58CB907B] - |A| - [30/10/2018 10:11:30] - (.Copyright (C) 1990-2001 Morgan Multimedia. - MM Switcher.) - [50.5 Ko] - (0.9.7.0) - C:\Windows\SysWOW64\MMSwitch.ax [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [03/09/2018 22:59:45] - (.-.) - [206 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\msvcrt10.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [25.22 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [241.5 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [258.5 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.24FC9E3BF54DE8CE91700615D8AD4B0D] - |A| - [09/10/2018 05:24:12] - (.Copyright © 2013 - NPRuntime Script Plug-in Library for Java(TM) Deploy.) - [466.42 Ko] - (6.0.450.6) - C:\Windows\SysWOW64\npdeployJava1.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [638 Ko] - C:\Windows\SysWOW64\oobe [MD5.89E5D3CCE6573E4EE28083FCF0369E25] - |A| - [08/08/2012 12:09:08] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [63.5 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\OpenVideo.dll [MD5.B69BAB6A94B21DA7FC610C032677E5DD] - |A| - [08/08/2012 12:08:58] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [55 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\OVDecode.dll [MD5.1250BEF11BFA086F772CD2A273BC036E] - |A| - [16/07/2010 01:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.2001) - C:\Windows\SysWOW64\Packet.dll [MD5.C412BBA31B6443874BC677B92620B161] - |A| - [27/08/2002 00:42:18] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\panadv.inf [MD5.C998E69D8884F49D0A6316DF96BA3DF2] - |A| - [19/11/1999 15:49:50] - (.Copyright (C) Matsushita Electric 1998 - DV Video for Windows Driver.) - [259.57 Ko] - (2.64.1119.1600) - C:\Windows\SysWOW64\pdvcodec.dll [MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [25/07/2012 21:24:43] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico [MD5.189BBC2566992858D5706FA8E8AE020C] - |A| - [01/08/2012 18:09:37] - (.-.) - [893.59 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [254.5 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [14/09/2018 04:19:43] - [29.74 Ko] - C:\Windows\SysWOW64\PolicyDefinitions [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [251.5 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [253.5 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [16/07/2010 01:45:44] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\pthreadVC.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0.84 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [199.5 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 00:09:52] - [1387.84 Ko] - C:\Windows\SysWOW64\RTCOM [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [250 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [199.5 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [197 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [49.83 Ko] - C:\Windows\SysWOW64\slmgr [MD5.5DA94C1082B9331928DFC87F5E13EAB2] - |A| - [23/01/2012 14:29:14] - (.- SlotMaximizerAg.dll.) - [120 Ko] - (1.0.2.32) - C:\Windows\SysWOW64\SlotMaximizerAg.dll [MD5.E93999885EA5519A5D4B1EEF6EA448B3] - |A| - [23/01/2012 14:29:14] - (.- SlotMaximizerBe.dll.) - [2420.5 Ko] - (1.0.2.32) - C:\Windows\SysWOW64\SlotMaximizerBe.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [0 Ko] - C:\Windows\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [4181.5 Ko] - C:\Windows\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [415.26 Ko] - C:\Windows\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [23.55 Ko] - C:\Windows\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [200 Ko] - C:\Windows\SysWOW64\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\sru [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [246.5 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [186.5 Ko] - C:\Windows\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [242.5 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [196 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.5DF89E27F8161E0105D129EB32AFD06F] - |A| - [15/10/2002 23:54:04] - (.-.) - [149.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\unrar.dll [MD5.C4F97E10038EDC4E772480B0DA11B9D8] - |A| - [11/12/2002 09:19:32] - (.Copyright (C) 2000-2002 Gabest - vobsub.) - [360 Ko] - (2.0.23.0) - C:\Windows\SysWOW64\vobsub.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 06:38:00] - [12112.14 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [148.78 Ko] - C:\Windows\SysWOW64\wdi [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [5722.57 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [1284.5 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:43:43] - [107.53 Ko] - C:\Windows\SysWOW64\winrm [MD5.128EC62FF59A59BEB5772E52ED8D3148] - |A| - [10/09/1999 12:06:00] - (.Copyright © 1989-1999 Adaptec, Inc. - ASPI for Win32 (95/NT) DLL.) - [44 Ko] - (4.6.0.1021) - C:\Windows\SysWOW64\WNASPI32.DLL [MD5.00000000000000000000000000000000] - |D| - [04/09/2018 13:00:24] - [0 Ko] - C:\Windows\SysWOW64\WorkingFolder [MD5.190FB481D293D85B507D071E75BCB05C] - |A| - [16/07/2010 01:45:44] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.2001) - C:\Windows\SysWOW64\wpcap.dll [MD5.00000000000000000000000000000000] - |D| - [05/03/2013 08:53:33] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer [MD5.9C45D1FA91FB1E1CA1419B784DF48A74] - |A| - [05/06/2004 12:59:14] - (.-.) - [64 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xvid.ax [MD5.9EC5F689CC007E0A6386ACED8612DF56] - |A| - [05/06/2004 12:56:16] - (.-.) - [664 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xvidcore.dll [MD5.1ACE95D61B47E4ED680A9831AA03529B] - |A| - [06/06/2004 12:53:42] - (.-.) - [152 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xvidvfw.dll [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [171 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [171.5 Ko] - C:\Windows\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [26/07/2012 09:12:59] - [171.5 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | Shell Folders [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead [HKU\S-1-5-21-324915258-2866797553-3726413251-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Desktop"=%USERPROFILE%\Desktop "Local AppData"=%USERPROFILE%\AppData\Local "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Personal"=%USERPROFILE%\Documents "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "Favorites"=%USERPROFILE%\Favorites "My Pictures"=%USERPROFILE%\Pictures "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "My Music"=%USERPROFILE%\Music "My Video"=%USERPROFILE%\Videos "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "AppData"=%USERPROFILE%\AppData\Roaming "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\Jean-Marie\AppData\Roaming [02/09/2018 17:45:35] "Local AppData"=C:\Users\Jean-Marie\AppData\Local [02/09/2018 17:45:35] "My Video"=C:\Users\Jean-Marie\Videos [02/09/2018 17:45:34] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Libraries [02/09/2018 17:47:54] "My Pictures"=C:\Users\Jean-Marie\Pictures [02/09/2018 17:45:34] "Desktop"=C:\Users\Jean-Marie\Desktop [02/09/2018 17:45:35] "History"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\History [02/09/2018 17:45:35] "NetHood"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Network Shortcuts [02/09/2018 17:45:35] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Jean-Marie\Contacts [02/09/2018 17:47:54] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\RoamingTiles [02/09/2018 17:47:54] "Cookies"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies [02/09/2018 17:45:35] "Favorites"=C:\Users\Jean-Marie\Favorites [02/09/2018 17:45:34] "SendTo"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\SendTo [02/09/2018 17:45:35] "Start Menu"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu [02/09/2018 17:45:35] "My Music"=C:\Users\Jean-Marie\Music [02/09/2018 17:45:34] "Programs"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [02/09/2018 17:45:35] "Recent"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Recent [02/09/2018 17:45:35] "CD Burning"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Burn\Burn2 [03/09/2018 06:25:13] "PrintHood"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [02/09/2018 17:45:35] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Jean-Marie\Searches [02/09/2018 17:47:54] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Jean-Marie\Downloads [02/09/2018 17:45:34] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Jean-Marie\AppData\LocalLow [02/09/2018 17:45:48] "Startup"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/09/2018 17:47:54] "Administrative Tools"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [02/09/2018 17:47:54] "Personal"=C:\Users\Jean-Marie\Documents [02/09/2018 17:45:34] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Jean-Marie\Links [02/09/2018 17:45:34] "Cache"=C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files [02/09/2018 17:45:35] "Templates"=C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Templates [02/09/2018 17:45:35] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Jean-Marie\Saved Games [02/09/2018 17:45:34] "Fonts"=C:\Windows\Fonts [26/07/2012 06:37:59] [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Desktop"=%USERPROFILE%\Desktop "Local AppData"=%USERPROFILE%\AppData\Local "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Personal"=%USERPROFILE%\Documents "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "Favorites"=%USERPROFILE%\Favorites "My Pictures"=%USERPROFILE%\Pictures "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "My Music"=%USERPROFILE%\Music "My Video"=%USERPROFILE%\Videos "Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "AppData"=%USERPROFILE%\AppData\Roaming "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "CD Burning"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn2 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "OEM Links"=C:\ProgramData\OEM\Links "CommonVideo"=C:\Users\Public\Videos [26/07/2012 09:12:59] "Common Documents"=C:\Users\Public\Documents [26/07/2012 09:12:59] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [26/07/2012 09:12:59] "Common AppData"=C:\ProgramData [26/07/2012 06:37:58] "CommonPictures"=C:\Users\Public\Pictures [26/07/2012 09:12:59] "Common Desktop"=C:\Users\Public\Desktop [26/07/2012 09:12:59] "CommonMusic"=C:\Users\Public\Music [26/07/2012 09:12:59] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [26/07/2012 09:12:59] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [26/07/2012 09:12:59] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [26/07/2012 09:12:59] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [26/07/2012 09:12:59] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Documents"=%PUBLIC%\Documents "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "CommonPictures"=%PUBLIC%\Pictures "Common Desktop"=%PUBLIC%\Desktop "CommonMusic"=%PUBLIC%\Music "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Templates"=%ProgramData%\Microsoft\Windows\Templates [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "OEM Links"=C:\ProgramData\OEM\Links "CommonVideo"=C:\Users\Public\Videos [26/07/2012 09:12:59] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [26/07/2012 09:12:59] "Common Documents"=C:\Users\Public\Documents [26/07/2012 09:12:59] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [26/07/2012 09:12:59] "Common AppData"=C:\ProgramData [26/07/2012 06:37:58] "CommonPictures"=C:\Users\Public\Pictures [26/07/2012 09:12:59] "Common Desktop"=C:\Users\Public\Desktop [26/07/2012 09:12:59] "CommonMusic"=C:\Users\Public\Music [26/07/2012 09:12:59] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [26/07/2012 09:12:59] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [26/07/2012 09:12:59] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [26/07/2012 09:12:59] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads "Common Documents"=%PUBLIC%\Documents "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common AppData"=%ProgramData% "CommonPictures"=%PUBLIC%\Pictures "Common Desktop"=%PUBLIC%\Desktop "CommonMusic"=%PUBLIC%\Music "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Templates"=%ProgramData%\Microsoft\Windows\Templates ---------- | [Administrateur] [14/09/2018 10:56:28] - |D| - [70] - C:\Users\Administrateur\AppData [14/09/2018 10:56:28] - |D| - [70] - C:\Users\Administrateur\AppData\Roaming [14/09/2018 10:56:28] - |D| - [15] - C:\Users\Administrateur\AppData\Roaming\vlc [14/09/2018 10:59:22] - |D| - [55] - C:\Users\Administrateur\AppData\Roaming\Winamp ---------- | [Invité] [14/09/2018 10:56:28] - |D| - [70] - C:\Users\Invité\AppData [14/09/2018 10:56:28] - |D| - [70] - C:\Users\Invité\AppData\Roaming [14/09/2018 10:56:28] - |D| - [15] - C:\Users\Invité\AppData\Roaming\vlc [14/09/2018 10:59:22] - |D| - [55] - C:\Users\Invité\AppData\Roaming\Winamp ---------- | [Jean-Marie] [03/09/2018 18:27:46] - |D| - [82232] - C:\Users\Jean-Marie\.android [03/09/2018 22:36:31] - |D| - [4704] - C:\Users\Jean-Marie\.cache [02/09/2018 17:45:35] - |D| - [4580946466] - C:\Users\Jean-Marie\AppData [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Application Data [02/09/2018 17:47:54] - |RD| - [412] - C:\Users\Jean-Marie\Contacts [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Cookies [02/09/2018 17:45:35] - |RD| - [134627575] - C:\Users\Jean-Marie\Desktop [02/09/2018 17:45:34] - |RD| - [1883797011] - C:\Users\Jean-Marie\Documents [02/09/2018 17:45:34] - |RD| - [4957675970] - C:\Users\Jean-Marie\Downloads [11/09/2018 11:01:16] - |RD| - [55297666302] - C:\Users\Jean-Marie\Dropbox [02/09/2018 17:45:34] - |RD| - [6282] - C:\Users\Jean-Marie\Favorites [02/09/2018 17:45:34] - |RD| - [4733] - C:\Users\Jean-Marie\Links [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Local Settings [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Menu Démarrer [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Mes documents [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Modèles [02/09/2018 17:45:34] - |RD| - [504] - C:\Users\Jean-Marie\Music [02/09/2018 17:45:34] - |ASH| - [8388608] - C:\Users\Jean-Marie\NTUSER.DAT [02/09/2018 17:45:48] - |ASH| - [212992] - C:\Users\Jean-Marie\ntuser.dat.LOG1 [02/09/2018 17:45:48] - |ASH| - [0] - C:\Users\Jean-Marie\ntuser.dat.LOG2 [07/09/2018 16:24:02] - |ASH| - [1048576] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.0.regtrans-ms [07/09/2018 16:24:02] - |ASH| - [1048576] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.1.regtrans-ms [07/09/2018 16:24:02] - |ASH| - [1048576] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.2.regtrans-ms [07/09/2018 16:24:02] - |ASH| - [65536] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.blf [02/09/2018 17:45:48] - |ASH| - [65536] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf [02/09/2018 17:45:48] - |ASH| - [524288] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms [02/09/2018 17:45:48] - |ASH| - [524288] - C:\Users\Jean-Marie\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms [02/09/2018 17:45:48] - |SH| - [20] - C:\Users\Jean-Marie\ntuser.ini [02/09/2018 17:45:34] - |RD| - [51954646736] - C:\Users\Jean-Marie\Pictures [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Recent [02/09/2018 17:45:34] - |RD| - [282] - C:\Users\Jean-Marie\Saved Games [02/09/2018 17:47:54] - |RD| - [1020] - C:\Users\Jean-Marie\Searches [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\SendTo [10/10/2018 11:28:53] - |RD| - [101] - C:\Users\Jean-Marie\SkyDrive [15/09/2018 11:17:01] - |D| - [0] - C:\Users\Jean-Marie\ultracopier [02/09/2018 17:45:34] - |RD| - [504] - C:\Users\Jean-Marie\Videos [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Voisinage d'impression [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\Voisinage réseau [02/09/2018 17:45:35] - |D| - [3638034767] - C:\Users\Jean-Marie\AppData\Local [02/09/2018 17:45:48] - |D| - [8048860] - C:\Users\Jean-Marie\AppData\LocalLow [02/09/2018 17:45:35] - |HD| - [934862839] - C:\Users\Jean-Marie\AppData\Roaming [08/09/2018 06:14:09] - |D| - [122396315] - C:\Users\Jean-Marie\AppData\Local\Adobe [06/09/2018 13:46:11] - |D| - [82] - C:\Users\Jean-Marie\AppData\Local\Aimersoft [14/09/2018 09:31:06] - |D| - [6521] - C:\Users\Jean-Marie\AppData\Local\Aiseesoft Studio [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\AppData\Local\Application Data [07/09/2018 09:35:21] - |D| - [114258] - C:\Users\Jean-Marie\AppData\Local\Ashampoo [02/09/2018 17:49:44] - |D| - [6537756] - C:\Users\Jean-Marie\AppData\Local\assembly [02/09/2018 17:50:00] - |D| - [60166] - C:\Users\Jean-Marie\AppData\Local\ATI [04/09/2018 00:32:09] - |D| - [12288] - C:\Users\Jean-Marie\AppData\Local\AVAST Software [04/11/2018 12:36:25] - |D| - [338] - C:\Users\Jean-Marie\AppData\Local\Avg [04/09/2018 00:42:13] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\CEF [03/11/2018 10:15:57] - |D| - [388675514] - C:\Users\Jean-Marie\AppData\Local\chromium [13/09/2018 19:00:36] - |D| - [523904] - C:\Users\Jean-Marie\AppData\Local\Citrix [13/09/2018 09:44:39] - |D| - [77906816] - C:\Users\Jean-Marie\AppData\Local\Comodo [06/09/2018 19:36:22] - |D| - [24602075] - C:\Users\Jean-Marie\AppData\Local\CrashDumps [03/09/2018 19:12:06] - |D| - [3573518] - C:\Users\Jean-Marie\AppData\Local\CyberLink [11/09/2018 01:49:26] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\Diagnostics [14/09/2018 07:48:06] - |D| - [33320574] - C:\Users\Jean-Marie\AppData\Local\Downloaded Installations [11/09/2018 04:58:30] - |D| - [309013060] - C:\Users\Jean-Marie\AppData\Local\Dropbox [06/09/2018 15:10:26] - |D| - [371875146] - C:\Users\Jean-Marie\AppData\Local\ESET [05/10/2018 07:04:52] - |D| - [26620872] - C:\Users\Jean-Marie\AppData\Local\FlashPeak [13/09/2018 10:03:48] - |D| - [75254] - C:\Users\Jean-Marie\AppData\Local\format autodecliv & memtest huit six & combofix [10/09/2018 22:10:20] - |D| - [75381] - C:\Users\Jean-Marie\AppData\Local\format mobilemate & combofix [14/09/2018 13:01:35] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\GG [08/09/2018 08:35:28] - |D| - [121413741] - C:\Users\Jean-Marie\AppData\Local\Google [13/09/2018 09:29:07] - |D| - [260613] - C:\Users\Jean-Marie\AppData\Local\Greenshot [02/09/2018 22:51:48] - |D| - [482] - C:\Users\Jean-Marie\AppData\Local\Hewlett-Packard [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\AppData\Local\Historique [07/09/2018 10:08:13] - |D| - [35799052] - C:\Users\Jean-Marie\AppData\Local\HiSuite [31/10/2018 07:48:27] - |AH| - [18982] - C:\Users\Jean-Marie\AppData\Local\IconCache.db [24/09/2018 14:21:11] - |D| - [11516833] - C:\Users\Jean-Marie\AppData\Local\ImpressionFacile [16/09/2018 14:34:53] - |D| - [0] - C:\Users\Jean-Marie\AppData\Local\K-Meleon [06/09/2018 13:53:47] - |D| - [368] - C:\Users\Jean-Marie\AppData\Local\KeepVid [08/09/2018 09:44:02] - |D| - [294] - C:\Users\Jean-Marie\AppData\Local\Kingosoft [13/09/2018 14:57:58] - |D| - [75224] - C:\Users\Jean-Marie\AppData\Local\likenewp'chiant [13/09/2018 