--------------- QuickDiag | g3n-h@ckm@n | V5_29.10.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 14/04/2020 12:55:33

Updated 29/10/2019 | 06:45 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[NathalieLynnloTorres (Administrator)] - [KNT_UDIAP3AAUDA] (S-1-5-21-2775032808-3154049738-94599714-1001)

System: Microsoft Windows 8 - - (6.2.9200) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8|C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB
Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics
8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009
CoreTemp : ? Celsius

----------| Extended


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001

---------- | Video

AMD Radeon HD 7310 Graphics - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184
Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6268 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26112 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15360 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15360 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 79872 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

---------- | Memory

RAM = Total (MB) : 3748 | Free (MB) : 948
Pagefile = Total (MB) : 4550 | Free (MB) : 569
Virtual = Total (MB) : 4194 | Free (MB) : 3897

Physical Memory (MB)
--------------------
Total:     3659
Available: 925
Cached:    1031
Free:      459

Kernel Memory (MB)
------------------
Paged:     328
Nonpaged:  131

System
------
Handles:   40914
Processes: 94
Threads:   1488

---------- | SID Users

Administrateur : [S-1-5-21-2775032808-3154049738-94599714-500]
bosch pinnacle romai : [S-1-5-21-2775032808-3154049738-94599714-1007]
france2 rainu seurin : [S-1-5-21-2775032808-3154049738-94599714-1009]
HomeGroupUser$ : [S-1-5-21-2775032808-3154049738-94599714-1003]
Invité : [S-1-5-21-2775032808-3154049738-94599714-501]
kevin josiane sandra : [S-1-5-21-2775032808-3154049738-94599714-1004]
kone thyssenkrupp sc : [S-1-5-21-2775032808-3154049738-94599714-1005]
muvee romain ava : [S-1-5-21-2775032808-3154049738-94599714-1006]
NathalieLynnloTorres : [S-1-5-21-2775032808-3154049738-94599714-1001]
timofache non securi : [S-1-5-21-2775032808-3154049738-94599714-1008]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
HomeUsers : [S-1-5-21-2775032808-3154049738-94599714-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-2775032808-3154049738-94599714-1000]

---------- | Drives

C:\ -> [Fixed] | [OS] | Total : 683.39 Go | Free : 556.27 Go -> NTFS [SATA]
D:\ -> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.27 Go -> NTFS [SATA]
E:\ -> [Removable] | [future wdet] | Total : 59.5 Go | Free : 1.57 Go -> exFAT [USB]
F:\ -> [CDROM] | [Recovery33] | Total : 3.2 Go | Free : 0 Go -> UDF [SATA]
G:\ -> [Removable] | [VERBATIM] | Total : 29.28 Go | Free : 21.62 Go -> FAT32 [USB]
H:\ -> [Removable] | [SANDISK CON] | Total : 119.06 Go | Free : 0.41 Go -> exFAT [USB]
I:\ -> [Removable] | [SAND MEMTES] | Total : 14.26 Go | Free : 0.77 Go -> FAT32 [USB]
J:\ -> [Removable] | [FORENS OU C] | Total : 3.86 Go | Free : 0.16 Go -> FAT32 [USB]

Drive: 0
Cylinders: 121601
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 1000204886016 bytes

Drive: 1
Cylinders: 15543
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 127848677376 bytes

Drive: 2
Cylinders: 7767
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 63886589952 bytes

Drive: 3
Cylinders: 3824
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 31457280000 bytes

Drive: 4
Cylinders: 1869
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 15376000000 bytes

Drive: 5
Cylinders: 1886
Tracks per Cylinder: 255
Sectors per Track: 63
Bytes per Sector: 512
Total Space: 15518924800 bytes


---------- | Windows updates - Activation - License


W.A.T : :)

Last detection : 2020-04-13 14:57:16
Downloaded last ones : 2020-04-14 07:21:31
Installed last ones : 2020-04-14 05:19:34
Next search : 2020-04-14 12:41:37

Windows 8.1 not installed !!!