14:41:40] - |D| - [75231] - C:\Users\Jean-Marie\AppData\Local\maman kabylle [07/09/2018 17:56:08] - |D| - [776360] - C:\Users\Jean-Marie\AppData\Local\mbam [09/10/2018 01:41:25] - |D| - [235676] - C:\Users\Jean-Marie\AppData\Local\mbamtray [21/09/2018 12:03:15] - |D| - [86529] - C:\Users\Jean-Marie\AppData\Local\Micro Application [02/09/2018 17:45:35] - |D| - [402502070] - C:\Users\Jean-Marie\AppData\Local\Microsoft [11/09/2018 02:41:06] - |D| - [51223808] - C:\Users\Jean-Marie\AppData\Local\Moonchild Productions [14/09/2018 10:15:20] - |D| - [73477108] - C:\Users\Jean-Marie\AppData\Local\Mozilla [28/09/2018 00:46:35] - |A| - [0] - C:\Users\Jean-Marie\AppData\Local\oobelibMkey.log [03/09/2018 23:00:04] - |D| - [288387718] - C:\Users\Jean-Marie\AppData\Local\Opera Software [02/09/2018 17:46:02] - |D| - [42290509] - C:\Users\Jean-Marie\AppData\Local\Packages [24/09/2018 10:56:12] - |D| - [11514211] - C:\Users\Jean-Marie\AppData\Local\Photo Explosion [02/09/2018 17:48:51] - |D| - [40960] - C:\Users\Jean-Marie\AppData\Local\Power2Go8 [03/09/2018 18:27:35] - |D| - [359375725] - C:\Users\Jean-Marie\AppData\Local\Programs [03/11/2018 12:36:41] - |D| - [1378] - C:\Users\Jean-Marie\AppData\Local\Remove_Empty_Directories [10/09/2018 16:29:53] - |D| - [7398] - C:\Users\Jean-Marie\AppData\Local\SIB [13/09/2018 10:14:51] - |D| - [139370993] - C:\Users\Jean-Marie\AppData\Local\SquirrelTemp [26/09/2018 09:29:33] - |D| - [441117269] - C:\Users\Jean-Marie\AppData\Local\Temp [02/09/2018 17:45:48] - |SHD| - [0] - C:\Users\Jean-Marie\AppData\Local\Temporary Internet Files [13/09/2018 09:44:24] - |D| - [1601] - C:\Users\Jean-Marie\AppData\Local\TriSun_Software_Limited [02/09/2018 17:46:06] - |D| - [716718] - C:\Users\Jean-Marie\AppData\Local\VirtualStore [07/09/2018 12:17:46] - |D| - [7911262] - C:\Users\Jean-Marie\AppData\Local\WallpaperHd [13/09/2018 10:15:16] - |D| - [204819339] - C:\Users\Jean-Marie\AppData\Local\WhatsApp [05/09/2018 05:23:40] - |D| - [82] - C:\Users\Jean-Marie\AppData\Local\Wondershare [04/10/2018 13:19:16] - |D| - [74593969] - C:\Users\Jean-Marie\AppData\Local\Zemana [03/09/2018 18:39:10] - |D| - [351064] - C:\Users\Jean-Marie\AppData\Local\ZHP [03/11/2018 10:13:33] - |D| - [4682362] - C:\Users\Jean-Marie\AppData\Local\{C4B6F2EA-E01E-9E52-8D86-BBBAA9EE4722} [17/09/2018 08:00:03] - |D| - [61440] - C:\Users\Jean-Marie\AppData\LocalLow\Adobe [03/11/2018 13:00:31] - |D| - [304] - C:\Users\Jean-Marie\AppData\LocalLow\IObit [02/09/2018 17:46:04] - |SD| - [7199325] - C:\Users\Jean-Marie\AppData\LocalLow\Microsoft [03/09/2018 18:18:35] - |D| - [0] - C:\Users\Jean-Marie\AppData\LocalLow\Mozilla [13/09/2018 10:02:44] - |D| - [787791] - C:\Users\Jean-Marie\AppData\LocalLow\Sun [05/09/2018 17:10:53] - |D| - [0] - C:\Users\Jean-Marie\AppData\LocalLow\Temp [02/09/2018 17:47:49] - |D| - [15654] - C:\Users\Jean-Marie\AppData\Roaming\Adobe [13/09/2018 19:45:11] - |D| - [1743] - C:\Users\Jean-Marie\AppData\Roaming\AIMP [02/09/2018 17:50:00] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\ATI [14/09/2018 09:45:43] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\AudioFilters [04/11/2018 12:41:30] - |D| - [2047344] - C:\Users\Jean-Marie\AppData\Roaming\AVG [05/09/2018 05:27:29] - |D| - [58472152] - C:\Users\Jean-Marie\AppData\Roaming\Baidu [25/09/2018 10:00:54] - |D| - [3018056] - C:\Users\Jean-Marie\AppData\Roaming\Baidu Security [13/09/2018 17:58:13] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Blackmagic Design [07/10/2018 07:28:28] - |D| - [3571226] - C:\Users\Jean-Marie\AppData\Roaming\Corel [03/09/2018 19:42:49] - |D| - [2658] - C:\Users\Jean-Marie\AppData\Roaming\CyberLink [15/09/2018 10:44:59] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DAEMON Tools Lite [15/09/2018 10:55:51] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\DAEMON Tools Pro [07/09/2018 16:07:30] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Daum [06/09/2018 19:29:59] - |D| - [688] - C:\Users\Jean-Marie\AppData\Roaming\Direct Folders [11/09/2018 05:00:47] - |D| - [896132] - C:\Users\Jean-Marie\AppData\Roaming\Dropbox [04/11/2018 12:33:13] - |D| - [15367] - C:\Users\Jean-Marie\AppData\Roaming\efixmypc.com [28/10/2018 12:29:28] - |D| - [6777] - C:\Users\Jean-Marie\AppData\Roaming\Epson [14/09/2018 13:04:51] - |D| - [11369248] - C:\Users\Jean-Marie\AppData\Roaming\GG [07/09/2018 12:18:05] - |D| - [32038] - C:\Users\Jean-Marie\AppData\Roaming\Goodgame Big Farm [03/11/2018 10:11:53] - |D| - [154178] - C:\Users\Jean-Marie\AppData\Roaming\Goodgame Empire [13/09/2018 09:29:07] - |D| - [8830] - C:\Users\Jean-Marie\AppData\Roaming\Greenshot [13/09/2018 16:37:00] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\GRETECH [02/09/2018 17:49:38] - |D| - [269937] - C:\Users\Jean-Marie\AppData\Roaming\Hewlett-Packard [03/09/2018 18:45:14] - |D| - [5393] - C:\Users\Jean-Marie\AppData\Roaming\Hulubulu [03/11/2018 12:56:36] - |D| - [1040] - C:\Users\Jean-Marie\AppData\Roaming\IObit [14/09/2018 10:35:18] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\ioloGovernor [06/09/2018 20:12:16] - |D| - [1034785] - C:\Users\Jean-Marie\AppData\Roaming\JetStart [16/09/2018 14:34:53] - |D| - [47894553] - C:\Users\Jean-Marie\AppData\Roaming\K-Meleon [06/09/2018 13:42:45] - |D| - [7013520] - C:\Users\Jean-Marie\AppData\Roaming\KeepVid [08/09/2018 09:44:18] - |D| - [24] - C:\Users\Jean-Marie\AppData\Roaming\Kingosoft [05/09/2018 11:42:28] - |D| - [3234] - C:\Users\Jean-Marie\AppData\Roaming\Macromedia [02/09/2018 17:45:35] - |SD| - [42290191] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft [11/09/2018 02:41:06] - |D| - [14226564] - C:\Users\Jean-Marie\AppData\Roaming\Moonchild Productions [04/09/2018 11:24:25] - |D| - [48804845] - C:\Users\Jean-Marie\AppData\Roaming\Mozilla [15/09/2018 07:10:53] - |D| - [42799] - C:\Users\Jean-Marie\AppData\Roaming\MultiCommander [13/09/2018 15:06:51] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\nvda [03/09/2018 22:51:20] - |D| - [82155449] - C:\Users\Jean-Marie\AppData\Roaming\Opera Software [14/09/2018 10:42:24] - |D| - [124] - C:\Users\Jean-Marie\AppData\Roaming\Orbit [14/09/2018 08:45:00] - |D| - [44624384] - C:\Users\Jean-Marie\AppData\Roaming\Participatory Culture Foundation [07/09/2018 16:07:29] - |D| - [331] - C:\Users\Jean-Marie\AppData\Roaming\PotPlayerMini64 [09/09/2018 14:14:36] - |D| - [50540640] - C:\Users\Jean-Marie\AppData\Roaming\ProcessLasso [14/09/2018 12:40:01] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Real [14/09/2018 12:39:53] - |D| - [2] - C:\Users\Jean-Marie\AppData\Roaming\RealNetworks [10/09/2018 22:16:17] - |D| - [3072] - C:\Users\Jean-Marie\AppData\Roaming\Remo [13/09/2018 19:46:17] - |D| - [184004384] - C:\Users\Jean-Marie\AppData\Roaming\Spotify [13/09/2018 10:02:44] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Sun [06/09/2018 14:27:01] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Sunbelt Software [13/09/2018 09:26:53] - |D| - [36400] - C:\Users\Jean-Marie\AppData\Roaming\TeamViewer [05/09/2018 06:17:00] - |D| - [28716969] - C:\Users\Jean-Marie\AppData\Roaming\TeraCopy [14/09/2018 09:45:43] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Transitions [14/09/2018 09:45:43] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\VideoFilters [10/09/2018 05:21:21] - |D| - [182652] - C:\Users\Jean-Marie\AppData\Roaming\vlc [30/10/2018 07:17:32] - |D| - [29082067] - C:\Users\Jean-Marie\AppData\Roaming\VOS [14/09/2018 12:37:44] - |D| - [313] - C:\Users\Jean-Marie\AppData\Roaming\WildTangent [13/09/2018 09:48:24] - |D| - [60410] - C:\Users\Jean-Marie\AppData\Roaming\Winamp [13/09/2018 11:05:24] - |D| - [12] - C:\Users\Jean-Marie\AppData\Roaming\WinRAR [03/09/2018 18:27:52] - |D| - [9439085] - C:\Users\Jean-Marie\AppData\Roaming\Wondershare [03/09/2018 18:39:11] - |D| - [264835458] - C:\Users\Jean-Marie\AppData\Roaming\ZHP [02/09/2018 17:47:54] - |ASH| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/09/2018 16:38:23] - |A| - [1185] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk [02/09/2018 17:45:48] - |SD| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/09/2018 17:45:35] - |RD| - [78572] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/10/2018 10:11:08] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AC3Filter [02/09/2018 17:45:35] - |RD| - [3888] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [02/09/2018 17:45:35] - |RD| - [1486] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [02/09/2018 17:47:54] - |RD| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/09/2018 19:56:01] - |D| - [4224] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design [03/11/2018 10:17:05] - |A| - [2294] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk [09/09/2018 14:24:56] - |D| - [5770] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP [02/09/2018 17:47:49] - |ASH| - [446] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [04/09/2018 13:00:38] - |D| - [4607] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exiland Backup Standard [13/09/2018 09:40:32] - |D| - [3970] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [07/09/2018 12:18:05] - |D| - [1845] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Big Farm [03/11/2018 10:11:53] - |D| - [2320] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire [02/09/2018 17:47:49] - |A| - [1448] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [04/09/2018 15:07:42] - |D| - [8438] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy [02/09/2018 17:45:35] - |D| - [170] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [09/09/2018 14:24:17] - |A| - [1104] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk [02/09/2018 17:45:47] - |A| - [2103] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [07/09/2018 12:20:52] - |D| - [2789] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0 [30/10/2018 10:11:30] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morgan Stream Switcher [13/09/2018 09:50:24] - |D| - [826] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee [03/09/2018 22:57:31] - |A| - [1380] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk [30/10/2018 14:46:24] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-to-Word [03/09/2018 16:19:31] - |A| - [917] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk [10/10/2018 11:28:50] - |A| - [2225] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [02/09/2018 17:47:54] - |RD| - [5120] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [02/09/2018 17:45:35] - |RD| - [5276] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [15/09/2018 11:15:16] - |D| - [1487] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultracopier [10/09/2018 22:10:50] - |A| - [926] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UTILILAB NitroBROWSER.lnk [30/10/2018 10:10:43] - |D| - [0] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub [13/09/2018 09:27:14] - |D| - [3202] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [13/09/2018 09:27:24] - |D| - [4109] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [16/10/2018 04:46:53] - |D| - [6028] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinstall Backup [31/10/2018 07:51:38] - |A| - [1299] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Baidu PC Faster Uninstall 4.0.0.0.lnk [31/10/2018 07:51:38] - |A| - [1311] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Baidu PC Faster Uninstall HK 4.0.0.0.lnk [25/09/2018 07:59:58] - |A| - [2336] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Continue repair 2018-09-25 08.59.58.273.lnk [02/09/2018 17:47:54] - |ASH| - [174] - C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [postgres] [14/09/2018 10:56:28] - |D| - [70] - C:\Users\postgres\AppData [14/09/2018 10:56:28] - |D| - [70] - C:\Users\postgres\AppData\Roaming [14/09/2018 10:56:28] - |D| - [15] - C:\Users\postgres\AppData\Roaming\vlc [14/09/2018 10:59:22] - |D| - [55] - C:\Users\postgres\AppData\Roaming\Winamp ---------- | [postgres.LFS_Hyper_UEFM] [25/09/2018 09:57:18] - |D| - [1966033] - C:\Users\postgres.LFS_Hyper_UEFM\AppData [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Application Data [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Cookies [25/09/2018 09:57:18] - |RD| - [2074] - C:\Users\postgres.LFS_Hyper_UEFM\Desktop [25/09/2018 09:57:14] - |RD| - [204484211] - C:\Users\postgres.LFS_Hyper_UEFM\Documents [25/09/2018 09:57:14] - |RD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Downloads [25/09/2018 09:57:14] - |RD| - [1277] - C:\Users\postgres.LFS_Hyper_UEFM\Favorites [25/09/2018 09:57:14] - |RD| - [1929] - C:\Users\postgres.LFS_Hyper_UEFM\Links [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Local Settings [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Menu Démarrer [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Mes documents [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Modèles [25/09/2018 09:57:14] - |RD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Music [25/09/2018 09:57:14] - |ASH| - [262144] - C:\Users\postgres.LFS_Hyper_UEFM\NTUSER.DAT [25/09/2018 09:57:53] - |ASH| - [28672] - C:\Users\postgres.LFS_Hyper_UEFM\ntuser.dat.LOG1 [25/09/2018 09:57:53] - |ASH| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\ntuser.dat.LOG2 [25/09/2018 09:57:53] - |ASH| - [65536] - C:\Users\postgres.LFS_Hyper_UEFM\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf [25/09/2018 09:57:53] - |ASH| - [524288] - C:\Users\postgres.LFS_Hyper_UEFM\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms [25/09/2018 09:57:54] - |ASH| - [524288] - C:\Users\postgres.LFS_Hyper_UEFM\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms [25/09/2018 09:57:54] - |SH| - [20] - C:\Users\postgres.LFS_Hyper_UEFM\ntuser.ini [25/09/2018 09:57:14] - |RD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Pictures [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Recent [25/09/2018 09:57:14] - |D| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Saved Games [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\SendTo [25/09/2018 09:57:14] - |RD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Videos [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Voisinage d'impression [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\Voisinage réseau [25/09/2018 09:57:18] - |D| - [1949736] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local [25/09/2018 09:57:54] - |D| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\LocalLow [25/09/2018 09:57:18] - |D| - [16297] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\Application Data [25/09/2018 09:57:18] - |D| - [14730] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\Google [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\Historique [25/09/2018 09:57:18] - |D| - [1935006] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\Microsoft [25/09/2018 09:57:18] - |D| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\temp [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Local\Temporary Internet Files [25/09/2018 09:57:18] - |SD| - [16297] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft [25/09/2018 09:57:54] - |SHD| - [0] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [25/09/2018 09:57:18] - |D| - [12923] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/09/2018 09:57:18] - |RD| - [3888] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [25/09/2018 09:57:18] - |RD| - [1486] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [25/09/2018 09:57:18] - |D| - [170] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [25/09/2018 09:57:51] - |A| - [2103] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [25/09/2018 09:57:18] - |RD| - [5276] - C:\Users\postgres.LFS_Hyper_UEFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools ---------- | [Public] [02/09/2018 17:42:41] - |RD| - [196] - C:\Users\Public\AccountPictures [04/09/2018 14:23:42] - |D| - [0] - C:\Users\Public\AppData [06/09/2018 13:11:14] - |D| - [71275780] - C:\Users\Public\CyberLink [26/07/2012 09:12:59] - |RD| - [64602] - C:\Users\Public\Desktop [26/07/2012 09:13:00] - |ASH| - [174] - C:\Users\Public\desktop.ini [26/07/2012 09:12:59] - |RD| - [238017116] - C:\Users\Public\Documents [26/07/2012 09:12:59] - |RD| - [174] - C:\Users\Public\Downloads [26/07/2012 09:12:59] - |RD| - [1174] - C:\Users\Public\Libraries [26/07/2012 09:12:59] - |RD| - [380] - C:\Users\Public\Music [26/07/2012 09:12:59] - |RD| - [380] - C:\Users\Public\Pictures [05/03/2013 00:49:07] - |D| - [105720] - C:\Users\Public\Symantec [26/07/2012 09:12:59] - |RD| - [380] - C:\Users\Public\Videos [04/09/2018 14:23:42] - |D| - [0] - C:\Users\Public\AppData\Local [13/09/2018 10:39:37] - |D| - [0] - C:\Users\Public\AppData\Local\temp ---------- | C:\ProgramData [13/09/2018 14:02:51] - |D| - [20990771] - C:\ProgramData\ADiag [08/09/2018 06:24:48] - |D| - [970476124] - C:\ProgramData\Adobe [26/07/2012 08:22:08] - |SHD| - [0] - C:\ProgramData\Application Data [05/09/2018 05:16:32] - |D| - [420246] - C:\ProgramData\Ashampoo [05/03/2013 00:21:33] - |D| - [186] - C:\ProgramData\ATI [03/09/2018 22:43:36] - |D| - [1486138] - C:\ProgramData\AVAST Software [03/11/2018 10:13:21] - |D| - [19470626] - C:\ProgramData\AVG [05/09/2018 05:27:37] - |D| - [2273170] - C:\ProgramData\Baidu [03/11/2018 13:01:34] - |D| - [50014] - C:\ProgramData\BDLogging [12/09/2018 19:56:01] - |D| - [377787373] - C:\ProgramData\Blackmagic Design [02/09/2018 17:42:39] - |SHD| - [0] - C:\ProgramData\Bureau [13/09/2018 19:42:51] - |D| - [59039636] - C:\ProgramData\Citrix [03/09/2018 19:10:29] - |D| - [630] - C:\ProgramData\CLSK [04/11/2018 12:33:01] - |HD| - [96] - C:\ProgramData\Common Files [25/09/2018 10:37:49] - |D| - [156437618] - C:\ProgramData\COMODO [05/10/2018 07:03:16] - |D| - [84979746] - C:\ProgramData\Corel [05/09/2018 05:54:15] - |D| - [30148] - C:\ProgramData\CrashDumpExtractor [05/03/2013 00:28:53] - |D| - [173254114] - C:\ProgramData\CyberLink [15/09/2018 10:44:38] - |D| - [1336] - C:\ProgramData\DAEMON Tools Lite [15/09/2018 10:54:05] - |D| - [2658] - C:\ProgramData\DAEMON Tools Pro [26/07/2012 08:22:08] - |SHD| - [0] - C:\ProgramData\Desktop [26/07/2012 08:22:08] - |SHD| - [0] - C:\ProgramData\Documents [11/09/2018 04:58:30] - |D| - [423530] - C:\ProgramData\Dropbox [04/11/2018 12:34:23] - |D| - [185316] - C:\ProgramData\efixmypc.com [06/09/2018 13:37:54] - |D| - [10862361] - C:\ProgramData\EPSON [30/10/2018 14:43:53] - |D| - [20938231] - C:\ProgramData\Ewaycom [05/03/2013 00:17:19] - |D| - [126819671] - C:\ProgramData\Hewlett-Packard [12/09/2018 05:56:54] - |D| - [381197] - C:\ProgramData\HitmanPro [03/11/2018 10:14:36] - |D| - [302227] - C:\ProgramData\Hotspot Shield [03/09/2018 19:11:01] - |D| - [3169968] - C:\ProgramData\install_backup [05/03/2013 00:28:11] - |D| - [1604542] - C:\ProgramData\install_clap [03/11/2018 12:46:31] - |D| - [119853] - C:\ProgramData\IObit [06/09/2018 13:45:43] - |D| - [87620] - C:\ProgramData\Keepvid [14/09/2018 11:14:36] - |D| - [15744] - C:\ProgramData\Lavasoft [14/09/2018 10:53:06] - |D| - [1107539] - C:\ProgramData\Log [13/09/2018 18:46:29] - |D| - [226657163] - C:\ProgramData\Malwarebytes [31/10/2018 07:36:21] - |D| - [143024537] - C:\ProgramData\Martau [02/09/2018 17:42:39] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [21/09/2018 12:07:24] - |D| - [21504] - C:\ProgramData\Micro Application [26/07/2012 06:37:58] - |SD| - [2305318237] - C:\ProgramData\Microsoft [05/03/2013 00:45:17] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [05/03/2013 00:59:25] - |A| - [141] - C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [24/09/2018 10:56:14] - |A| - [105] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [31/10/2018 07:36:18] - |A| - [16] - C:\ProgramData\mntemp [02/09/2018 17:42:39] - |SHD| - [0] - C:\ProgramData\Modèles [05/03/2013 00:48:08] - |D| - [682627603] - C:\ProgramData\Norton [05/03/2013 00:47:28] - |D| - [16377349] - C:\ProgramData\NortonInstaller [11/10/2018 13:40:00] - |RASH| - [290] - C:\ProgramData\ntuser.pol [13/09/2018 10:01:38] - |D| - [82551976] - C:\ProgramData\Oracle [03/09/2018 19:13:54] - |D| - [64495734] - C:\ProgramData\Package Cache [01/08/2012 18:06:12] - |D| - [25056] - C:\ProgramData\PRICache [04/11/2018 12:32:11] - |D| - [0] - C:\ProgramData\ProcessLasso [03/11/2018 13:01:07] - |D| - [939] - C:\ProgramData\ProductData [05/10/2018 07:29:43] - |D| - [1890] - C:\ProgramData\Protexis [08/10/2018 07:31:02] - |D| - [1938] - C:\ProgramData\Protexis64 [14/09/2018 10:58:07] - |D| - [64] - C:\ProgramData\Real [03/09/2018 03:36:02] - |D| - [27071803] - C:\ProgramData\Recovery [26/07/2012 09:12:59] - |D| - [984] - C:\ProgramData\regid.1991-06.com.microsoft [12/09/2018 08:57:04] - |D| - [134653] - C:\ProgramData\RogueKiller [28/10/2018 12:31:49] - |D| - [645] - C:\ProgramData\Sony Corporation [26/07/2012 08:22:08] - |SHD| - [0] - C:\ProgramData\Start Menu [03/09/2018 19:12:20] - |D| - [4964384] - C:\ProgramData\SUPPORTDIR [26/07/2012 08:22:08] - |SHD| - [0] - C:\ProgramData\Templates [13/09/2018 08:42:45] - |D| - [2328] - C:\ProgramData\UCheck [28/10/2018 12:31:55] - |D| - [4680] - C:\ProgramData\UDL [25/09/2018 07:55:37] - |D| - [28135433] - C:\ProgramData\UVK [05/03/2013 00:30:04] - |D| - [98228771] - C:\ProgramData\WildTangent [07/09/2018 12:26:49] - |D| - [1151] - C:\ProgramData\WinZip [03/09/2018 18:28:48] - |D| - [368258] - C:\ProgramData\Wondershare [31/10/2018 07:53:18] - |D| - [24576] - C:\ProgramData\ZiBackup [16/10/2018 04:38:22] - |D| - [185894] - C:\ProgramData\Zinstall [14/09/2018 13:03:25] - |D| - [38225910] - C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44} [03/11/2018 13:00:28] - |D| - [65] - C:\ProgramData\{7F40DE3E-8294-4E24-B2EA-80F6C6BB173C} [03/11/2018 13:00:29] - |D| - [63] - C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [26/07/2012 09:13:01] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [06/09/2018 13:52:28] - |A| - [1105] - C:\ProgramData\Microsoft\Windows\Start Menu\Direct Folders.lnk [30/10/2018 14:43:58] - |A| - [2657] - C:\ProgramData\Microsoft\Windows\Start Menu\NewsMailStudio.lnk [02/09/2018 17:42:39] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [26/07/2012 09:12:59] - |RD| - [563428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [15/09/2018 13:04:29] - |D| - [6776] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3-Heights(TM) PDF Analysis & Repair [05/09/2018 05:17:11] - |D| - [3155] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3M(TM) Cloud Library PC App [30/10/2018 14:55:28] - |D| - [2614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A4Desk [30/10/2018 10:11:08] - |D| - [5873] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [26/07/2012 09:12:59] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [26/07/2012 09:12:59] - |RD| - [18212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [08/09/2018 07:20:42] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [26/07/2012 09:12:59] - |RD| - [25611] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [25/09/2018 11:03:31] - |A| - [1331] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk [03/11/2018 10:11:47] - |D| - [1658] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advance PC-Care [03/09/2018 18:45:06] - |D| - [2187] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Renamer [03/11/2018 12:59:31] - |D| - [6305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare Ultimate [13/09/2018 19:45:19] - |D| - [3738] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP [14/09/2018 09:30:07] - |D| - [4953] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft [30/10/2018 14:45:42] - |D| - [2300] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyMedia Player [05/09/2018 05:16:41] - |D| - [3767] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [04/11/2018 12:36:21] - |D| - [1813] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [11/09/2018 04:53:17] - |D| - [6950] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google [05/09/2018 05:27:34] - |D| - [1725] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser [12/09/2018 19:36:17] - |D| - [1413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design [13/09/2018 09:33:29] - |D| - [3825] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management [13/09/2018 09:25:32] - |D| - [884] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [13/09/2018 09:34:18] - |D| - [4230] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack [13/09/2018 09:44:56] - |D| - [2238] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [05/10/2018 07:08:18] - |D| - [2087] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel AfterShot Pro 3 [09/09/2018 16:37:14] - |D| - [2715] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [05/09/2018 05:53:59] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashDumpExtractor [04/10/2018 13:25:34] - |RD| - [2348] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Application Manager [10/10/2018 13:30:16] - |A| - [2041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink AudioDirector 9 (64-bit).lnk [10/10/2018 13:32:03] - |A| - [2037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink ColorDirector 7 (64-bit).lnk [10/10/2018 13:37:33] - |A| - [2070] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 10 (64-bit).lnk [10/10/2018 13:34:29] - |A| - [1982] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 17 (64-bit).lnk [30/10/2018 08:38:05] - |A| - [1954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 8 Mirror.lnk [30/10/2018 08:38:05] - |A| - [2175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 8.lnk [15/09/2018 10:47:27] - |D| - [2188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [15/09/2018 10:55:55] - |D| - [1748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [07/09/2018 13:27:42] - |D| - [1894] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [26/07/2012 09:13:01] - |SH| - [2340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/07/2012 21:21:52] - |RAS| - [787] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [13/09/2018 10:05:28] - |D| - [748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diag [30/10/2018 10:12:45] - |D| - [6234] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Video Duplicator [03/11/2018 14:36:59] - |D| - [1807] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskGenius [01/11/2018 19:13:57] - |D| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [28/10/2018 12:29:42] - |D| - [2991] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [06/09/2018 14:56:14] - |D| - [6772] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [30/10/2018 14:43:58] - |D| - [2669] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ewaycom [14/09/2018 11:41:12] - |D| - [4650] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64 [13/09/2018 09:54:32] - |D| - [1827] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [14/09/2018 08:28:28] - |A| - [898] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk [03/09/2018 22:57:36] - |A| - [1161] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [09/09/2018 14:25:45] - |D| - [1956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPeak SlimBoat [13/09/2018 15:03:08] - |A| - [1115] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk [05/03/2013 00:30:09] - |RD| - [14985] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [13/09/2018 16:36:49] - |D| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM [08/09/2018 07:36:06] - |A| - [2296] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [13/09/2018 09:27:33] - |D| - [3267] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot [05/10/2018 21:31:07] - |D| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo BitLocker Anywhere [10/09/2018 22:14:48] - |D| - [3205] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo BitLocker Data Recovery [10/09/2018 22:15:10] - |D| - [2079] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo EasyUEFI [10/10/2018 11:21:16] - |D| - [1953] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasleo WinToUSB [07/09/2018 10:09:27] - |D| - [1846] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite [12/09/2018 13:42:44] - |D| - [3764] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [03/11/2018 10:15:53] - |D| - [1094] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [03/11/2018 10:13:33] - |A| - [1383] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk [05/03/2013 00:23:32] - |RD| - [13416] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [25/07/2012 21:32:35] - |RAS| - [2312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [13/09/2018 09:54:45] - |D| - [5305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5 [15/09/2018 11:17:17] - |D| - [2375] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker [13/09/2018 10:02:33] - |D| - [6403] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [06/09/2018 20:12:10] - |D| - [1971] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetStart [13/09/2018 09:30:09] - |D| - [8028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [10/09/2018 10:23:28] - |A| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Meleon.lnk [13/09/2018 17:40:59] - |A| - [1119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [06/09/2018 13:44:00] - |D| - [2604] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid [10/09/2018 22:16:59] - |D| - [4450] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler [08/09/2018 09:43:25] - |D| - [2187] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT [26/07/2012 09:12:59] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [09/10/2018 01:28:20] - |D| - [3730] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [21/09/2018 12:01:34] - |D| - [8918] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Micro Application [05/03/2013 00:27:05] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk [14/09/2018 08:22:02] - |D| - [3272] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miro [14/09/2018 08:22:49] - |D| - [3641] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miro Video Converter [30/10/2018 10:11:30] - |D| - [3288] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morgan Stream Switcher [05/03/2013 00:46:34] - |A| - [1308] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [13/09/2018 09:47:31] - |A| - [1211] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [13/09/2018 09:29:18] - |D| - [3169] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [09/09/2018 16:37:05] - |D| - [5473] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiCommander [05/03/2013 00:28:52] - |RD| - [10353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos [14/09/2018 10:51:29] - |D| - [4198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netscape Navigator [05/03/2013 00:48:08] - |RD| - [2630] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [13/09/2018 15:06:24] - |D| - [5576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVDA [30/10/2018 14:45:19] - |D| - [1310] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Video Recorder [14/09/2018 10:49:36] - |D| - [3170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [09/09/2018 14:09:22] - |A| - [859] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk [03/09/2018 23:29:27] - |D| - [994] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon HFS+ for Windows [30/10/2018 14:46:24] - |D| - [2154] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-to-Word [13/09/2018 08:56:31] - |D| - [1104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [13/09/2018 17:59:54] - |D| - [7539] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [10/09/2018 22:16:45] - |D| - [1233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pegasun System Utilities [24/09/2018 11:02:36] - |D| - [2057] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Explosion [05/03/2013 00:46:30] - |A| - [1377] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [12/09/2018 19:34:40] - |D| - [7456] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.5 [09/09/2018 14:15:16] - |D| - [1915] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso [05/03/2013 00:29:57] - |RD| - [7612] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools [10/09/2018 10:31:34] - |D| - [10490] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB [09/09/2018 14:04:50] - |A| - [1218] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Search.lnk [10/09/2018 10:39:33] - |D| - [9184] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedFox [10/09/2018 22:16:12] - |D| - [3650] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remo Repair MOV [13/09/2018 09:17:40] - |D| - [3711] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ritlabs The Bat! [13/09/2018 09:52:49] - |D| - [838] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller [13/09/2018 09:57:27] - |D| - [862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKillerPE [13/09/2018 09:05:41] - |D| - [5689] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [14/09/2018 08:02:12] - |D| - [2726] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SD Association [09/09/2018 14:14:07] - |D| - [7966] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey [05/03/2013 00:25:55] - |RD| - [4633] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection [02/09/2018 17:47:27] - |RD| - [2292] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services [09/09/2018 19:02:12] - |D| - [940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Install Builder 5 [12/09/2018 12:33:21] - |D| - [2720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundCheck [26/07/2012 09:12:59] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [13/09/2018 15:53:27] - |A| - [1915] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync.lnk [13/09/2018 15:50:37] - |A| - [1837] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [30/10/2018 14:48:13] - |D| - [40865] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SupersonicPC [26/07/2012 09:12:59] - |RD| - [7540] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [07/09/2018 12:41:25] - |A| - [2212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemSuite Professional.lnk [03/09/2018 18:36:43] - |D| - [2358] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SysTools Google Apps Backup [26/07/2012 10:45:49] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [12/09/2018 12:35:02] - |D| - [3085] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner [13/09/2018 09:26:53] - |A| - [1045] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk [05/09/2018 05:19:40] - |D| - [3884] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [31/10/2018 07:36:15] - |A| - [821] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk [13/09/2018 09:44:18] - |D| - [2735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSS [12/09/2018 12:40:54] - |D| - [12275] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [03/09/2018 19:41:44] - |A| - [2262] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\U Webinar.lnk [13/09/2018 08:42:34] - |D| - [776] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UCheck [02/10/2018 07:29:12] - |D| - [2163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Storage Format Tool 6.0 [10/09/2018 05:20:27] - |D| - [5352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [30/10/2018 10:10:43] - |D| - [1883] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub [25/07/2012 21:13:01] - |RAS| - [2028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk [13/09/2018 09:27:24] - |D| - [4037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [03/11/2018 10:29:17] - |D| - [1913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 22.0 [03/11/2018 10:32:10] - |A| - [1883] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk [13/09/2018 09:20:56] - |A| - [1748] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [05/09/2018 05:00:26] - |D| - [1193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise JetSearch [03/09/2018 18:27:54] - |D| - [15712] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare [30/10/2018 10:12:02] - |D| - [14847] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD [04/10/2018 13:26:00] - |D| - [1173] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [26/07/2012 09:13:01] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [05/09/2018 05:17:11] - |D| - [33457175] - C:\Program Files (x86)\3M(TM) Cloud Library PC App [30/10/2018 14:55:11] - |D| - [6985488] - C:\Program Files (x86)\A4Desk [30/10/2018 10:11:07] - |D| - [520749] - C:\Program Files (x86)\AC3Filter [08/09/2018 06:37:01] - |D| - [377181423] - C:\Program Files (x86)\Adobe [03/09/2018 18:45:00] - |D| - [31734417] - C:\Program Files (x86)\Advanced Renamer [13/09/2018 19:45:05] - |D| - [47719074] - C:\Program Files (x86)\AIMP3 [14/09/2018 09:28:45] - |D| - [210935393] - C:\Program Files (x86)\Aiseesoft Studio [05/03/2013 00:20:22] - |D| - [2249244] - C:\Program Files (x86)\AMD APP [30/10/2018 14:45:37] - |D| - [38039993] - C:\Program Files (x86)\AnyMedia Player [05/09/2018 05:16:28] - |D| - [237982087] - C:\Program Files (x86)\Ashampoo [05/03/2013 00:19:36] - |D| - [61769375] - C:\Program Files (x86)\ATI Technologies [12/09/2018 19:36:01] - |D| - [24638542] - C:\Program Files (x86)\Blackmagic Design [13/09/2018 19:00:30] - |D| - [11525379] - C:\Program Files (x86)\Citrix [26/07/2012 06:37:58] - |D| - [922708782] - C:\Program Files (x86)\Common Files [25/09/2018 10:09:47] - |D| - [220863943] - C:\Program Files (x86)\Comodo [09/09/2018 14:24:55] - |D| - [7481330] - C:\Program Files (x86)\CoreFTP [05/10/2018 07:25:22] - |D| - [13711983] - C:\Program Files (x86)\Corel [05/03/2013 00:28:38] - |D| - [1852393358] - C:\Program Files (x86)\CyberLink [15/09/2018 10:44:41] - |D| - [28300703] - C:\Program Files (x86)\DAEMON Tools Lite [26/07/2012 09:13:01] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [30/10/2018 08:50:16] - |D| - [59450402] - C:\Program Files (x86)\Digital Video Duplicator [06/09/2018 13:52:27] - |D| - [5858341] - C:\Program Files (x86)\Direct Folders [11/09/2018 04:58:30] - |D| - [326739777] - C:\Program Files (x86)\Dropbox [28/10/2018 12:21:49] - |D| - [13458999] - C:\Program Files (x86)\EPSON [06/09/2018 14:56:12] - |D| - [235193361] - C:\Program Files (x86)\EPSON Software [30/10/2018 14:43:53] - |D| - [26962672] - C:\Program