Test 1 : Windows Is Activated

Volume License


---------- | Browsers

IE : 10.0.9200.16384     (© Microsoft Corporation. Tous droits réservés.)

Default : "C:\Program Files\Internet Explorer\iexplore.exe" 

---------- | FlashPlayer

FlashPlayer ActiveX : 11.3.372.94

---------- | Security

AV : Windows Defender Disabled
AS : Norton Internet Security Enabled
FW : Norton Internet Security Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

312 | [Owner : Système | Parent : 4(System) | 0.94 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.2.9200.16384) = C:\Windows\System32\smss.exe     [26/07/2012 07:26:45]    CPU Usage:0 %
452 | [Owner : Système | Parent : 444() | 4.06 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.2.9200.16384) = C:\Windows\System32\csrss.exe     [26/07/2012 07:26:45]    CPU Usage:0 %
536 | [Owner : Système | Parent : 444() | 3.72 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.2.9200.16384) = C:\Windows\System32\wininit.exe     [26/07/2012 02:03:20]    CPU Usage:0 %
552 | [Owner : Système | Parent : 544() | 8.77 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.2.9200.16384) = C:\Windows\System32\csrss.exe     [26/07/2012 07:26:45]    CPU Usage:0 %
596 | [Owner : Système | Parent : 536(wininit.exe) | 8.85 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.2.9200.16420) = C:\Windows\System32\services.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
620 | [Owner : Système | Parent : 544() | 4.77 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.2.9200.16420) = C:\Windows\System32\winlogon.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
648 | [Owner : Système | Parent : 536(wininit.exe) | 11.93 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.2.9200.16420) = C:\Windows\System32\lsass.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
752 | [Owner : Système | Parent : 596(services.exe) | 9.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
804 | [Owner : SERVICE RÉSEAU | Parent : 596(services.exe) | 7.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
868 | [Owner : Système | Parent : 596(services.exe) | 3.05 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1126) = C:\Windows\System32\atiesrxx.exe     [29/08/2012 10:10:20]    CPU Usage:0 %
900 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 32.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
960 | [Owner : DWM-1 | Parent : 620(winlogon.exe) | 4.91 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.2.9200.16420) = C:\Windows\System32\dwm.exe     [05/03/2013 10:02:00]    CPU Usage:0 %
944 | [Owner : Système | Parent : 596(services.exe) | 37.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
412 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 19.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
584 | [Owner : Système | Parent : 868(atiesrxx.exe) | 5.82 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe     [29/08/2012 10:10:15]    CPU Usage:0 %
556 | [Owner : Système | Parent : 596(services.exe) | 67.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:4 %
1108 | [Owner : SERVICE RÉSEAU | Parent : 596(services.exe) | 14.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
1244 | [Owner : Système | Parent : 596(services.exe) | 9.68 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) = C:\Windows\System32\spoolsv.exe     [26/07/2012 01:27:46]    CPU Usage:0 %
1336 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 23.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
1472 | [Owner : Système | Parent : 596(services.exe) | 6.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
1492 | [Owner : Système | Parent : 596(services.exe) | 4.71 Mo] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe     [31/08/2011 01:05:32]    CPU Usage:0 %
1568 | [Owner : SERVICE LOCAL | Parent : 556(svchost.exe) | 12.44 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\dasHost.exe     [26/07/2012 04:06:14]    CPU Usage:0 %
1620 | [Owner : Système | Parent : 596(services.exe) | 14.13 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool ShadowMaker\AgentService.exe     [12/04/2020 18:46:32]    CPU Usage:0 %