Files (x86)\Ewaycom [13/09/2018 15:03:01] - |D| - [12517053] - C:\Program Files (x86)\foobar2000 [13/09/2018 09:40:06] - |D| - [169514488] - C:\Program Files (x86)\FormatFactory [30/10/2018 10:10:41] - |D| - [62458] - C:\Program Files (x86)\Gabest [08/09/2018 07:14:38] - |D| - [560767529] - C:\Program Files (x86)\Google [13/09/2018 16:32:51] - |D| - [100686009] - C:\Program Files (x86)\GRETECH [05/03/2013 00:14:24] - |D| - [201911329] - C:\Program Files (x86)\Hewlett-Packard [07/09/2018 10:08:36] - |D| - [91330469] - C:\Program Files (x86)\HiSuite [03/11/2018 10:15:51] - |D| - [35088515] - C:\Program Files (x86)\Hotspot Shield [05/03/2013 00:30:13] - |D| - [68191003] - C:\Program Files (x86)\HP Games [13/09/2018 09:54:43] - |D| - [4974732] - C:\Program Files (x86)\Inno Setup 5 [05/03/2013 00:18:18] - |HD| - [215636380] - C:\Program Files (x86)\InstallShield Installation Information [26/07/2012 09:12:59] - |D| - [4846686] - C:\Program Files (x86)\Internet Explorer [03/11/2018 12:56:35] - |D| - [796499819] - C:\Program Files (x86)\IObit [09/10/2018 05:23:18] - |D| - [91285635] - C:\Program Files (x86)\Java [06/09/2018 20:12:08] - |D| - [1625760] - C:\Program Files (x86)\JetStart [13/09/2018 09:30:02] - |D| - [68872444] - C:\Program Files (x86)\K-Lite Codec Pack [10/09/2018 10:22:39] - |D| - [68543786] - C:\Program Files (x86)\K-Meleon [13/09/2018 17:40:42] - |D| - [7110420] - C:\Program Files (x86)\KeePass Password Safe 2 [06/09/2018 13:42:39] - |D| - [226809854] - C:\Program Files (x86)\Keepvid [04/10/2018 13:26:00] - |D| - [197840] - C:\Program Files (x86)\KeyCryptSDK [10/09/2018 22:16:52] - |D| - [5150170] - C:\Program Files (x86)\KeyScrambler [04/09/2018 15:07:41] - |D| - [782724] - C:\Program Files (x86)\KillSoft [08/09/2018 09:40:37] - |D| - [51312166] - C:\Program Files (x86)\Kingo ROOT [21/09/2018 11:50:42] - |D| - [3561849923] - C:\Program Files (x86)\Micro Application [13/09/2018 11:16:31] - |D| - [8534178] - C:\Program Files (x86)\Microsoft [05/03/2013 00:27:04] - |D| - [6380526] - C:\Program Files (x86)\Microsoft Office [05/03/2013 00:45:48] - |D| - [5563840] - C:\Program Files (x86)\Microsoft SkyDrive [05/03/2013 00:46:24] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition [26/07/2012 09:12:59] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [07/09/2018 12:12:26] - |D| - [6713856] - C:\Program Files (x86)\Moo0 [30/10/2018 10:11:28] - |D| - [96112] - C:\Program Files (x86)\Morgan [14/09/2018 09:00:28] - |D| - [141529603] - C:\Program Files (x86)\Mozilla Firefox [03/09/2018 22:57:34] - |D| - [515854] - C:\Program Files (x86)\Mozilla Maintenance Service [13/09/2018 09:47:21] - |D| - [130670854] - C:\Program Files (x86)\Mozilla Thunderbird [13/09/2018 09:29:17] - |D| - [11033045] - C:\Program Files (x86)\Mp3tag [01/08/2012 18:08:42] - |D| - [25757] - C:\Program Files (x86)\MSBuild [13/09/2018 09:50:24] - |D| - [28583747] - C:\Program Files (x86)\MusicBee [14/09/2018 10:51:08] - |D| - [21867727] - C:\Program Files (x86)\Netscape [05/03/2013 00:48:08] - |D| - [394474242] - C:\Program Files (x86)\Norton Internet Security [05/03/2013 00:47:28] - |D| - [26543110] - C:\Program Files (x86)\NortonInstaller [03/09/2018 19:41:40] - |D| - [34689092] - C:\Program Files (x86)\NSIS Uninstall Information [13/09/2018 15:06:09] - |D| - [103442922] - C:\Program Files (x86)\NVDA [05/03/2013 00:30:04] - |RD| - [1549625] - C:\Program Files (x86)\Online Services [30/10/2018 14:44:46] - |D| - [62033516] - C:\Program Files (x86)\Online Video Recorder [03/09/2018 23:29:26] - |D| - [805876] - C:\Program Files (x86)\Paragon Software [14/09/2018 08:20:37] - |D| - [215248684] - C:\Program Files (x86)\Participatory Culture Foundation [30/10/2018 14:46:24] - |D| - [807579] - C:\Program Files (x86)\PDF-to-Word [08/09/2018 08:51:53] - |D| - [55969201] - C:\Program Files (x86)\PDF24 [10/09/2018 22:16:38] - |D| - [9868671] - C:\Program Files (x86)\Pegasun [21/09/2018 13:23:32] - |D| - [88152038] - C:\Program Files (x86)\Photo Explosion 6.0 [10/09/2018 10:31:12] - |D| - [103319987] - C:\Program Files (x86)\ProgDVB [05/03/2013 00:18:18] - |D| - [48454551] - C:\Program Files (x86)\Realtek [10/09/2018 10:39:33] - |D| - [22406085] - C:\Program Files (x86)\RedFox [01/08/2012 18:08:43] - |D| - [38319361] - C:\Program Files (x86)\Reference Assemblies [14/09/2018 08:02:11] - |D| - [4667224] - C:\Program Files (x86)\SDA [09/09/2018 14:13:36] - |D| - [96124153] - C:\Program Files (x86)\SeaMonkey [09/09/2018 19:02:12] - |D| - [29291674] - C:\Program Files (x86)\Silent Install Builder 5 [09/09/2018 14:25:43] - |D| - [38081045] - C:\Program Files (x86)\SlimBoat [12/09/2018 12:33:21] - |D| - [2139072] - C:\Program Files (x86)\SoundCheck [30/10/2018 14:43:11] - |D| - [329233019] - C:\Program Files (x86)\Studio V5 [13/09/2018 15:51:20] - |D| - [47809672] - C:\Program Files (x86)\SugarSync [30/10/2018 14:47:39] - |D| - [61001395] - C:\Program Files (x86)\SupersonicPC [05/03/2013 00:49:07] - |D| - [2562624] - C:\Program Files (x86)\SymSilent [03/09/2018 18:36:35] - |D| - [36567293] - C:\Program Files (x86)\SysTools Google Apps Backup [12/09/2018 12:35:00] - |D| - [8010288] - C:\Program Files (x86)\TagScanner [13/09/2018 09:26:37] - |D| - [88663458] - C:\Program Files (x86)\TeamViewer [13/09/2018 09:44:17] - |D| - [1708768] - C:\Program Files (x86)\TSS [12/09/2018 12:40:27] - |D| - [58695573] - C:\Program Files (x86)\Tweaking.com [03/09/2018 12:03:22] - |D| - [9954465] - C:\Program Files (x86)\UsbFix [05/03/2013 00:34:48] - |D| - [462216] - C:\Program Files (x86)\WildGames [05/03/2013 00:30:05] - |D| - [5112135] - C:\Program Files (x86)\WildTangent Games [13/09/2018 09:48:24] - |D| - [59722699] - C:\Program Files (x86)\Winamp [30/10/2018 10:10:23] - |D| - [73057] - C:\Program Files (x86)\WinASPI [13/09/2018 09:27:14] - |D| - [812064] - C:\Program Files (x86)\WinDirStat [26/07/2012 09:12:59] - |D| - [1188160] - C:\Program Files (x86)\Windows Defender [05/03/2013 00:46:07] - |D| - [90972365] - C:\Program Files (x86)\Windows Live [26/07/2012 09:12:59] - |D| - [5731328] - C:\Program Files (x86)\Windows Mail [26/07/2012 09:12:59] - |D| - [3663899] - C:\Program Files (x86)\Windows Media Player [26/07/2012 09:12:59] - |D| - [219648] - C:\Program Files (x86)\Windows Multimedia Platform [26/07/2012 09:12:59] - |D| - [7594554] - C:\Program Files (x86)\Windows NT [26/07/2012 09:12:59] - |D| - [5479880] - C:\Program Files (x86)\Windows Photo Viewer [26/07/2012 09:12:59] - |D| - [219648] - C:\Program Files (x86)\Windows Portable Devices [26/07/2012 09:12:59] - |SD| - [0] - C:\Program Files (x86)\Windows Sidebar [05/09/2018 05:00:25] - |D| - [7531675] - C:\Program Files (x86)\Wise [03/09/2018 18:27:42] - |D| - [84997266] - C:\Program Files (x86)\Wondershare [30/10/2018 10:11:56] - |D| - [152480] - C:\Program Files (x86)\XviD [04/10/2018 13:25:57] - |D| - [18641630] - C:\Program Files (x86)\Zemana AntiLogger [16/10/2018 04:44:36] - |D| - [146920496] - C:\Program Files (x86)\Zinstall Backup ---------- | C:\Program Files [03/11/2018 10:11:44] - |D| - [9174493] - C:\Program Files\Advance PC-Care [05/03/2013 00:19:37] - |D| - [27488048] - C:\Program Files\ATI [14/09/2018 10:35:36] - |D| - [15447768] - C:\Program Files\AVAST Software [03/11/2018 10:13:58] - |D| - [742232909] - C:\Program Files\AVG [12/09/2018 19:36:25] - |D| - [1111450869] - C:\Program Files\Blackmagic Design [13/09/2018 09:33:29] - |D| - [197033995] - C:\Program Files\Calibre2 [13/09/2018 09:25:31] - |D| - [38556192] - C:\Program Files\CCleaner [13/09/2018 09:34:15] - |D| - [22898251] - C:\Program Files\ComicRack [26/07/2012 06:37:58] - |D| - [116766655] - C:\Program Files\Common Files [05/10/2018 07:00:44] - |D| - [447667301] - C:\Program Files\Corel [09/09/2018 16:37:13] - |D| - [4470414] - C:\Program Files\CPUID [05/09/2018 05:53:44] - |D| - [47545536] - C:\Program Files\CrashDumpExtractor [20/09/2018 08:12:51] - |D| - [2222219275] - C:\Program Files\CyberLink [15/09/2018 10:55:00] - |D| - [61010373] - C:\Program Files\DAEMON Tools Pro [07/09/2018 13:20:55] - |D| - [131644590] - C:\Program Files\DAUM [26/07/2012 09:13:11] - |ASH| - [174] - C:\Program Files\desktop.ini [13/09/2018 10:05:15] - |D| - [53432203] - C:\Program Files\Diag [03/11/2018 14:36:44] - |D| - [44469629] - C:\Program Files\DiskGenius [13/09/2018 15:48:48] - |D| - [2932952] - C:\Program Files\Everything [14/09/2018 11:40:52] - |D| - [15563482] - C:\Program Files\ffdshow [02/09/2018 17:42:40] - |SHD| - [0] - C:\Program Files\Fichiers communs [13/09/2018 09:54:28] - |D| - [27295110] - C:\Program Files\FileZilla FTP Client [14/09/2018 08:27:25] - |D| - [186023152] - C:\Program Files\Firefox Nightly [11/09/2018 08:54:56] - |D| - [59949068] - C:\Program Files\Google [13/09/2018 09:27:32] - |D| - [3119055] - C:\Program Files\Greenshot [10/09/2018 22:11:42] - |D| - [295273262] - C:\Program Files\Hasleo [05/03/2013 00:14:23] - |D| - [3855844] - C:\Program Files\Hewlett-Packard [12/09/2018 13:42:38] - |D| - [11713320] - C:\Program Files\HitmanPro [26/07/2012 09:12:59] - |D| - [6686119] - C:\Program Files\Internet Explorer [13/09/2018 10:01:29] - |D| - [199358723] - C:\Program Files\Java [13/09/2018 18:46:29] - |D| - [167839107] - C:\Program Files\Malwarebytes [09/09/2018 14:24:17] - |D| - [20173976] - C:\Program Files\MediaInfo [13/09/2018 08:45:56] - |D| - [155127717] - C:\Program Files\Mozilla Firefox [01/08/2012 18:08:13] - |D| - [25757] - C:\Program Files\MSBuild [09/09/2018 16:37:02] - |D| - [20155340] - C:\Program Files\MultiCommander (x64) [05/03/2013 00:43:57] - |RD| - [597724] - C:\Program Files\Online Services [09/09/2018 14:08:50] - |D| - [104172344] - C:\Program Files\Pale Moon [15/09/2018 13:04:27] - |D| - [10555186] - C:\Program Files\PDF Tools AG [13/09/2018 17:56:07] - |D| - [45465480] - C:\Program Files\PDFCreator [12/09/2018 19:33:29] - |D| - [234468234] - C:\Program Files\PostgreSQL [09/09/2018 14:14:32] - |D| - [31752659] - C:\Program Files\Process Lasso [05/03/2013 00:09:52] - |D| - [32813008] - C:\Program Files\Realtek [01/08/2012 18:08:13] - |D| - [36665513] - C:\Program Files\Reference Assemblies [10/09/2018 22:16:08] - |D| - [21875630] - C:\Program Files\Remo Repair MOV 2.0 [13/09/2018 09:52:34] - |D| - [53062552] - C:\Program Files\RogueKiller [13/09/2018 09:57:20] - |D| - [43174652] - C:\Program Files\RogueKillerPE [10/09/2018 10:23:51] - |D| - [15772465] - C:\Program Files\Sandboxie [13/09/2018 15:49:02] - |D| - [12353544] - C:\Program Files\SumatraPDF [03/11/2018 10:16:05] - |D| - [272409] - C:\Program Files\TAP-Windows [13/10/2018 06:00:45] - |D| - [6494649] - C:\Program Files\TeraCopy [13/09/2018 09:17:37] - |D| - [120889741] - C:\Program Files\The Bat! [31/10/2018 07:36:09] - |D| - [29813932] - C:\Program Files\Total Uninstall 6 [13/09/2018 08:42:19] - |D| - [63340376] - C:\Program Files\UCheck [15/09/2018 11:15:15] - |D| - [50421957] - C:\Program Files\Ultracopier [02/10/2018 07:29:12] - |D| - [1790505] - C:\Program Files\USB Disk Storage Format Tool [25/09/2018 07:55:36] - |D| - [13433278] - C:\Program Files\UVK - Ultra Virus Killer [10/09/2018 05:19:51] - |D| - [172381388] - C:\Program Files\VideoLAN [26/07/2012 09:12:59] - |D| - [8842553] - C:\Program Files\Windows Defender [26/07/2012 10:45:49] - |D| - [8971384] - C:\Program Files\Windows Journal [26/07/2012 09:12:59] - |D| - [6188032] - C:\Program Files\Windows Mail [26/07/2012 09:12:59] - |D| - [5638207] - C:\Program Files\Windows Media Player [26/07/2012 09:12:59] - |D| - [277504] - C:\Program Files\Windows Multimedia Platform [26/07/2012 09:12:59] - |D| - [7960634] - C:\Program Files\Windows NT [26/07/2012 09:12:59] - |D| - [6429128] - C:\Program Files\Windows Photo Viewer [26/07/2012 09:12:59] - |D| - [277504] - C:\Program Files\Windows Portable Devices [26/07/2012 09:12:59] - |SHD| - [0] - C:\Program Files\Windows Sidebar [26/07/2012 09:12:59] - |D| - [1128862407] - C:\Program Files\WindowsApps [14/09/2018 10:48:00] - |D| - [189003] - C:\Program Files\WinPcap [13/09/2018 09:27:23] - |D| - [7288368] - C:\Program Files\WinRAR [03/11/2018 10:29:13] - |D| - [355609388] - C:\Program Files\WinZip [13/09/2018 09:20:20] - |D| - [186622005] - C:\Program Files\Wireshark ---------- | C:\Program Files (x86)\Common Files [08/09/2018 06:37:02] - |D| - [595833660] - C:\Program Files (x86)\Common Files\Adobe [13/09/2018 15:49:10] - |D| - [30807873] - C:\Program Files (x86)\Common Files\Adobe AIR [06/09/2018 13:46:08] - |D| - [6739453] - C:\Program Files (x86)\Common Files\Aimersoft [04/09/2018 08:29:43] - |D| - [83073508] - C:\Program Files (x86)\Common Files\AntiVirus [21/09/2018 12:18:46] - |D| - [8165383] - C:\Program Files (x86)\Common Files\Borland Shared [13/09/2018 19:00:40] - |D| - [51600] - C:\Program Files (x86)\Common Files\Citrix [05/03/2013 00:37:28] - |D| - [94320] - C:\Program Files (x86)\Common Files\CyberLink [05/03/2013 00:18:12] - |D| - [3692915] - C:\Program Files (x86)\Common Files\InstallShield [03/11/2018 13:00:28] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit [13/09/2018 10:02:55] - |D| - [1973744] - C:\Program Files (x86)\Common Files\Java [07/09/2018 11:46:34] - |D| - [675260] - C:\Program Files (x86)\Common Files\logishrd [26/07/2012 09:12:59] - |D| - [45531530] - C:\Program Files (x86)\Common Files\Microsoft Shared [10/10/2018 13:37:39] - |D| - [1488873] - C:\Program Files (x86)\Common Files\Nikon [13/09/2018 10:01:17] - |D| - [1540315] - C:\Program Files (x86)\Common Files\Oracle [05/10/2018 07:26:27] - |D| - [2073312] - C:\Program Files (x86)\Common Files\Protexis [13/09/2018 09:48:35] - |D| - [4780336] - C:\Program Files (x86)\Common Files\PX Storage Engine [26/07/2012 09:12:59] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [02/09/2018 18:20:30] - |D| - [661200] - C:\Program Files (x86)\Common Files\Symantec Shared [26/07/2012 09:12:59] - |D| - [9863051] - C:\Program Files (x86)\Common Files\System [05/03/2013 00:45:06] - |D| - [125659747] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [05/03/2013 00:09:47] - |D| - [678912] - C:\Program Files\Common files\ATI Technologies [06/09/2018 00:17:21] - |D| - [4320948] - C:\Program Files\Common files\AV [03/09/2018 23:41:32] - |D| - [2022264] - C:\Program Files\Common files\AVAST Software [03/11/2018 10:19:35] - |D| - [2070592] - C:\Program Files\Common files\AVG [06/09/2018 13:39:08] - |D| - [152640] - C:\Program Files\Common files\EPSON [07/09/2018 11:20:13] - |D| - [1359652] - C:\Program Files\Common files\logishrd [26/07/2012 09:12:59] - |D| - [85256704] - C:\Program Files\Common files\microsoft shared [05/10/2018 07:11:19] - |D| - [2987232] - C:\Program Files\Common files\Protexis [26/07/2012 09:12:59] - |D| - [2702] - C:\Program Files\Common files\Services [05/03/2013 00:49:04] - |D| - [420776] - C:\Program Files\Common files\Symantec Shared [26/07/2012 09:12:59] - |D| - [11127179] - C:\Program Files\Common files\System [14/09/2018 10:47:00] - |A| - [444283] - C:\Program Files\Common files\WinPcapNmap.exe [05/09/2018 05:23:39] - |D| - [5922771] - C:\Program Files\Common files\Wondershare ---------- | Tasks [MD5.E06211B8A8DA0A940FDA2C58CB038C73] - [13/09/2018 10:07:58] - |A| - [1052] - C:\Windows\Tasks\Adobe Flash Player NPAPI Notifier.job [MD5.BD1BF95C5DD4AF3B9E3905BC0A475310] - [13/09/2018 15:46:01] - |A| - [1064] - C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job [MD5.3A10626C502923AB796DE254FA347EBF] - [13/09/2018 10:07:58] - |A| - [1002] - C:\Windows\Tasks\Adobe Flash Player Updater.job [MD5.2E8A2CA1464753D9164560457B0A817D] - [13/09/2018 09:25:32] - |A| - [300] - C:\Windows\Tasks\CCleaner Update.job [MD5.A8B39ABEF32B1BA1B6DD76537BAD3249] - [20/09/2018 14:22:28] - |A| - [274] - C:\Windows\Tasks\Cyberlink Trigger Task.job [MD5.8E63AD430A40D9C8C9C74E4001868256] - [11/09/2018 04:59:24] - |A| - [1220] - C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job [MD5.0E093F497521E29567124F0A8B0FD4BF] - [11/09/2018 04:59:26] - |A| - [1224] - C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job [MD5.9A6BD68F921730E50EBCE2BED5171D33] - [28/10/2018 12:21:02] - |A| - [763] - C:\Windows\Tasks\EPSON XP-710 Series Invitation {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B}.job [MD5.2B63D79773B5C262A431FFD7B1745751] - [28/10/2018 12:21:00] - |A| - [949] - C:\Windows\Tasks\EPSON XP-710 Series Update {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B}.job [MD5.00000000000000000000000000000000] - [11/10/2018 07:58:34] - |D| - [0] - C:\Windows\Tasks\ImCleanDisabled [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [26/07/2012 08:22:10] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.C2F5141D2693C6267EEC3F4C3A31C95D] - [10/10/2018 10:40:28] - |A| - [290] - C:\Windows\Tasks\Start InstallSafe Schedule.job [MD5.C9B03FA78E104A20D521029F8E5BD6C5] - [10/10/2018 10:40:28] - |A| - [316] - C:\Windows\Tasks\Start InstallSafe Update.job [MD5.B2E7CB9CB4C7234E918490B226872F54] - [12/09/2018 12:41:28] - |A| - [574] - C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job [MD5.2169DAE6F2527E98B19B04C7730F1AFA] - [25/10/2018 12:11:45] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.64269268ACA424F1A8E6890D29AF9B3B] - [25/09/2018 10:11:47] - |A| - [3480] - C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jean-marie.carribon@wanadoo.fr : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.A5F12270FCEBC448BB29E1DD6EFCB307] - [04/11/2018 12:34:21] - |A| - [3044] - C:\Windows\System32\Tasks\Advance PC-Care_Logon : C:\Program Files\Advance PC-Care\adpc.exe [MD5.19ACA3E0EDD76107ECB13EDEEB6A8A33] - [04/11/2018 12:34:13] - |A| - [3904] - C:\Windows\System32\Tasks\Antivirus Emergency Update : C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [MD5.4D95648DACB813367ECF5994BCC2B419] - [03/11/2018 13:01:05] - |A| - [3066] - C:\Windows\System32\Tasks\ASCU11_PerformanceMonitor : C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe [MD5.4DC6E91F3B6F6401C53B1EBF295D7FD8] - [03/11/2018 13:00:32] - |A| - [2866] - C:\Windows\System32\Tasks\ASCU11_SkipUac_Jean-Marie : C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe [MD5.5042C30A57B311338AE405BD09C878E6] - [03/09/2018 23:42:45] - |A| - [4168] - C:\Windows\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [07/09/2018 15:04:30] - |D| - [0] - C:\Windows\System32\Tasks\AVAST Software [MD5.00000000000000000000000000000000] - [03/11/2018 10:29:15] - |D| - [3862] - C:\Windows\System32\Tasks\AVG [MD5.0369C236ABF723AFBF40893D13E108FF] - [25/09/2018 12:14:00] - |A| - [3188] - C:\Windows\System32\Tasks\CCAVPostInstall : C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [MD5.4C3186449058795D2A6AA8BC195AD5D1] - [05/10/2018 07:27:42] - |A| - [3338] - C:\Windows\System32\Tasks\CorelUpdateHelperTaskCore : c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [MD5.714A88C9EF97C3767FD8E629859FA8D2] - [11/09/2018 04:59:25] - |A| - [3960] - C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.134513F0FEA7D6614A97304B015F4239] - [11/09/2018 04:59:26] - |A| - [4196] - C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.FE811FD1791AE94D5C14DB7B1275B9BA] - [28/10/2018 12:21:02] - |A| - [3794] - C:\Windows\System32\Tasks\EPSON XP-710 Series Invitation {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [MD5.871F0E932B67DE5B2FDE710153FF1803] - [28/10/2018 12:21:00] - |A| - [3980] - C:\Windows\System32\Tasks\EPSON XP-710 Series Update {2C6FA55B-2D45-4F1A-A7E2-2F5337CF461B} : C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLPE.EXE [MD5.E09784C0F474A056EB36F6432492856F] - [03/11/2018 10:11:55] - |A| - [3692] - C:\Windows\System32\Tasks\Goodgame Empire1 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [MD5.582CD5F0C645892C7F50264FA2420822] - [03/11/2018 10:11:57] - |A| - [3692] - C:\Windows\System32\Tasks\Goodgame Empire2 : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [MD5.C0E59A2D9CB04910D25A749B7E9979AD] - [08/09/2018 07:24:29] - |A| - [3374] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.DD7F8E1C276E1044D30DF2EA63FE846D] - [08/09/2018 07:24:41] - |A| - [3502] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [05/03/2013 00:24:20] - |D| - [0] - C:\Windows\System32\Tasks\Hewlett-Packard [MD5.00000000000000000000000000000000] - [26/07/2012 09:12:59] - |D| - [370092] - C:\Windows\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [05/09/2018 18:45:38] - |D| - [6714] - C:\Windows\System32\Tasks\Norton Internet Security [MD5.C73CF3F1EDD39BA9C8268D4165C7330A] - [05/03/2013 00:49:04] - |A| - [3234] - C:\Windows\System32\Tasks\Norton WSC Integration : "C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe" [MD5.4AD2F03648278DA8DB67F4D2CF4D8B65] - [03/09/2018 22:59:09] - |A| - [4162] - C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1536011848 : C:\Users\Jean-Marie\AppData\Local\Programs\Opera\launcher.exe [MD5.04E54FDF566CF729091525057010764C] - [02/09/2018 17:55:27] - |A| - [3598] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-324915258-2866797553-3726413251-1001 : C:\Users\Jean-Marie\AppData\Local\Programs\Opera\launcher.exe [MD5.F3ABD7891ECC7FBF91E31130E8CDECCB] - [27/10/2018 08:51:43] - |A| - [3000] - C:\Windows\System32\Tasks\Process Lasso Core Engine Only : "C:\Program Files\Process Lasso\processgovernor.exe" [MD5.F3354A3F527F04E83371E03EC150159D] - [27/10/2018 08:51:40] - |A| - [2994] - C:\Windows\System32\Tasks\Process Lasso Management Console (GUI) : "C:\Program Files\Process Lasso\processlasso.exe" [MD5.00000000000000000000000000000000] - [06/09/2018 00:17:29] - |D| - [3930] - C:\Windows\System32\Tasks\Remediation [MD5.DAFC7BE5550ADFDCCE8FED03B44BCDBD] - [28/09/2018 04:07:55] - |A| - [3980] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{894F9756-3BDE-4E8A-AC50-A7CC1E86F4AD} : C:\Windows\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [02/09/2018 17:48:36] - |D| - [0] - C:\Windows\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [26/07/2012 09:12:59] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-TCP-RPC-In"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "{89B83CD1-558C-4248-BCAC-6E18627F6B2F}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\AVG\Antivirus\AvEmUpdate.exe|Name=Antivirus Emergency Update| "{99CE8507-0132-4395-98DD-B15B75CE8461}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\AVG\Antivirus\AvEmUpdate.exe|Name=Antivirus Emergency Update| [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"=C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3D1B53F5-C26E-427D-9562-34B2290F159E}] : (KeyScrambler) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem15.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{54505F9E-EE66-4F1D-A63B-B853A1759385}] : (SymNetS) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{56EBD688-B772-4181-9610-8633FCEE988D}] : (SymIRON) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7E0006EA-81A8-4780-B0C8-474E2DBF4D63}] : (IDSVia64) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem7.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{997b5d8d-c442-4f2e-baf3-9c8e671e9e21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bc103702-dd72-406f-9b28-95c868337b59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [04/11/2018 12:33:45] - (18.7.4031.0) - (AVG Technologies CZ, s.r.o. - AVG Revert) - C:\Windows\system32\drivers\avgRvrt.sys [03/09/2018 23:29:52] - (11.0.0.0) - (Paragon Software Group - Apple Partition Map Driver) - C:\Windows\system32\DRIVERS\apmwin.sys [04/09/2018 03:15:08] - (11.0.0.0) - (Paragon Software Group - HFS+ Mounter Helper Driver) - C:\Windows\system32\DRIVERS\mounthlp.sys [04/09/2018 03:25:35] - (0.0.0.0) - ( -) - C:\Windows\system32\DRIVERS\gpt_loader.sys [15/09/2018 10:46:41] - (4.49.1.352) - (Disc Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\Windows\System32\drivers\dtsoftbus01.sys [04/11/2018 12:33:45] - (18.7.4031.0) - (AVG Technologies CZ, s.r.o. - AVG self protection module) - C:\Windows\system32\drivers\avgSP.sys [04/10/2018 09:15:45] - (2018.5.0.1046) - (Emsisoft Ltd - Emsisoft Protection Platform) - C:\EEK\bin64\epp.sys [04/11/2018 12:33:45] - (18.7.4031.0) - (AVG Technologies CZ, s.r.o. - AVG Keyboard Filter Driver) - C:\Windows\system32\drivers\avgKbd.sys [13/09/2018 17:09:52] - (2.454.2037.0) - (Google, Inc. - Google Drive File System Driver) - C:\Windows\system32\DRIVERS\googledrivefs2454.sys [04/10/2018 13:30:30] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zamguard64.sys [04/10/2018 13:30:31] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zam64.sys [08/09/2018 08:51:43] - (1.2.0.264) - (Glarysoft Ltd - The driver for the Startup Manager tool) - C:\Windows\System32\drivers\GUSBootStartup.sys [14/05/2017 23:34:10] - (6.1.3.0) - (Elaborate Bytes AG - ElbyCD Windows x64 I/O driver) - C:\Windows\System32\Drivers\ElbyCDIO.sys [05/03/2013 00:37:30] - (1.0.0.621) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [21/04/2016 10:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\tap0901.sys [30/07/2012 12:00:23] - (2.1.0.7) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\Windows\system32\DRIVERS\L1C63x64.sys [30/10/2018 08:38:12] - (1.2.0.11411) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\Windows\system32\DRIVERS\clwvd8.sys [15/09/2018 10:56:08] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Pro Virtual SCSI Bus Driver) - C:\Windows\System32\drivers\dtproscsibus.sys [06/09/2018 13:43:29] - (1.0.0.1) - (Wondershare - Wondershare Virtual Audio Device) - C:\Windows\system32\drivers\VirtualAudio.sys [08/03/2018 19:37:46] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - Explore Systems Virtual Audio Device) - C:\Windows\system32\drivers\dfx12x64.sys [26/07/2012 03:30:41] - (5.1.2.234) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL [10/09/2018 22:16:57] - (3.10.0.0) - (QFX Software Corporation - KeyScrambler Keyboard Encryption Driver) - C:\Windows\System32\drivers\keyscrambler.sys [04/10/2018 13:26:01] - (1.8.2.328) - (Zemana Ltd. - Zemana AntiLogger Free) - C:\Windows\system32\DRIVERS\KeyCrypt64.sys [15/09/2018 13:43:24] - (0.0.0.0) - ( -) - C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 7\IFS64.sys [04/11/2018 12:33:45] - (18.7.4031.0) - (AVG Technologies CZ, s.r.o. - AVG File System Minifilter for Windows 2003/Vista) - C:\Windows\system32\drivers\avgMonFlt.sys [03/09/2018 23:29:50] - (11.0.0.0) - (Paragon Software Group - HFS+ File System Recognizer) - C:\Windows\system32\DRIVERS\hfsplusrec.sys [16/07/2010 01:45:42] - (4.1.0.2001) - (CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\Windows\system32\drivers\npf.sys [24/09/2018 11:51:36] - (1.3.0.0) - (AnchorFree Inc. - Hotspot Shield support device driver) - C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [04/11/2018 12:33:03] - (1.0.4.3) - (CPUID - CPUID Driver) - C:\Windows\temp\cpuz143\cpuz143_x64.sys [03/11/2018 12:59:27] - (1.2.0.5) - (IObit -) - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys ---------- | LoadOrderGroup Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK Name: Early-Launch - DriverEnabled: False - GroupOrder: 73 - Status: OK Name: _Early-Launch - DriverEnabled: False - GroupOrder: 74 - Status: OK ---------- | LoadOrderGroupServiceDependencies LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs" ---------- | LoadOrderGroupServiceMembers LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc" LoadOrderGroup.Name="System Reserved" - Service.Name="ASCAntivirusSrv" LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder" LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="AVG Antivirus" LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure" LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch" LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall" LoadOrderGroup.Name="TDI" - Service.Name="Dhcp" LoadOrderGroup.Name="TDI" - Service.Name="Dnscache" LoadOrderGroup.Name="TDI" - Service.Name="dot3svc" LoadOrderGroup.Name="Event Log" - Service.Name="EventLog" LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc" LoadOrderGroup.Name="PNP_TDI" - Service.Name="HitmanProScheduler" LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation" LoadOrderGroup.Name="TDI" - Service.Name="lmhosts" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM" LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc" LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI" LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon" LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay" LoadOrderGroup.Name="Plugplay" - Service.Name="Power" LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs" LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs" LoadOrderGroup.Name="UIGroup" - Service.Name="SbieSvc" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr" LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection" LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler" LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc" LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc" LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware" LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adp94xx" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpahci" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpu320" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amd_sata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amd_xata" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="apmwin" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AQFileRestore" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="arc" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="avgKbd" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="avgMonFlt" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="avgRdr" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="avgRvrt" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="avgSnx" LoadOrderGroup.Name="FSFilter Security Enhancer" - SystemDriver.Name="avgSP" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="avgStm" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="avgVmm" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender" LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep" LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc" LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc" LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser" LoadOrderGroup.Name="Base" - SystemDriver.Name="BprotectEx" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum" LoadOrderGroup.Name="Base" - SystemDriver.Name="catchme" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="ccSet_NIS" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass" LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS" LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus" LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc" LoadOrderGroup.Name="Base" - SystemDriver.Name="dg_ssudbus" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="dtproscsibus" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="dtsoftbus01" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="e1iexpress" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="epp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="FxPPM" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx" LoadOrderGroup.Name="File System" - SystemDriver.Name="googledrivefs2454" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gpt_loader" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus" LoadOrderGroup.Name="File System" - SystemDriver.Name="hfsplus" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="HfsplusRec" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd" LoadOrderGroup.Name="Video" - SystemDriver.Name="HyperVideo" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV" LoadOrderGroup.Name="Video" - SystemDriver.Name="igfx" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iirsp" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="IMFMBRProtect" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp" LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="kbdclass" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="kbdhid" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic" LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="keycrypt" LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD" LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SCSI" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="MegaSR" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem" LoadOrderGroup.Name="Pointer Class" - SystemDriver.Name="mouclass" LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="mouhid" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="mounthlp" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr" LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge" LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig" LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP" LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NDProxy" LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nfrd960" LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="Ntfs" LoadOrderGroup.Name="Base" - SystemDriver.Name="Null" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp" LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia" LoadOrderGroup.Name="Base" - SystemDriver.Name="pcw" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched" LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd" LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr" LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial" LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SRTSP" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2" LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt" LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="SymDS" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="SymEFA" LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="SymELAM" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SymIRON" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tap0901" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Trufos" LoadOrderGroup.Name="base" - SystemDriver.Name="TsUsbFlt" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35" LoadOrderGroup.Name="Base" - SystemDriver.Name="UCX01000" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs" LoadOrderGroup.Name="FSFilter Content Screener" - SystemDriver.Name="UI5IFS" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="usbfilter" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub" LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci" LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="viaide" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen" LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="WFPLWFS" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wpcfltr" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl" LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan" LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf" LoadOrderGroup.Name="Base" - SystemDriver.Name="WUDFRd" ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - adp94xx () -> System32\drivers\adp94xx.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - adpahci () -> System32\drivers\adpahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - adpu320 () -> System32\drivers\adpu320.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - amd_sata () -> System32\drivers\amd_sata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - amd_xata () -> System32\drivers\amd_xata.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - apmwin (Apple Partition Map Driver) -> system32\DRIVERS\apmwin.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - arc () -> System32\drivers\arc.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - avgRvrt (avgRvrt) -> system32\drivers\avgRvrt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - gpt_loader (GUID Partition table support driver) -> system32\DRIVERS\gpt_loader.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iirsp () -> System32\drivers\iirsp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SCSI () -> System32\drivers\lsi_scsi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MegaSR () -> System32\drivers\MegaSR.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mounthlp (Mounter helper driver for HFS+ volumes) -> system32\DRIVERS\mounthlp.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nfrd960 () -> System32\drivers\nfrd960.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\DRIVERS\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Wd (@wd.inf,%WdServiceDisplayName%;Microsoft Watchdog Timer Driver) -> System32\drivers\wd.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - avgKbd (avgKbd) -> system32\drivers\avgKbd.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - avgSP (avgSP) -> system32\drivers\avgSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CLVirtualDrive (CLVirtualDrive) -> \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - dtsoftbus01 (@oem30.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver) -> \SystemRoot\System32\drivers\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ElbyCDIO (ElbyCDIO Driver) -> System32\Drivers\ElbyCDIO.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - epp (epp) -> \??\C:\EEK\bin64\epp.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - googledrivefs2454 (googledrivefs2454) -> system32\DRIVERS\googledrivefs2454.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GUSBootStartup (GUSBootStartup) -> \??\C:\Windows\System32\drivers\GUSBootStartup.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\Windows\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\Windows\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - avgMonFlt (avgMonFlt) -> system32\drivers\avgMonFlt.sys - AcceptPause: False - AcceptStop: True S2 - [Kernel Driver] - csvol (Core Storage Volumes Driver) -> \SystemRoot\system32\DRIVERS\csvol.sys - AcceptPause: False - AcceptStop: False R2 - [File System Driver] - HfsplusRec (HFS+ File System Recognizer) -> system32\DRIVERS\hfsplusrec.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - npf (NetGroup Packet Filter Driver) -> system32\drivers\npf.