1680 | [Owner : Système | Parent : 596(services.exe) | 8.32 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe     [12/04/2020 18:47:22]    CPU Usage:0 %
1748 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 6.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
1792 | [Owner : Système | Parent : 596(services.exe) | 40.47 Mo] - (.- SPWindowsService.) - (1.0.0.0) = C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe     [12/04/2020 18:53:50]    CPU Usage:0 %
980 | [Owner : SERVICE RÉSEAU | Parent : 752(svchost.exe) | 14.32 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe     [26/07/2012 04:36:07]    CPU Usage:0 %
2260 | [Owner : SERVICE RÉSEAU | Parent : 596(services.exe) | 4.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
2320 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 12.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
2404 | [Owner : SERVICE LOCAL | Parent : 556(svchost.exe) | 5.54 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe     [26/07/2012 03:00:55]    CPU Usage:0 %
2716 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 11.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
2864 | [Owner : Système | Parent : 752(svchost.exe) | 5.92 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.2.9200.16384) = C:\Windows\System32\dllhost.exe     [26/07/2012 01:59:13]    CPU Usage:0 %
3084 | [Owner : kone thyssenkrupp sc | Parent : 596(services.exe) | 10.46 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhostex.exe     [05/03/2013 10:02:27]    CPU Usage:0 %
3348 | [Owner : SERVICE LOCAL | Parent : 596(services.exe) | 15.84 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe     [05/03/2013 10:02:27]    CPU Usage:0 %
3816 | [Owner : kone thyssenkrupp sc | Parent : 3808() | 62.47 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe     [26/07/2012 01:14:17]    CPU Usage:0 %
3608 | [Owner : Système | Parent : 596(services.exe) | 36.22 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9200.16420) = C:\Windows\System32\SearchIndexer.exe     [05/03/2013 10:02:27]    CPU Usage:0 %
3532 | [Owner : kone thyssenkrupp sc | Parent : 752(svchost.exe) | 7.44 Mo] - (.Microsoft Corporation - Communications Service.) - (16.4.4206.722) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe     [26/07/2012 11:48:22]    CPU Usage:0 %
4164 | [Owner : kone thyssenkrupp sc | Parent : 752(svchost.exe) | 9.06 Mo] - (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) = C:\Windows\System32\RuntimeBroker.exe     [26/07/2012 01:59:11]    CPU Usage:0 %
4292 | [Owner : SERVICE RÉSEAU | Parent : 596(services.exe) | 0.5 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.9200.16420) = C:\Program Files\Windows Media Player\wmpnetwk.exe     [05/03/2013 10:02:37]    CPU Usage:0 %
4744 | [Owner : Système | Parent : 596(services.exe) | 15.95 Mo] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.0.33.2) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe     [15/08/2012 15:29:52]    CPU Usage:0 %
4860 | [Owner : kone thyssenkrupp sc | Parent : 3816(explorer.exe) | 40.22 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe     [12/04/2020 18:46:41]    CPU Usage:0 %
4892 | [Owner : Système | Parent : 596(services.exe) | 57.72 Mo] - (.Hewlett-Packard - HPConnectedRemoteService.) - (1.0.1206.0) = C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe     [29/08/2012 12:02:16]    CPU Usage:0 %
5080 | [Owner : kone thyssenkrupp sc | Parent : 4940() | 7.67 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (8.0.0.608) = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe     [05/03/2013 01:37:06]    CPU Usage:0 %
892 | [Owner : kone thyssenkrupp sc | Parent : 4940() | 19.02 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe     [12/04/2020 18:47:22]    CPU Usage:0 %
724 | [Owner : kone thyssenkrupp sc | Parent : 5024() | 5.57 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe     [25/01/2012 17:32:10]    CPU Usage:0 %
4240 | [Owner : kone thyssenkrupp sc | Parent : 724(MOM.exe) | 6.46 Mo] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (3.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe     [09/04/2012 19:13:04]    CPU Usage:0 %
4908 | [Owner : Système | Parent : 596(services.exe) | 100.18 Mo] - (.Symantec Corporation - Norton Security.) - (17.2.2.13) = C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\NortonSecurity.exe     [13/04/2020 16:50:26]    CPU Usage:19 %
3944 | [Owner : kone thyssenkrupp sc | Parent : 4908(NortonSecurity.exe) | 9.81 Mo] - (.Symantec Corporation - Norton Security.) - (17.2.2.13) = C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\NortonSecurity.exe     [13/04/2020 16:50:26]    CPU Usage:0 %
5996 | [Owner : kone thyssenkrupp sc | Parent : 5968() | 364.04 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6116 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 13.44 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
5160 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 60.17 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
4276 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 149.02 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
1976 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 70.89 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
4060 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 81.88 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6804 | [Owner : Système | Parent : 1080() | 10.44 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.2.9200.16384) = C:\Windows\System32\csrss.exe     [26/07/2012 07:26:45]    CPU Usage:0 %
5948 | [Owner : Système | Parent : 1080() | 4.83 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.2.9200.16420) = C:\Windows\System32\winlogon.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
3204 | [Owner : DWM-2 | Parent : 5948(winlogon.exe) | 35.5 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.2.9200.16420) = C:\Windows\System32\dwm.exe     [05/03/2013 10:02:00]    CPU Usage:11 %
7016 | [Owner : Système | Parent : 868(atiesrxx.exe) | 6.15 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe     [29/08/2012 10:10:15]    CPU Usage:0 %
3728 | [Owner : kone thyssenkrupp sc | Parent : 5996(firefox.exe) | 35.62 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6684 | [Owner : bosch pinnacle romai | Parent : 596(services.exe) | 10.63 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhostex.exe     [05/03/2013 10:02:27]    CPU Usage:0 %
2988 | [Owner : bosch pinnacle romai | Parent : 4908(NortonSecurity.exe) | 26.4 Mo] - (.Symantec Corporation - Norton Security.) - (17.2.2.13) = C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\NortonSecurity.exe     [13/04/2020 16:50:26]    CPU Usage:0 %
392 | [Owner : bosch pinnacle romai | Parent : 52() | 179.22 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe     [26/07/2012 01:14:17]    CPU Usage:30 %
788 | [Owner : bosch pinnacle romai | Parent : 4892(HPConnectedRemoteService.exe) | 68.96 Mo] - (.Hewlett-Packard - HPConnectedRemoteUser.) - (1.0.1206.0) = C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe     [29/08/2012 12:02:10]    CPU Usage:0 %
4308 | [Owner : bosch pinnacle romai | Parent : 752(svchost.exe) | 7.8 Mo] - (.Microsoft Corporation - Communications Service.) - (16.4.4206.722) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe     [26/07/2012 11:48:22]    CPU Usage:0 %
1860 | [Owner : bosch pinnacle romai | Parent : 752(svchost.exe) | 9.66 Mo] - (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) = C:\Windows\System32\RuntimeBroker.exe     [26/07/2012 01:59:11]    CPU Usage:0 %
6232 | [Owner : bosch pinnacle romai | Parent : 392(explorer.exe) | 40.82 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe     [12/04/2020 18:46:41]    CPU Usage:0 %
7260 | [Owner : bosch pinnacle romai | Parent : 3704() | 7.42 Mo] - (.CyberLink - CyberLink MediaLibray Service.) - (8.0.0.608) = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe     [05/03/2013 01:37:06]    CPU Usage:0 %
7440 | [Owner : bosch pinnacle romai | Parent : 3704() | 19.52 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe     [12/04/2020 18:47:22]    CPU Usage:0 %
1036 | [Owner : bosch pinnacle romai | Parent : 7216() | 5.33 Mo] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe     [25/01/2012 17:32:10]    CPU Usage:0 %