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - UI5IFS (Ashampoo Uninstaller FileSystemChanges Driver) -> \??\C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 7\IFS64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - AFTrafMgr1.4 (AFTrafMgr1.4) -> \??\C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - AnyDVD (AnyDVD) -> System32\Drivers\AnyDVD.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AppID (@%systemroot%\system32\appidsvc.dll,-102) -> \SystemRoot\system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - AQFileRestore (AQFileRestore) -> system32\DRIVERS\AQFileRestore.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) -> system32\DRIVERS\asyncmac.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - avgArPot (avgArPot) -> system32\drivers\avgArPot.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - avgbidsdriver (avgbidsdriver) -> system32\drivers\avgbidsdrivera.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - avgbidsh (avgbidsh) -> system32\drivers\avgbidsha.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - avgblog (avgblog) -> system32\drivers\avgbloga.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - avgbuniv (avgbuniv) -> system32\drivers\avgbuniva.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - avgHwid (avgHwid) -> system32\drivers\avgHwid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - avgRdr (avgRdr) -> system32\drivers\avgRdr2.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - avgSnx (avgSnx) -> system32\drivers\avgSnx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - avgStm (avgStm) -> system32\drivers\avgStm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - avgVmm (avgVmm) -> system32\drivers\avgVmm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - awealloc (awealloc) -> \??\C:\Windows\system32\drivers\awealloc.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BTHMODEM (@bthspp.inf,%BthSerial.DisplayName%;Bluetooth Serial Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ccSet_NIS (Norton Internet Security Settings Manager) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - clwvd8 (@oem35.inf,%clwvd.DeviceDesc% Service;CyberLink YouCam 8 Service) -> \SystemRoot\system32\DRIVERS\clwvd8.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - CompositeBus (@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\drivers\CompositeBus.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - cpuz143 (cpuz143) -> \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - DFX11_1 (@oem28.inf,%DFX_Device.SvcDesc%;DFX Audio Enhancer 11.1) -> \SystemRoot\system32\drivers\dfx11_1x64.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - DFX12 (@oem29.inf,%DFX_Device.SvcDesc%;DFX Audio Enhancer) -> \SystemRoot\system32\drivers\dfx12x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - dg_ssudbus (@oem32.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\drivers\drmkaud.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - dtproscsibus (@oem31.inf,%DTPROSCSIBUS.DeviceDesc%;DAEMON Tools Pro Virtual SCSI Bus) -> \SystemRoot\System32\drivers\dtproscsibus.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - e1iexpress (@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I) -> \SystemRoot\system32\DRIVERS\e1i63x64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - eeCtrl (Symantec Eraser Control driver) -> \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - EraserUtilRebootDrv (EraserUtilRebootDrv) -> \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - FxPPM (@cpu.inf,%FxPPM.SvcDesc%;Power Framework Processor Driver) -> \SystemRoot\System32\drivers\fxppm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service) -> \SystemRoot\system32\drivers\HdAudio.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - hfsplus (HFS+ File System Driver) -> system32\DRIVERS\hfsplus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HyperVideo () -> \SystemRoot\system32\DRIVERS\HyperVideo.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - i8042prt (@msmouse.inf,%i8042prt.SvcDesc%;PS/2 Keyboard and Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - igfx () -> \SystemRoot\system32\DRIVERS\igdkmd64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - imdisk (imdisk) -> \??\C:\Windows\system32\drivers\imdisk.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - iobit_monitor_server (iobit_monitor_server) -> \??\C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\drivers\Monitor_win7_x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\system32\DRIVERS\kdnic.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - keycrypt () -> system32\DRIVERS\KeyCrypt64.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - KeyScrambler () -> System32\drivers\keyscrambler.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - L1C (@oem4.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\system32\DRIVERS\L1C63x64.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - LVRS64 (@oem23.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - LVUVC64 (@oem24.inf,%PID_081B_DD%(UVC);Logitech HD Webcam C310(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Service Pilote de fonction de classe Moniteur Microsoft) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\FirewallAPI.dll,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> \SystemRoot\system32\DRIVERS\bridge.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;GPIO Buttons Driver) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\drivers\MSKSSRV.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MsLldp (@C:\Windows\system32\DRIVERS\mslldp.sys,-200) -> \SystemRoot\system32\DRIVERS\mslldp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\drivers\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\drivers\MSPQM.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\drivers\MSTEE.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> \SystemRoot\system32\DRIVERS\ndiscap.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> \SystemRoot\system32\DRIVERS\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> \SystemRoot\system32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - Ndisuio (@ndisuio.inf,%NDISUIO_Desc%;NDIS Usermode I/O Protocol) -> \SystemRoot\system32\DRIVERS\ndisuio.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - NDISWANLEGACY (@%systemroot%\system32\rascfg.dll,-32014) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - NDProxy (NDIS Proxy) -> (?) - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - Ntfs () -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) -> \SystemRoot\system32\DRIVERS\raspptp.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\system32\DRIVERS\AgileVpn.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) -> \SystemRoot\system32\DRIVERS\rasl2tp.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> \SystemRoot\system32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\system32\DRIVERS\rassstp.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RDPWD (RDP Winstation Driver) -> (?) - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - rzc7359za (rzc7359za) -> \??\C:\Windows\system32\drivers\zinstall_z77\rzc7359za.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SbieDrv (SbieDrv) -> \??\C:\Program Files\Sandboxie\SbieDrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - SRTSP (Symantec Real Time Storage Protection x64) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSP64.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SRTSPX (Symantec Real Time Storage Protection (PEL) x64) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ssudmdm (@oem33.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudmdm.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - SymDS (Symantec Data Store) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - SymEFA (Symantec Extended File Attributes) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SymELAM (Symantec ELAM Driver) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SymEvent () -> \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SymIRON (Symantec Iron Driver) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SymNetS (Symantec Network Security WFP Driver) -> \??\C:\Windows\system32\drivers\NISx64\1406000.01B\SYMNETS.SYS - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - tap0901 (@oem36.inf,%DeviceDescription%;TAP-Windows Adapter V9) -> \SystemRoot\system32\DRIVERS\tap0901.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - TCPIP6 (@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver) -> \SystemRoot\system32\DRIVERS\tcpip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\system32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - Trufos (Trufos) -> system32\DRIVERS\TRUFOS.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TsUsbFlt () -> system32\drivers\tsusbflt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Pilote de carte miniport Microsoft Tunnel) -> \SystemRoot\system32\DRIVERS\tunnel.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UCX01000 (USB Controller Extension) -> \SystemRoot\System32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;Pilote USB audio (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Pilote parent générique USB Microsoft) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbfilter (@oem2.inf,%UsbFilter.SVCDESC%;AMD USB Filter Driver) -> \SystemRoot\System32\drivers\usbfilter.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Pilote de concentrateur standard USB Microsoft) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbvideo (@usbvideo.inf,%USBVideo.SvcDesc%;Périphérique vidéo USB (WDM)) -> \SystemRoot\System32\Drivers\usbvideo.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Wanarp (@%systemroot%\system32\rascfg.dll,-32011) -> \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WDC_SAM (@oem7.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver) -> \SystemRoot\System32\drivers\wdcsam64.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WIMMount (WIMMount) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinUsb (@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb) -> \SystemRoot\System32\drivers\WinUsb.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wpcfltr (Family Safety Filter Driver) -> system32\DRIVERS\wpcfltr.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WsAudio_Device (@oem12.inf,%MSFT%;WsAudio_Device) -> \SystemRoot\system32\drivers\VirtualAudio.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;Prise en charge de la numérisation WSD) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WUDFRd (@hidbthle.inf,%WudfRdDisplayName%;Windows Driver Foundation - User-mode Driver Framework Reflector) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WUDFWpdMtp () -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - MBAMSwissArmy (MBAMSwissArmy) -> \SystemRoot\System32\Drivers\mbamswissarmy.sys - AcceptPause: False - AcceptStop: True R4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: True S4 - [Kernel Driver] - secdrv (Security Driver) -> (?) - AcceptPause: False - AcceptStop: False R4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) [MD5.786BF08085ED64D5AA2CCEE34B572D32] - [16/03/2018 08:57:56] - (.Copyright 2018 RedFox - AnyDVD Filter Driver.) - [159.56 Ko] - (8.2.2.4) - C:\Windows\Syswow64\Drivers\AnyDVD.sys ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\4f85b8c9b80fe82b25e44a6c07e9fd07] : (.-.) -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC1] : (.-.) -> [HKU\S-1-5-21-324915258-2866797553-3726413251-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\10DBD048-433A-4BC3-951F-055296F077B3_is1] : (Diag version 0.10.1.0.-.Adlice Software) -> "C:\Program Files\Diag\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\44DC4D72-B2A8-430E-8590-0F7E126B3C0B_is1] : (CrashDumpExtractor version 2.4.0.0.-.Adlice Software) -> "C:\Program Files\CrashDumpExtractor\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8AB14857-1A45-4CEA-99DD-981290C87F06_is1] : (Advance PC-Care.-.efixmypc.com) -> "C:\Program Files\Advance PC-Care\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BitLocker Anywhere_is1] : (BitLocker Anywhere version 4.6.-.Hasleo Software.) -> "C:\Program Files\Hasleo\BitLocker Anywhere\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC0] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EasyUEFI_is1] : (EasyUEFI version 3.2.-.Hasleo Software.) -> "C:\Program Files\Hasleo\EasyUEFI\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\InstallSafe] : (InstallSafe.-.Corel Corporation) -> C:\Program Files\ReviverSoft\InstallSafe\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\maman kabylle] : (maman kabylle.-.Jean-Marie) -> "C:\Users\Jean-Marie\AppData\Local\maman kabylle\uninst.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PostgreSQL 9.5] : (PostgreSQL 9.5 .-.PostgreSQL Global Development Group) -> C:\Program Files\PostgreSQL\9.5\uninstall-postgresql.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Sevinst] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0FA995CC-C849-4755-B14B-5404CC75DC24}] : (Energy Star.-.Hewlett-Packard) -> MsiExec.exe /I{0FA995CC-C849-4755-B14B-5404CC75DC24} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{135781FB-026A-4164-838C-0C447783C32B}] : (Corel AfterShot Pro 3 - IPM x64.-.Corel Corporation) -> MsiExec.exe /I{135781FB-026A-4164-838C-0C447783C32B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2661F2FA-56A7-415D-8196-C4CB3D3ACFFE}_is1] : (DiskGenius 5.0.1.-.Eassos Co., Ltd.) -> "C:\Program Files\DiskGenius\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180181F0}] : (Java 8 Update 181 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180181F0} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2B482BD8-191A-4D79-8E8B-10AB97176A34}] : (Corel AfterShot Pro 3 - HDR x64.-.Corel Corporation) -> MsiExec.exe /I{2B482BD8-191A-4D79-8E8B-10AB97176A34} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}] : (AMD APP SDK Runtime.-.Advanced Micro Devices Inc.) -> MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}] : (AMD Catalyst Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{5F769CF4-5263-4C7B-AEB2-C06A73AE4428} REBOOT=ReallySuppress [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}] : (Backup and Sync from Google.-.Google, Inc.) -> MsiExec.exe /X{608EBDC6-D18A-4CF6-AD54-EE6B71D29065} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}] : (HP Postscript Converter.-.Hewlett-Packard) -> MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7A345D03-2C46-4483-855B-01C7C320600F}] : (calibre 64bit.-.Kovid Goyal) -> MsiExec.exe /I{7A345D03-2C46-4483-855B-01C7C320600F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7B4BD784-3685-4477-BF9A-8BC1D12F1F74}] : (3-Heights(TM) PDF Analysis & Repair.-.PDF Tools AG) -> MsiExec.exe /I{7B4BD784-3685-4477-BF9A-8BC1D12F1F74} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{85082869-BCD7-40ED-A119-DBA8A78C460F}] : (Corel AfterShot Pro 3 - IPM Content x64.-.Corel Corporation) -> MsiExec.exe /I{85082869-BCD7-40ED-A119-DBA8A78C460F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8DD5B1BF-E1BB-43DB-965C-DC6180A19518}_is1] : (Remo Repair MOV.-.Remo Software) -> "C:\Program Files\Remo Repair MOV 2.0\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{95841B8F-1C5A-45A7-BACF-0D5DA1D2090D}] : (Corel Update Manager.-.Corel corporation) -> MsiExec.exe /X{95841B8F-1C5A-45A7-BACF-0D5DA1D2090D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A7751F6E-C4A1-42D3-85E0-801486F170BF}] : (The Bat! v8.6.0 (64-bit).-.Ritlabs, SRL) -> MsiExec.exe /I{A7751F6E-C4A1-42D3-85E0-801486F170BF} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B1782967-E600-4BBD-B2F1-AEF3F2FE0A12}] : (DaVinci Resolve Panels.-.Blackmagic Design) -> MsiExec.exe /X{B1782967-E600-4BBD-B2F1-AEF3F2FE0A12} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}] : (Corel AfterShot Pro 3 - ICA x64.-.Corel Corporation) -> MsiExec.exe /I{B75B59C9-4E9F-4632-B70E-80A62BD91EA2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CD165528-A2CC-4EC3-BFF4-A4B0AAB11269}] : (DaVinci Resolve.-.Blackmagic Design) -> MsiExec.exe /X{CD165528-A2CC-4EC3-BFF4-A4B0AAB11269} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}] : (WinZip 22.0.-.Corel Corporation) -> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C24115} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}] : (HP Registration Service.-.Hewlett-Packard) -> MsiExec.exe /X{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA} ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FF7EE438-AD34-4E89-9ADE-F1792EC86016}] : (Corel AfterShot Pro 3 x64.-.Corel Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\3M(TM) Cloud Library PC App] : (3M(TM) Cloud Library PC App 1.50.-.3M) -> C:\Program Files (x86)\3M(TM) Cloud Library PC App\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced Date Time Calculator_is1] : (Advanced Date Time Calculator 9.0.-.TriSun Software Limited) -> "C:\Program Files (x86)\TSS\Advanced Date Time Calculator\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced Renamer_is1] : (Advanced Renamer.-.Hulubulu Software) -> "C:\Program Files (x86)\Advanced Renamer\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced SystemCare Ultimate_is1] : (Advanced SystemCare Ultimate 11.-.IObit) -> "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AnyDVD] : (AnyDVD.-.RedFox) -> "C:\Program Files (x86)\RedFox\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\RedFox\AnyDVD" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Baidu Antivirus] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BAV mini setup] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CEB9F3E9BD4E4FF1ACEB2370E55A36AC2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Compel install Adaptec WinASPI-4.6.0(1021)_is1] : (Compel Adaptec WinASPI.-.) -> "C:\Program Files (x86)\WinASPI\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CoreFTP] : (Core FTP LE.-.) -> "C:\Program Files (x86)\CoreFTP\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectFoldersAppID_is1] : (Direct Folders.-.Code Sector) -> "C:\Program Files (x86)\Direct Folders\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Exiland Backup Standard_is1] : (Exiland Backup Standard 4.9.-.Exiland Software) -> "C:\Exiland Backup Standard\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\format autodecliv & memtest huit six & combofix] : (format autodecliv & memtest huit six & combofix.-.Sel) -> "C:\Users\Jean-Marie\AppData\Local\format autodecliv & memtest huit six & combofix\uninst.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\format mobilemate & combofix] : (format mobilemate & combofix.-.Sel) -> "C:\Users\Jean-Marie\AppData\Local\format mobilemate & combofix\uninst.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Unlocker_is1] : (IObit Unlocker.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Unlocker\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\JetStartAppID_is1] : (JetStart 4.4 Freeware.-.Code Sector Inc.) -> "C:\Program Files (x86)\JetStart\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\likenewp'chiant] : (likenewp'chiant.