7332 | [Owner : bosch pinnacle romai | Parent : 1036(MOM.exe) | 8.66 Mo] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (3.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe     [09/04/2012 19:13:04]    CPU Usage:0 %
5220 | [Owner : bosch pinnacle romai | Parent : 7456() | 384.81 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
8060 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 13.52 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6900 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 129.26 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
3220 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 60.68 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
4652 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 192.26 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6440 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 94.36 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
3384 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 113.26 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
6496 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 17.4 Mo] - (.CyberLink - CyberLink Downloader.) - (3.0.0.2816) = C:\Users\bosch pinnacle romai\Downloads\CyberLink_PowerDVD_Downloader(1).exe     [14/04/2020 12:10:40]    CPU Usage:0 %
6912 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 18 Mo] - (.CyberLink - CyberLink Downloader.) - (3.0.0.2816) = C:\Users\bosch pinnacle romai\Downloads\CyberLink_PowerDVD_Downloader.exe     [14/04/2020 12:09:55]    CPU Usage:0 %
7048 | [Owner : bosch pinnacle romai | Parent : 1804() | 25.28 Mo] - (.Alexander Roshal - WinRAR archiver.) - (5.80.0.0) = C:\Program Files\WinRAR\WinRAR.exe     [12/04/2020 18:52:30]    CPU Usage:0 %
5240 | [Owner : NathalieLynnloTorres | Parent : 392(explorer.exe) | 10.65 Mo] - (.AnviSoft - BootUsb Module.) - (1.0.0.1) = D:\Applications téléchargées\BootUsb.exe     [14/04/2020 12:15:49]    CPU Usage:0 %
7856 | [Owner : bosch pinnacle romai | Parent : 596(services.exe) | 7.92 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe     [05/03/2013 10:02:27]    CPU Usage:0 %
6508 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 108.34 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
3700 | [Owner : bosch pinnacle romai | Parent : 5220(firefox.exe) | 35.57 Mo] - (.Mozilla Corporation - Firefox Nightly.) - (77.0.0.7408) = D:\Applications installées\Firefox Nightly\firefox.exe     [14/04/2020 11:35:33]    CPU Usage:0 %
4400 | [Owner : NathalieLynnloTorres | Parent : 5220(firefox.exe) | 57 Mo] - (.SosVirus - QuickDiag.) - (29.10.19.1) = C:\Users\bosch pinnacle romai\Downloads\quickdiag_V5_29.10.19.1.exe     [14/04/2020 12:52:49]    CPU Usage:0 %
6428 | [Owner : NathalieLynnloTorres | Parent : 752(svchost.exe) | 7.52 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.2.9200.16384) = C:\Windows\System32\dllhost.exe     [26/07/2012 01:59:13]    CPU Usage:0 %
7700 | [Owner : Système | Parent : 596(services.exe) | 2.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) = C:\Windows\System32\svchost.exe     [05/03/2013 10:01:53]    CPU Usage:0 %
3344 | [Owner : bosch pinnacle romai | Parent : 7700(svchost.exe) | 14.14 Mo] - (.Microsoft Corporation - Rapports de problèmes Windows.) - (6.2.9200.16384) = C:\Windows\System32\WerFault.exe     [26/07/2012 03:01:35]    CPU Usage:0 %
4980 | [Owner : Système | Parent : 7700(svchost.exe) | 5.24 Mo] - (.Microsoft Corporation - Rapports de problèmes Windows.) - (6.2.9200.16384) = C:\Windows\System32\WerFault.exe     [26/07/2012 03:01:35]    CPU Usage:0 %
5212 | [Owner : Système | Parent : 4908(NortonSecurity.exe) | 0.27 Mo] - (.Symantec Corporation - Norton Security.) - (17.2.2.13) = C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\NortonSecurity.exe     [13/04/2020 16:50:26]    CPU Usage:0 %
4112 | [Owner : Système | Parent : 752(svchost.exe) | 5.58 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\wbem\WmiPrvSE.exe     [26/07/2012 04:36:07]    CPU Usage:0 %
3304 | [Owner : SERVICE RÉSEAU | Parent : 752(svchost.exe) | 6.38 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [26/07/2012 04:46:07]    CPU Usage:0 %

---------- | Locked Applications


---------- | Policy Restrictions


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1140) -- C:\Windows\SYSTEM32\aticfx64.dll
(.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6268) -- C:\Windows\SYSTEM32\atiuxp64.dll
(.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.451) -- C:\Windows\SYSTEM32\atidxx64.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.Symantec Corporation.-.Backup Shell.) - (10.13.0.12) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\buShell.dll
(.Symantec Corporation.-.Symantec Extended File Attributes.) - (7.3.2.4) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\EFACli64.dll
(.Symantec Corporation.-.Symantec Trust Validation Engine 64 bit.) - (17.2.2.13) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\ccVrTrst.dll
(.Symantec Corporation.-.Symantec Library.) - (16.0.1.4) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\ccLib.dll
(.Symantec Corporation.-.Symantec Settings Manager Engine.) - (17.2.2.13) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\ccSet.dll

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(.Symantec Corporation.-.Symantec ccIPC Engine.) - (17.2.2.13) -- C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\ccIPC.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.80.0.0) -- C:\Program Files\WinRAR\rarext.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Web Companion - (C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  [HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\...\Run]) - User: KNT_UDIAP3AAUDA\NathalieLynnloTorres
MTPW - ("C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Command Processor]
"PathCompletionChar"=9   
"EnableExtensions"=1   
"CompletionChar"=9   
"DefaultColor"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize    

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ePrint,winspool,LPT1:   
"UserSelectedDefault"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Command Processor]
"PathCompletionChar"=9   
"EnableExtensions"=1   
"CompletionChar"=9   
"DefaultColor"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ePrint,winspool,LPT1:   
"UserSelectedDefault"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Command Processor]
"PathCompletionChar"=9   
"EnableExtensions"=1   
"CompletionChar"=9   
"DefaultColor"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ePrint,winspool,LPT1:   
"UserSelectedDefault"=0   

[HKLM\Software\Microsoft\Command Processor]
"PathCompletionChar"=64   
"EnableExtensions"=1   
"CompletionChar"=64   
"DefaultColor"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"MTPW"="C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe"   

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"StartCCC"=0x040000000000000000000000   
"CLMLServer_For_P2G8"=0x040000000000000000000000   
"CLVirtualDrive"=0x040000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"Spooler"=yes   
"DeviceNotSelectedTimeout"=15   
"TransmissionRetryTimeout"=90   
"ShutdownWarningDialogTimeout"=4294967295   
"USERProcessHandleQuota"=10000   
"LoadAppInit_DLLs"=0   
"IconServiceLib"=IconCodecService.dll   
"DesktopHeapLogging"=1   
"DdeSendTimeout"=0   
"USERPostMessageLimit"=10000   
"USERNestedWindowLimit"=50   
"AppInit_DLLs"=   
"NaturalInputHandler"=Ninput.dll   
"ThreadUnresponsiveLogTimeout"=500   
"GDIProcessHandleQuota"=10000   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"PathCompletionChar"=64   
"EnableExtensions"=1   
"CompletionChar"=64   
"DefaultColor"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun   
"CLMLServer_For_P2G8"="c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"   
"CLVirtualDrive"="c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R   
"MTSM"="C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe" --auto   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"Spooler"=yes   
"DeviceNotSelectedTimeout"=15   
"TransmissionRetryTimeout"=90   
"ShutdownWarningDialogTimeout"=4294967295   
"USERProcessHandleQuota"=10000   
"LoadAppInit_DLLs"=0   
"IconServiceLib"=IconCodecService.dll   
"DesktopHeapLogging"=1   
"DdeSendTimeout"=0   
"USERPostMessageLimit"=10000   
"USERNestedWindowLimit"=50   
"AppInit_DLLs"=   
"NaturalInputHandler"=Ninput.dll   
"ThreadUnresponsiveLogTimeout"=500   
"GDIProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
MicrosoftEdgeUpdateTaskMachineCore
MicrosoftEdgeUpdateTaskMachineUA
MiniToolPartitionWizard
Norton WSC Integration
Notifier
Notifier_startup
Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1001
Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1004
Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1005
Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1007
Systweak Software UpdaterNotifier
Systweak Software UpdaterNotifier_startup

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"WaitToKillServiceTimeout"=2000   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(4)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(4)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=2   

[HKLM\System\CurrentControlSet\Control\lsa]
"Bounds"=0x0030000000200000   
"auditbasedirectories"=0   
"fullprivilegeauditing"=0x00   
"crashonauditfail"=0   
"auditbaseobjects"=0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp   
"Authentication Packages"=msv1_0   
"LsaPid"=648   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"GlobalFlag"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"ResourceTimeoutCount"=648000   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"CriticalSectionTimeout"=2592000   
"ProcessorControl"=2   
"HeapSegmentReserve"=0   
"ExcludeFromKnownDlls"=   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"NumberOfInitialSessions"=2   
"RunLevelExecute"=WinInit
ServiceControlManager   
"AutoChkTimeout"=1   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"PendingFileRenameOperations"=\??\C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\en-US\NortonSecurity.exe.mui.tmp
!\??\C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\en-US\NortonSecurity.exe.mui   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"StartRCM"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"TSUserEnabled"=0   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"DelayConMgrTimeout"=0   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"AllowRemoteRPC"=0   
"ProductVersion"=5.1   
"fDenyTSConnections"=1   
"InstanceID"=bfe7d91e-5f30-43c8-bb26-d2e7cb2   
"GlassSessionId"=2   