-.Jean-Marie) -> "C:\Users\Jean-Marie\AppData\Local\likenewp'chiant\uninst.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\mmswitch] : (Morgan Stream Switcher.-.) -> "C:\Program Files (x86)\Morgan\mmswitch\uninst.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Moo0 RightClicker] : (Moo0 Clic Droit Pro 1.56.-.) -> C:\Program Files (x86)\Moo0\RightClicker Pro 1.56\uninstaller.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MyEpson Portal] : (MyEpson Portal.-.SEIKO EPSON Corporation) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVDA] : (NVDA.-.NV Access) -> C:\Program Files (x86)\NVDA\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDF-to-Excel 1.5 Demo] : (PDF-to-Excel 1.5 Demo.-.) -> C:\PROGRA~2\AVANQU~1\demos\UNWISE.EXE /U C:\PROGRA~2\AVANQU~1\demos\pdf2xls.log [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDF-to-HTML 1.1 Demo] : (PDF-to-HTML 1.1 Demo.-.) -> C:\PROGRA~2\AVANQU~1\demos\UNWISE.EXE /U C:\PROGRA~2\AVANQU~1\demos\pdf2htm.log [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDF-to-Word 3.1 Demo] : (PDF-to-Word 3.1 Demo.-.) -> C:\PROGRA~2\PDF-to-Word\demos\UNWISE.EXE /U C:\PROGRA~2\PDF-to-Word\demos\pdf2word.log [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SlimBoat] : (FlashPeak SlimBoat.-.FlashPeak Inc.) -> C:\Program Files (x86)\SlimBoat\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Smart Privacy Cleaner_is1] : (Smart Privacy Cleaner v2.0.-.Avanquest Software) -> "C:\Program Files (x86)\Smart Privacy Cleaner\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SoundCheck_is1] : (SoundCheck V3.0.-.PassMark Software) -> "C:\Program Files (x86)\SoundCheck\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TagScanner_is1] : (TagScanner 6.0.30.-.Sergey Serkov) -> "C:\Program Files (x86)\TagScanner\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VobSub] : (VobSub v2.23 (Remove Only).-.) -> "C:\Program Files (x86)\Gabest\VobSub\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Wise JetSearch_is1] : (Wise JetSearch 3.0.3.-.WiseCleaner.com, Inc.) -> "C:\Program Files (x86)\Wise\Wise JetSearch\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) -> MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10C16E01-F739-4093-89A7-E570589FA0F6}] : (SD Card Formatter.-.SD Association) -> MsiExec.exe /X{10C16E01-F739-4093-89A7-E570589FA0F6} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1] : (AnyMedia Player 3.4.4.-.cyan soft ltd) -> "C:\Program Files (x86)\AnyMedia Player\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2452C59D-5140-4A9A-A97F-B925390619E1}] : (Silent Install Builder 5.-.Aprel Tech, LLC) -> MsiExec.exe /X{2452C59D-5140-4A9A-A97F-B925390619E1} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216045FF}] : (Java(TM) 6 Update 45.-.Oracle) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216045FF} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E2526C8-51A8-F6EB-8289-6787E880CE27}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{30DF307D-A9BB-40CB-9AB5-A02E86BCC39B}] : (Citrix Receiver Inside.-.Citrix Systems, Inc.) -> MsiExec.exe /I{30DF307D-A9BB-40CB-9AB5-A02E86BCC39B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{315CD99C-61DC-081C-D05C-789C00DCAB1C}] : (Chromium.-.) -> "C:\Users\Jean-Marie\AppData\Local\{C4B6F2EA-E01E-9E52-8D86-BBBAA9EE4722}\uninst.exe" -P=/Uninstall /s /noun /DelSelfDir /sfl=0Czx1Y0U1B1P1C1B1Y0J1P1T1GtG0M1T1C1L1P1Y0A1E1E0D1T2Z1T1Y0L1F1R1T1I1Y2S0CyE0ByC0FtB0E0AtG0EtDtC0EtGzy0EyDtBtGzz0DzzyCtG0B0B0B0A0Azy0E0EyEyBtBtB2Q1Y1G1T1I1P2Z1L1Q1L /sfns=2StDtAzztA0DtByDtBtGtC0CyEtAtGtDzytDtBtGyByBtAzytGtC0ByC0EtC0D0B0FtDyBtB0D2Q [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED}] : (Dactylo Expert.-.Micro Application) -> MsiExec.exe /I{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3361D415-BA35-4143-B301-661991BA6219}] : (MyEpson Portal.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /I{3361D415-BA35-4143-B301-661991BA6219} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}] : (Paragon HFS+ for Windows.-.Paragon Software) -> MsiExec.exe /X{429D6E81-8E1E-42E6-8AB9-025DD9157F9B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{55CE8518-EEF9-4D00-A084-418AD02811E7}] : (Zinstall Backup 2.7.341.-.ZVT Inc.) -> MsiExec.exe /X{55CE8518-EEF9-4D00-A084-418AD02811E7} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5AD25D5C-C813-146B-4FB0-76561F7875B7}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5B4886EE-5A95-C257-A68F-2DCADE47A273}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}] : (NewsMailStudio.-.Ewaycom) -> MsiExec.exe /I{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F5ACD0C-A454-32A7-E206-EE89B1510128}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}] : (Epson Software Updater.-.Seiko Epson Corporation) -> MsiExec.exe /X{60A3CB9F-4429-4C7A-AA97-77CC4FE10671} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{67087BB4-19B4-C169-3E52-2BED796D8AB3}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6BF9F374-EC67-4808-A90C-F127DE6D989D}] : (Epson E-Web Print.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{6BF9F374-EC67-4808-A90C-F127DE6D989D} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}] : (Hewlett-Packard ACLM.NET v1.2.0.0.-.Hewlett-Packard Company) -> MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7474548C-E456-4818-8ED0-4A1F00EF77A1}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{7474548C-E456-4818-8ED0-4A1F00EF77A1} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{839D1577-5415-6C89-6642-515DFFE6432F}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.Seiko Epson Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9074000C-5331-4686-92D8-6C3066E99C63}] : (Studio Video Ultimate.-.Avanquest) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{983FEDDC-AD2E-48D5-8593-331D3B93407C}_is1] : (Online Video Recorder 3.4.4.-.cyan soft ltd) -> "C:\Program Files (x86)\Online Video Recorder\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9F205E94-9E42-4486-A92A-DF3F6CB85444}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{9F205E94-9E42-4486-A92A-DF3F6CB85444} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A666A6E7-3A51-E289-559B-BF3486036ABF}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABA39912-380C-0EF3-C820-868115EB1DAC}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824298644}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824298644} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC7A441A-353F-75F6-6ABA-3BF98161B530}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF599C42-A2E5-4251-B7EE-4925C1F7AE60}] : (Hotspot Shield 7.13.0.-.AnchorFree Inc.) -> MsiExec.exe /X{AF599C42-A2E5-4251-B7EE-4925C1F7AE60} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1] : (Spybot - Search & Destroy.-.Safer-Networking Ltd.) -> "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B6480ED1-448E-813B-4FE0-BED811D1C01F}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BDBF9803-B57C-AB2A-8830-CBED34703840}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BFDC3B26-7DB0-43D3-BC84-7E9649C157EA}_is1] : (Pegasun System Utilities.-.Pegasun) -> "C:\Program Files (x86)\Pegasun\SystemUtilities\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E8406BA9-5D47-4A62-08C3-759EA677229A}] : (AMD VISION Engine Control Center.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F193812F-83C0-3CED-1EDE-BE2525267303}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F243A34B-AB7F-4065-B770-B85B767C247C}] : (HP Connected Remote.-.Hewlett-Packard) -> MsiExec.exe /X{F243A34B-AB7F-4065-B770-B85B767C247C} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F5B72D9E-D86C-4002-BCF1-C2EDDEB1A661}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{F5B72D9E-D86C-4002-BCF1-C2EDDEB1A661} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F754BC24-2C04-F76E-C403-0175F0954560}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC62C740-2339-618C-467B-36CE6D409E5F}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Microsoft Specifications CheckID: EnterpriseCloud101{CD95F661-A5C4-44F5-A6AA-ECDD91C24115} - INSTALLENTERPRISE<>1 -> EnterpriseCloud ---------- | CLSID (Whitelist) [HKCR\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}] - (.-.) - C:\Windows\SysWow64\xvid.ax [05/06/2004 12:59:14] [HKCR\CLSID\{0062AFE3-170C-4BD6-8E9D-C68234E377E1}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{06BC398D-44FE-4E1C-98EE-94F0DD94BF0D}] - (.(c) Blackmagic Design. - Blackmagic Design DaVinci Panel API.) - C:\Program Files (x86)\Blackmagic Design\DaVinci Resolve Panels\API\DaVinciPanelAPI32.dll [24/04/2018 10:05:40] [HKCR\CLSID\{06E6F1FF-D93A-49D9-99D1-24B2897DAD55}] - (.(c) 2010 CyberLink Corp. - CyberLink Tzan Filter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\VideoFilter\CLTzan.ax [16/07/2012 11:29:46] [HKCR\CLSID\{0932B8A4-BBB4-4bc0-A8AB-91C626950C75}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{09AC4892-81B7-4d39-B235-8F0DB0DAF4F8}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{09D32393-10DA-4eca-91AA-AD11C69DB966}] - (.-.) - C:\Program Files (x86)\Norton Internet Security\Engine64\20.6.0.27\McStatus.dll [HKCR\CLSID\{0A9BD4EB-DED5-4DF0-BAF6-2CEA23F57261}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll [08/08/2012 11:12:30] [HKCR\CLSID\{0B8636A3-A059-4553-BF21-299505020607}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MATransform.dll [HKCR\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}] - (.License: MPL 1.1/GPL 2.0/LGPL 2.1 -.) - C:\Program Files (x86)\Netscape\Navigator 9\AccessibleMarshal.dll [14/09/2018 10:51:14] [HKCR\CLSID\{0E09660B-CA83-487f-A9DC-024B3BB6B271}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{106039BD-DF0D-410E-9596-4831941E600B}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MACustomSource.dll [HKCR\CLSID\{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Ticker.ax [08/08/2012 11:12:18] [HKCR\CLSID\{1159F2AF-F989-4d11-8B34-9550029269BB}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{117151a5-951b-477e-91a4-699c7d9d66a2}] - (.-.) - C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll [HKCR\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}] - (.-.) - %windir%\system32\btpanui.dll [HKCR\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}] - (.License: MPL 2 -.) - C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll [04/11/2018 12:47:23] [HKCR\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{1F77B17B-F531-44DB-ACA4-76ABB5010A28}] - (.Artem Izmaylov - Context Menu Extension.) - C:\Program Files (x86)\AIMP3\System\aimp_menu32.dll [13/09/2018 19:45:06] [HKCR\CLSID\{21CBFEC0-E728-420C-B4A4-A58AD2089ABA}] - (.-.) - C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll [HKCR\CLSID\{29B24532-6CE1-41BA-8BF0-F580EA174AF1}] - (.-.) - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKCR\CLSID\{2AFDF001-D91A-45FA-9282-CBCA612A3470}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MACustomSource.dll [HKCR\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}] - (.© 2000-2017 Disc Soft Ltd. - DAEMON Tools Pro.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll [19/01/2018 12:14:26] [HKCR\CLSID\{2DE5ADE5-A428-4ab6-8F9D-D6BDD2C4BAD1}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\VideoTextEffects.dll [HKCR\CLSID\{2FE8F810-B2A5-11d0-A787-0000F803ABFC}] - (.-.) - C:\Windows\system32\dplayx.dll [HKCR\CLSID\{30CB0B50-3F96-4414-8226-9DFD3219B2CC}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{318DF0E1-94A1-4dd2-8A6B-86C8317ED2B0}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{33BFB100-FC9D-4D43-B999-BAF5B1D43289}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\VideoResizerFast.ax [HKCR\CLSID\{34c219bd-85c1-4338-95e8-788a36901dc2}] - (.-.) - %windir%\System32\wpdwcn.dll [HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}] - (.CyberLink developed Filter. - CyberLink Matroska Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLMKVSplter.ax [16/07/2012 11:29:44] [HKCR\CLSID\{377D3E0F-D7BC-40F6-9D93-90F2DF0758CD}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MACustomSource.dll [HKCR\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{40966797-8FFE-46C8-9EF8-7003F33CCF0F}] - (.© 2000-2017 Disc Soft Ltd. - DAEMON Tools Pro.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll [19/01/2018 12:14:26] [HKCR\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{417BAB8B-9D22-4A88-9DA0-98C4AB6745D5}] - (.-.) - %windir%\System32\wpdwcn.dll [HKCR\CLSID\{4516EC43-8F20-11D0-9B6D-0000C0781BC3}] - (.-.) - C:\Windows\system32\d3dxof.dll [HKCR\CLSID\{451898E5-51BC-4d99-B019-065889299EB4}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{47B46FED-2816-4215-8C15-3B7BA3EBE927}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}] - (.CyberLink Corp. 2001 - CyberLink MPEG Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLSplter.ax [16/07/2012 11:29:44] [HKCR\CLSID\{4A6E162C-6F51-4956-86D0-A72729178B9B}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll [08/08/2012 11:12:30] [HKCR\CLSID\{4C8DD17E-7079-4c7e-96E5-A7AFDB12F132}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{511D48AF-9E45-4CB8-8F02-9C1BE4BC3CF8}] - (.(c) Peter Pawlowski. - foobar2000 shell extension.) - C:\Program Files (x86)\foobar2000\ShellExt32.dll [09/10/2017 12:59:26] [HKCR\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}] - (.-.) - %windir%\system32\acppage.dll [HKCR\CLSID\{517539A3-905F-4755-9F94-D91B095A07CC}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{52C550C6-067F-4BC8-98B2-0F0E91C10261}] - (.-.) - %windir%\system32\inetsrv\w3ctrlps.dll [HKCR\CLSID\{5872C980-0AAF-4cdb-A62D-4F453DA2EFAD}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{5DE7918B-BFD7-4C1E-B4E0-B16D0A3EA76B}] - (.-.) - C:\Windows\SysWOW64\AuthHostProxy.dll [HKCR\CLSID\{63D4B3B4-A4E1-4DE2-AF2F-AB658057184F}] - (.(c) QFX Software Corporation. - KeyScrambler Program DLL.) - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll [23/04/2017 04:17:22] [HKCR\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}] - (.-.) - C:\Windows\system32\audiodev.dll [HKCR\CLSID\{64697678-0000-0010-8000-00AA00389B71}] - (.-.) - C:\Windows\SysWow64\xvid.ax [05/06/2004 12:59:14] [HKCR\CLSID\{65A3CD37-3208-45B1-8F10-5F5BAD78DDD8}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{6691680C-8B1C-49ec-9254-8FFBE471C256}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{6735160D-E201-4e53-A673-D56B2CF1D1A2}] - (.-.) - C:\Program Files (x86)\Citrix\ICA Client\DVCRenderingAdapter.dll [HKCR\CLSID\{6ABB1C11-E261-4CEA-BBB5-3836225689DD}] - (.-.) - C:\Program Files (x86)\Zemana AntiLogger\ZAMShellExt32.dll [04/10/2018 13:30:34] [HKCR\CLSID\{6C884260-DD25-45e1-9613-68A527B5A773}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\VideoTextEffects.dll [HKCR\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}] - (.©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. -.) - C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll [13/09/2018 09:47:26] [HKCR\CLSID\{79BA9E00-B6EE-11D1-86BE-00C04FBF8FEF}] - (.-.) - C:\Windows\System32\dmband.dll [HKCR\CLSID\{7B6B1AE2-F79D-4505-A7AD-0278088C0DA4}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\VideoResizerFast.ax [HKCR\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{854F4628-CE51-42C4-80E9-80DAE27FAAAE}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll [08/08/2012 11:12:30] [HKCR\CLSID\{86E3101B-A2D5-4EEE-83C6-38621B4C8219}] - (.-.) - C:\Program Files (x86)\Citrix\ICA Client\DVCRenderingAdapter.dll [HKCR\CLSID\{871722EA-997E-4277-B1F0-C2CB37D2E585}] - (.© Solvusoft Corporation 2011-12, Portions (C) Systweak Inc. - SupersonicPC - Secure Delete Shell extension.) - C:\Program Files (x86)\SupersonicPC\SolvusoftWMSecureShell.dll [30/10/2018 14:48:11] [HKCR\CLSID\{8EBBAF1B-D8F1-42AC-933F-F989393CB02E}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MACustomSource.dll [HKCR\CLSID\{9E665ED7-958C-410C-9C56-05DA783E7933}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll [08/08/2012 11:12:30] [HKCR\CLSID\{A52F0030-0ABA-4c30-9FE4-99EF77278A59}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MATransform.dll [HKCR\CLSID\{A5415364-784A-41A5-B47A-D452909CA8FF}] - (.© 2000-2017 Disc Soft Ltd. - DAEMON Tools Pro.) - C:\Program Files\DAEMON Tools Pro\DTShl32.dll [19/01/2018 12:14:26] [HKCR\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}] - (.-.) - %windir%\system32\btpanui.dll [HKCR\CLSID\{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7}] - (.-.) - C:\Program files\TeraCopy\TeraCopy.dll [13/10/2018 06:00:45] [HKCR\CLSID\{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7}] - (.-.) - C:\PROGRA~1\TeraCopy\TeraCopyExt.dll [13/10/2018 06:00:46] [HKCR\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{AEFBE8A0-A809-460D-9230-1BBCBFDA8CCC}] - (.(c) Blackmagic Design. - Blackmagic Design DaVinci Panel API.) - C:\Program Files (x86)\Blackmagic Design\DaVinci Resolve Panels\API\DaVinciPanelAPI32.dll [24/04/2018 10:05:40] [HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] - (.-.) - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}] - (.(c) 2010 CyberLink Corp. - CyberLink Tzan Filter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\VideoFilter\CLTzan.ax [16/07/2012 11:29:46] [HKCR\CLSID\{BC08AF6C-63AB-4E43-A774-04BCA4879810}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\PSIParser.dll [HKCR\CLSID\{BF5A7FAA-57D1-4FCF-88C1-B9D65A6AF11D}] - (.-.) - C:\Program Files (x86)\Google\Update\1.3.33.7\psmachine.dll [HKCR\CLSID\{C50DD3BE-D578-4BD6-AB5E-C7B4DC1D1F49}] - (.-.) - C:\Program Files (x86)\Citrix\ICA Client\DVCRenderingAdapter.dll [HKCR\CLSID\{C64501F6-E6E6-451f-A150-25D0839BC510}] - (.-.) - C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll [26/07/2012 00:30:44] [HKCR\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{D079AB30-7317-4AE5-960B-F836E08493CD}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MAImageSource.dll [HKCR\CLSID\{D1EB6D20-8923-11d0-9D97-00A0C90A43CB}] - (.-.) - C:\Windows\system32\dplayx.dll [HKCR\CLSID\{D2AC2894-B39B-11D1-8704-00600893B1BD}] - (.-.) - C:\Windows\System32\dmband.dll [HKCR\CLSID\{D3075F87-A7BD-4231-9F6A-60C5E07374A7}] - (.-.) - %windir%\system32\acppage.dll [HKCR\CLSID\{DA50A963-4BB0-4257-8571-3016126133BB}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{DAA92564-78C8-40A3-96D2-9115A76B8F29}] - (.-.) - %windir%\System32\wpdwcn.dll [HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}] - (.CyberLink Corp. 2004 - CyberLink MPEG-4 Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\clm4splt.ax [16/07/2012 11:29:44] [HKCR\CLSID\{DC89B497-3131-44A7-884E-BD1A57AB7863}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\PSIParser.dll [HKCR\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}] - (.License: MPL 2 -.) - C:\Program Files (x86)\Mozilla Firefox\AccessibleHandler.dll [04/11/2018 12:47:23] [HKCR\CLSID\{DE7371F4-4CCD-47cd-B12B-8887C9125895}] - (.-.) - C:\Windows\system32\LVUI2.dll [HKCR\CLSID\{E0D79304-84BE-11CE-9641-444553540000}] - (.