---------- | .LNK with Arguments

\Acrobat Reader DC (2).lnk        () d32.exeIC:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E41
\Acrobat Reader DC.lnk        () d32.exeIC:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E41
\AIMP (2).lnk        () \AIMP\AIMP.exe'..\..\Program Files (x86)\AIMP\AIMP.exec�Xdesktop-810dt5o
\AIMP.lnk        () \AIMP\AIMP.exe'..\..\Program Files (x86)\AIMP\AIMP.exec�Xdesktop-810dt5o
\Ashampoo Backup 2018 (2).lnk        () ckupClient-ab.exe2C:\Program Files\Ashampoo\Ashampoo Backup 2018
\Ashampoo Backup 2018.lnk        () ckupClient-ab.exe2C:\Program Files\Ashampoo\Ashampoo Backup 2018
\Ashampoo Music Studio 2013.lnk        ()  (x86)\Ashampoo\Ashampoo Music Studio 2013\MusicStudio.exe:C:\Pr
\Ashampoo Snap 10 (2).lnk        () oo Snap 10\ashsnap.exe0C:\Program Files (x86)\Ashampoo\Ashampoo 
\Ashampoo Snap 10.lnk        () oo Snap 10\ashsnap.exe0C:\Program Files (x86)\Ashampoo\Ashampoo 
\Atomic Mail Sender.lnk        ())\AtomPark\Atomic Mail Sender\AtomicMailSender.exe2C:\Program Fi
\Audacity (2).lnk        () udacity.exeC:\Program Files (x86)\Audacity�*���@Z|���K�J������
\Audacity.lnk        () udacity.exeC:\Program Files (x86)\Audacity�*���@Z|���K�J������
\Backup and Sync from Google (2).lnk        () drivesync.exe`-_$�DhC:\Program Files\Google\Drive\googledrivesync.exe
\Backup and Sync from Google.lnk        () drivesync.exe`-_$�DhC:\Program Files\Google\Drive\googledrivesync.exe
\blender (2).lnk        () nder.exe,C:\Program Files\Blender Foundation\Blender\�&�
\blender.lnk        () nder.exe,C:\Program Files\Blender Foundation\Blender\�&�
\BS.Player FREE (2).lnk        () layer.exe9..\..\..\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe&
\BS.Player FREE.lnk        () layer.exe9..\..\..\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe&
\CCleaner (2).lnk        () gram Files\CCleaner\CCleaner64.exe...\..\..\Program Files\CCleaner\CCleaner64.ex
\CCleaner.lnk        () gram Files\CCleaner\CCleaner64.exe...\..\..\Program Files\CCleaner\CCleaner64.ex
\Chromium.lnk        () \Chromium\Application\chrome.exe
\Cisco WebEx Connect (2).lnk        () 42A9953853BAFFE61895.exe
\Cisco WebEx Connect.lnk        () 42A9953853BAFFE61895.exe
\Citrix Workspace (2).lnk        (-showAppPicker) ix\ICA Client\SelfServicePlugin\SelfService.exe;C:\Program Files
\Citrix Workspace.lnk        (-showAppPicker) ix\ICA Client\SelfServicePlugin\SelfService.exe;C:\Program Files
\Click Translator.lnk        () ck Translator\ClickTranslator.exe!C:\Program Files\Click Transla
\ComIntRep_x64 - Raccourci (2).lnk        () ntrep_2
\ComIntRep_x64 - Raccourci.lnk        () ntrep_2
\Corel PaintShop Pro 2020 (64-bit) (2).lnk        () Pro.exe9c:\Program Files\Corel\Corel PaintShop Pro 2020 (64-bit)