(c) 1991-2017 Corel Corporation - WinZip Shell Extension DLL.) - C:\Program Files\WinZip\wzshlstb.dll [02/11/2017 22:00:00] [HKCR\CLSID\{E0D79305-84BE-11CE-9641-444553540000}] - (.(c) 1991-2017 Corel Corporation - WinZip Shell Extension DLL.) - C:\Program Files\WinZip\wzshlstb.dll [02/11/2017 22:00:00] [HKCR\CLSID\{E0D79306-84BE-11CE-9641-444553540000}] - (.(c) 1991-2017 Corel Corporation - WinZip Shell Extension DLL.) - C:\Program Files\WinZip\wzshlstb.dll [02/11/2017 22:00:00] [HKCR\CLSID\{E0D79307-84BE-11CE-9641-444553540000}] - (.(c) 1991-2017 Corel Corporation - WinZip Shell Extension DLL.) - C:\Program Files\WinZip\wzshlstb.dll [02/11/2017 22:00:00] [HKCR\CLSID\{E57471C6-CC72-4E5C-B446-1DCFC9D85341}] - (.-.) - C:\Program Files (x86)\Citrix\ICA Client\DVCRenderingAdapter.dll [HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll [HKCR\CLSID\{e8cc4cbf-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll [HKCR\CLSID\{EA847F47-97F1-4D78-AB99-C63CA1C327F0}] - (.-.) - C:\Program Files (x86)\Glarysoft\Malware Hunter\MHContextHandler.dll [HKCR\CLSID\{EB570ABF-BD2A-4cad-90C9-F1ADCCBB2CFB}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MAFilters.dll [HKCR\CLSID\{EBF2320A-2502-11D3-8BD1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{ECE4507C-C47F-456b-8D60-848140F0B930}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MADynamicEffects.dll [HKCR\CLSID\{F0026883-0E85-4F0D-BA53-DD3D3B8B532E}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MACustomSource.dll [HKCR\CLSID\{F75A7741-2698-11E1-8693-B8AC6F1D23E2}] - (.-.) - C:\Program Files (x86)\Avanquest\SystemSuite\FileExtensionManager.dll [HKCR\CLSID\{F8D7B386-F083-4f74-82A0-01A7B7806FE9}] - (.-.) - C:\Program Files (x86)\Avanquest\Video Explosion Ultimate\MAAudioEffects.dll [HKCR\CLSID\{FABD6EA5-AE10-4E7A-B83B-5F07ACC84214}] - (.-.) - %windir%\System32\wpdwcn.dll [HKCR\CLSID\{FB99D700-18B9-11D0-A4CF-00A024C91936}] - (.-.) - C:\Program Files (x86)\Common Files\Borland Shared\BDE\idsql32.dll [10/05/2001 16:00:00] [HKCR\CLSID\{FB99D710-18B9-11D0-A4CF-00A024C91936}] - (.-.) - C:\Program Files (x86)\Common Files\Borland Shared\BDE\idapi32.dll [10/05/2001 16:00:00] ---------- | Installer [HKCR\Installer\Products\047C26CF9332C81664B763ECD604E9F5] : CCC Help Portuguese -> c:\windows\Installer\{FC62C740-2339-618C-467B-36CE6D409E5F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0694AF70830BBE9498B1F95939A05A44] : HP Customer Experience Enhancements -> C:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe [HKCR\Installer\Products\08C406FBAE50CCD4BB2733BA648A969C] : [HKCR\Installer\Products\0B8F248F2496039428F145E379B6C266] : MSVCRT110_amd64 [HKCR\Installer\Products\0DA3CAEF620136F4AAFA5EFC4F22CBDC] : [HKCR\Installer\Products\0DDFD8EF345A38A47B9A4C113118495D] : Galerie de photos [HKCR\Installer\Products\0E5F85E2FE5BC448B581C4128F00AC6D] : ccc-utility64 -> c:\windows\Installer\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\10E61C01937F3904987A5E0785F90A6F] : SD Card Formatter -> C:\Windows\Installer\{10C16E01-F739-4093-89A7-E570589FA0F6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\166F59DC4C5A5F446AAACEDD192C1451] : WinZip 22.0 -> C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C24115}\ARPPRODUCTICON.exe [HKCR\Installer\Products\18E6D924E1E86E24A89B20D59D51F7B9] : Paragon HFS+ for Windows -> C:\Windows\Installer\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}\HFS4Win.ico [HKCR\Installer\Products\19CF135DE4F67A949B215182D9506B8F] : Photo Common [HKCR\Installer\Products\1DE0846BE844B318F40EEB8D111D0CF1] : CCC Help French -> c:\windows\Installer\{B6480ED1-448E-813B-4FE0-BED811D1C01F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\21993ABAC0833FE08C02681851BED1CA] : Catalyst Control Center InstallProxy -> c:\windows\Installer\{ABA39912-380C-0EF3-C820-868115EB1DAC}\ARPPRODUCTICON.exe [HKCR\Installer\Products\24C995FA5E2A15247BEE94521C7FEA06] : Hotspot Shield 7.13.0 [HKCR\Installer\Products\2FCC6D4EFAA0C9B4D95E98E3CDB9B4AA] : HP Registration Service -> c:\windows\Installer\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3089FBDBC75BA2BA8803BCDE43078304] : Catalyst Control Center Graphics Previews Common -> c:\windows\Installer\{BDBF9803-B57C-AB2A-8830-CBED34703840}\ARPPRODUCTICON.exe [HKCR\Installer\Products\30D543A764C2384458B5107C3C0206F0] : calibre 64bit -> C:\Windows\Installer\{7A345D03-2C46-4483-855B-01C7C320600F}\main_icon [HKCR\Installer\Products\32F7D401414AD6EE13E50AC77BA5EDEE] : CCC Help English -> c:\windows\Installer\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3D34F407122B97348A8753D5EF0DCFB2] : [HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : Media Suite -> c:\windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42CB457F40C2E67F4C3010570F595406] : CCC Help Chinese Standard -> c:\windows\Installer\{F754BC24-2C04-F76E-C403-0175F0954560}\ARPPRODUCTICON.exe [HKCR\Installer\Products\473F9FB676CE80849AC01F72EDD689D9] : Epson E-Web Print -> C:\Windows\Installer\{6BF9F374-EC67-4808-A90C-F127DE6D989D}\icon.exe [HKCR\Installer\Products\476F72FFE1282AB489B5DD5F932CDC30] : HP Support Assistant -> C:\windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\ARPPRODUCTICON.exe [HKCR\Installer\Products\487DB4B758637744FBA9B81C1DF2F147] : 3-Heights(TM) PDF Analysis & Repair -> C:\Windows\Installer\{7B4BD784-3685-4477-BF9A-8BC1D12F1F74}\pdf_tools.ico [HKCR\Installer\Products\49E502F924E968449AA2FDF3C68B4544] : Epson Event Manager -> C:\Windows\Installer\{9F205E94-9E42-4486-A92A-DF3F6CB85444}\icon.exe [HKCR\Installer\Products\4B4FA6E101901284BC028FDFA70AC9BC] : CCC Help Russian -> c:\windows\Installer\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4BB780764B91961CE325B2DE97D6A83B] : CCC Help Swedish -> c:\windows\Installer\{67087BB4-19B4-C169-3E52-2BED796D8AB3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF238120654FF] : Java(TM) 6 Update 45 [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110180F] : Java 8 Update 181 (64-bit) -> C:\Program Files\Java\jre1.8.0_181\\bin\javaws.exe [HKCR\Installer\Products\4F74DB53B91CF474AACC8E0CEB8341A8] : Photo Common [HKCR\Installer\Products\4FC967F53625B7C4EA2B0CA637EA4482] : AMD Catalyst Install Manager -> c:\windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\ARPPRODUCTICON.exe [HKCR\Installer\Products\514D163353AB34143B10669119AB2691] : MyEpson Portal [HKCR\Installer\Products\5173F3A735977424B8C5D53050B0E99A] : [HKCR\Installer\Products\51E3D52DDBACc0246BC2071C5CEE36DF] : [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\68AB67CA408033019195008142926844] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824298644}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6CDBE806A81D6FC4DA45EEB6172D0956] : Backup and Sync from Google -> C:\Windows\Installer\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}\DriveIcon [HKCR\Installer\Products\6D6E41E65713A1E49B43AC5B8A3676DC] : HP Postscript Converter [HKCR\Installer\Products\6FA2FD396354D2D42A9BD60954CF3BEE] : [HKCR\Installer\Products\6FB31B48FA7FE891E077CD4A20B7D991] : CCC Help Japanese -> c:\windows\Installer\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}\ARPPRODUCTICON.exe [HKCR\Installer\Products\71A2CFBF50C829F42A9A32C6156DE255] : [HKCR\Installer\Products\7692871B006EDBB42B1FEA3F2FEFA021] : DaVinci Resolve Panels -> C:\Windows\Installer\{B1782967-E600-4BBD-B2F1-AEF3F2FE0A12}\Icon.ico [HKCR\Installer\Products\7751D938514598C6662415D5FF6E34F2] : CCC Help Czech -> c:\windows\Installer\{839D1577-5415-6C89-6642-515DFFE6432F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10 [HKCR\Installer\Products\7CF988168379A934693B71FA89B1DDFE] : Movie Maker [HKCR\Installer\Products\7E6A666A15A3982E55B9FB436830A6FB] : CCC Help Turkish -> c:\windows\Installer\{A666A6E7-3A51-E289-559B-BF3486036ABF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\81685BD51207056CEEA885DCF1AA599F] : CCC Help Thai -> c:\windows\Installer\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\834EE7FF43DA98E4A9ED1F97E28C0661] : Corel AfterShot Pro 3 x64 -> c:\Windows\Installer\{FF7EE438-AD34-4E89-9ADE-F1792EC86016}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8A0AC2C8BA1EBE14CB8A60085B2D2C29] : [HKCR\Installer\Products\8A120EE51D018EC468979E2F83D6FFD1] : NewsMailStudio -> C:\Windows\Installer\{5EE021A8-10D1-4CE8-8679-E9F2386DFF1D}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\8C1B7B2BB8C7C674EBC24079135C9529] : HP Support Information [HKCR\Installer\Products\8C6252E28A15BE6F289876788E08EC72] : Catalyst Control Center Localization All -> c:\windows\Installer\{2E2526C8-51A8-F6EB-8289-6787E880CE27}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110 [HKCR\Installer\Products\8DB284B2A19197D4E8B801BA7971A643] : Corel AfterShot Pro 3 - HDR x64 -> c:\Windows\Installer\{2B482BD8-191A-4D79-8E8B-10AB97176A34}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8F55E2B98AB554A46928CA6B2FCCD05A] : Photo Gallery [HKCR\Installer\Products\968280587DCBDE041A91BD8A7AC864F0] : Corel AfterShot Pro 3 - IPM Content x64 -> c:\Windows\Installer\{85082869-BCD7-40ED-A119-DBA8A78C460F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9AB6048E74D526A4803C57E96A7722A9] : AMD VISION Engine Control Center -> c:\windows\Installer\{E8406BA9-5D47-4A62-08C3-759EA677229A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9BB40EA6554ADE618560CDBF1B54506D] : CCC Help Dutch -> c:\windows\Installer\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9BEBFD6755E96CC89BA9C9FECA75A3F1] : CCC Help Spanish -> c:\windows\Installer\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9C95B57BF9E423647BE0086AB29DE12A] : Corel AfterShot Pro 3 - ICA x64 -> c:\Windows\Installer\{B75B59C9-4E9F-4632-B70E-80A62BD91EA2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A144A7CAF3536F57A6ABB39F18165B03] : CCC Help Greek -> c:\windows\Installer\{AC7A441A-353F-75F6-6ABA-3BF98161B530}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT [HKCR\Installer\Products\ABBCF423BED48FE469CE41A5BFAD99DE] : Dactylo Expert -> C:\Windows\Installer\{324FCBBA-4DEB-4EF8-96EC-145AFBDA99ED}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\Windows\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO [HKCR\Installer\Products\B43A342FF7BA56047B078BB567C742C7] : HP Connected Remote -> c:\windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\BA0A2B44E214C8F40B851D8EEACCFD5F] : PowerRecover -> c:\windows\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BF187531A620461438C8C04477383CB2] : Corel AfterShot Pro 3 - IPM x64 -> c:\Windows\Installer\{135781FB-026A-4164-838C-0C447783C32B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BFCE53DD59C5B893ACAF5B8E8831363C] : CCC Help Italian -> c:\windows\Installer\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C000470913356864298DC603669EC936] : Studio Video Ultimate [HKCR\Installer\Products\C0DCA5F5454A7A232E60EE981B151082] : CCC Help Danish -> c:\windows\Installer\{5F5ACD0C-A454-32A7-E206-EE89B1510128}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C5D52DA5318CB641F40B6765F187577B] : CCC Help Hungarian -> c:\windows\Installer\{5AD25D5C-C813-146B-4FB0-76561F7875B7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C8454747654E8184E80DA4F100FE771A] : Catalyst Control Center - Branding -> c:\windows\Installer\{7474548C-E456-4818-8ED0-4A1F00EF77A1}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> c:\windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CC599AF0948C55741BB44540CC57CD42] : Energy Star -> c:\windows\Installer\{0FA995CC-C849-4755-B14B-5404CC75DC24}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\CD71EB902D9582DF73D1CD0EEA67EC57] : CCC Help Korean -> c:\windows\Installer\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D276F30548C6A844F8F8B43CA58C4314] : AMD APP SDK Runtime -> c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D703FD03BB9ABC04A95B0AE268CB3CB9] : Citrix Receiver Inside [HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E] : Power2Go -> c:\windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D85C4CB1627DB271ADC2BB6EEAD5BE67] : CCC Help Finnish -> c:\windows\Installer\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D95C25420415A9A49AF79B529360911E] : Silent Install Builder 5 -> C:\Windows\Installer\{2452C59D-5140-4A9A-A97F-B925390619E1}\app_icon.ico [HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> c:\windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E3B8D0C40F363774385F5C7B97B5F08B] : Photo Gallery [HKCR\Installer\Products\E45CB17D6E4A60E468C6DFE61EE61A78] : Movie Maker [HKCR\Installer\Products\E6F1577A1A4C3D24580E0841681F07FB] : The Bat! v8.6.0 (64-bit) -> C:\Windows\Installer\{A7751F6E-C4A1-42D3-85E0-801486F170BF}\TheBatIcon [HKCR\Installer\Products\E9D27B5FC68D2004CB1F2CDEED1B6A16] : Adobe AIR [HKCR\Installer\Products\EB3FC7A1A4D0FD33FD9D284478273656] : CCC Help German -> c:\windows\Installer\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EE6884B559A5752C6AF8D2ACED742A37] : CCC Help Norwegian -> c:\windows\Installer\{5B4886EE-5A95-C257-A68F-2DCADE47A273}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F218391F0C38DEC3E1EDEB5252623730] : CCC Help Chinese Traditional -> c:\windows\Installer\{F193812F-83C0-3CED-1EDE-BE2525267303}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F4BED0A761E77144F82A752D8226F1A1] : [HKCR\Installer\Products\F5ED6BFBAEB9BBF15348C28736C95EA9] : CCC Help Polish -> c:\windows\Installer\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater [HKCR\Installer\Products\F64E64890E70FDB489A53EBF8A1C8577] : Movie Maker [HKCR\Installer\Products\F8B14859A5C17A54ABFCD0D51A2D90D0] : Corel Update Manager -> c:\Windows\Installer\{95841B8F-1C5A-45A7-BACF-0D5DA1D2090D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F9BC3A069244A7C4AA7977CCF41E6017] : Epson Software Updater -> C:\Windows\Installer\{60A3CB9F-4429-4C7A-AA97-77CC4FE10671}\icon.ico ---------- | ADS ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Échec de la procédure d’ouverture pour le service « usbhub » dans la DLL « C:\Windows\system32\usbperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Impossible de lire la valeur « First Counter » sous la clé usbperf\Performance. Les codes d’état sont renvoyés dans les données. ------------ Échec de la procédure d’ouverture pour le service « RemoteAccess » dans la DLL « C:\Windows\System32\rasctrs.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\Windows\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante firefox.exe, version : 64.0.0.6857, horodatage : 0x5bbde0d5 Nom du module défaillant : firefox.exe, version : 64.0.0.6857, horodatage : 0x5bbde0d5 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000000026ea ID du processus défaillant : 0x10cc Heure de début de l’application défaillante : 0x01d47433adefe625 Chemin d’accès de l’application défaillante : C:\Program Files\Firefox Nightly\firefox.exe Chemin d’accès du module défaillant: C:\Program Files\Firefox Nightly\firefox.exe ID de rapport : ec80f675-e026-11e8-beae-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Impossible de lire la valeur « First Counter » sous la clé usbperf\Performance. Les codes d’état sont renvoyés dans les données. ------------ Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance en raison de l’erreur suivante : L’opération a réussi. 0x0. ------------ Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur. Contexte : Application , Catalogue SystemIndex ------------ Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur. ------------ Nom de l’application défaillante opera_crashreporter.exe, version : 56.0.3051.52, horodatage : 0x5bc655d0 Nom du module défaillant : ntdll.dll, version : 6.2.9200.17581, horodatage : 0x5644f0f7 Code d’exception : 0xc000012d Décalage d’erreur : 0x00000000000e1e80 ID du processus défaillant : 0x1a00 Heure de début de l’application défaillante : 0x01d4738fbc9c2a5f Chemin d’accès de l’application défaillante : C:\Users\Jean-Marie\AppData\Local\Programs\Opera\56.0.3051.52\opera_crashreporter.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 74bb0ea8-e020-11e8-bead-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ .NET Runtime version 2.0.50727.6421 - Erreur irrécupérable du moteur d'exécution (000007F9832BA2F7) (800703e9) ------------ Nom de l’application défaillante opera.exe, version : 56.0.3051.52, horodatage : 0x5bc67322 Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16864, horodatage : 0x531d34d8 Code d’exception : 0xe0000008 Décalage d’erreur : 0x0000000000047b8c ID du processus défaillant : 0xb58 Heure de début de l’application défaillante : 0x01d47385278d809f Chemin d’accès de l’application défaillante : C:\Users\Jean-Marie\AppData\Local\Programs\Opera\56.0.3051.52\opera.exe Chemin d’accès du module défaillant: C:\Windows\system32\KERNELBASE.dll ID de rapport : 93fb5999-df7f-11e8-bead-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de la procédure d’ouverture pour le service « usbhub » dans la DLL « C:\Windows\system32\usbperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Impossible de lire la valeur « First Counter » sous la clé usbperf\Performance. Les codes d’état sont renvoyés dans les données. ------------ Échec de la procédure d’ouverture pour le service « RemoteAccess » dans la DLL « C:\Windows\System32\rasctrs.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\Windows\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Nom de l’application défaillante Explorer.EXE, version : 6.2.9200.16628, horodatage : 0x51a94434 Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16864, horodatage : 0x531d34d8 Code d’exception : 0xc06d007e Décalage d’erreur : 0x0000000000047b8c ID du processus défaillant : 0x1008 Heure de début de l’application défaillante : 0x01d470e61db1086b Chemin d’accès de l’application défaillante : C:\Windows\Explorer.EXE Chemin d’accès du module défaillant: C:\Windows\system32\KERNELBASE.dll ID de rapport : 12ddc4de-df60-11e8-bead-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante explorer.exe, version : 6.2.9200.16628, horodatage : 0x51a94434 Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16864, horodatage : 0x531d34d8 Code d’exception : 0xc06d007e Décalage d’erreur : 0x0000000000047b8c ID du processus défaillant : 0x1bcc Heure de début de l’application défaillante : 0x01d47367986d7a58 Chemin d’accès de l’application défaillante : C:\Windows\explorer.exe Chemin d’accès du module défaillant: C:\Windows\system32\KERNELBASE.dll ID de rapport : 437fce01-df5b-11e8-bead-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante explorer.exe, version : 6.2.9200.16628, horodatage : 0x51a94434 Nom du module défaillant : SHELL32.dll, version : 6.2.9200.17464, horodatage : 0x55bafbe0 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000624199 ID du processus défaillant : 0x1230 Heure de début de l’application défaillante : 0x01d4734d70eaac1c Chemin d’accès de l’application défaillante : C:\Windows\explorer.exe Chemin d’accès du module défaillant: C:\Windows\system32\SHELL32.dll ID de rapport : 50c97ed6-df59-11e8-bead-4c72b9f956a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ----------( EOF)---------- - 7648 | 13:37:58