\Corel PaintShop Pro 2020 (64-bit).lnk        () Pro.exe9c:\Program Files\Corel\Corel PaintShop Pro 2020 (64-bit)
\Cursor Translator.lnk        () Cursor Translator\CursorTranslator.exe"C:\Program Files\Cursor T
\Cute Translator.lnk        () ranslator\CuteTranslator.exe C:\Program Files\Cute Translatorc
\DAEMON Tools Lite (2).lnk        () Program Files\DAEMON Tools Lite\DTLauncher.exe
\DAEMON Tools Lite.lnk        () Program Files\DAEMON Tools Lite\DTLauncher.exe
\Dashlane.lnk        () exe(..\AppData\Roaming\Dashlane\Dashlane.exe�C:\Users\dedie\AppDa
\defencebyte Computer Optimizer (2).lnk        () 1_90407A137004479A847FA3C7549BDA04.exe
\defencebyte Computer Optimizer.lnk        () 1_90407A137004479A847FA3C7549BDA04.exe
\Defraggler (2).lnk        () \Defraggler64.exe
\Defraggler.lnk        () \Defraggler64.exe
\Donner votre avis sur Slowin' Killer.lnk        () .vizzualforms.com/f/dJO3WQARddClkZXNDonner son avis sur le l
\DVB Dream.lnk        () xe..\..\..\dvbdream\dvbdream.exec:\dvbdreamc�Xdesktop-qotr1k6^��e�
\DVDVideoSoft Free Studio (2).lnk        () \lib\FreeStudioManager.exe5C:\Program Files (x86)\Common Files\D
\DVDVideoSoft Free Studio.lnk        () \lib\FreeStudioManager.exe5C:\Program Files (x86)\Common Files\D
\eMule (2).lnk        () x86)\eMule\emule.exe5..\..\..\..\..\..\Program Files (x86)\eMule\emule.ex
\eMule.lnk        () x86)\eMule\emule.exe5..\..\..\..\..\..\Program Files (x86)\eMule\emule.ex
\FastStone Image Viewer (2).lnk        () Program Files (x86)\FastStone Image Viewer\FSViewer.exe-C:\Progr
\FastStone Image Viewer.lnk        () Program Files (x86)\FastStone Image Viewer\FSViewer.exe-C:\Progr
\FileZilla (2).lnk        () es\FileZilla FTP Client\filezilla.exe%C:\Program Files\FileZilla
\FileZilla.lnk        () es\FileZilla FTP Client\filezilla.exe%C:\Program Files\FileZilla
\Firefox (2).lnk        () .exe/..\..\Program Files\Mozilla Firefox\firefox.exe C:\Program F
\Firefox Developer Edition (2).lnk        () refox Developer Edition\firefox.exe*C:\Program Files\Firefox Dev
\Firefox Developer Edition.lnk        () refox Developer Edition\firefox.exe*C:\Program Files\Firefox Dev
\Firefox Nightly (2).lnk        () irefox.exe C:\Program Files\Firefox Nightlyc�Xdesktop-810dt5o�a�C�b
\Firefox Nightly.lnk        () irefox.exe C:\Program Files\Firefox Nightlyc�Xdesktop-810dt5o�a�C�b
\Firefox.lnk        () .exe/..\..\Program Files\Mozilla Firefox\firefox.exe C:\Program F
\foobar2000 (2).lnk        () ar2000\foobar2000.exe!C:\Program Files (x86)\foobar2000�*�
\foobar2000.lnk        () ar2000\foobar2000.exe!C:\Program Files (x86)\foobar2000�*�
\Foxit Reader (2).lnk        () it Reader\FoxitReader.exe�*���@Z|���K�J������c�Xdesktop-vu3i6kn�>
\Foxit Reader.lnk        () it Reader\FoxitReader.exe�*���@Z|���K�J������c�Xdesktop-vu3i6kn�>
\FreeFileSync (2).lnk        () leSync.exeC:\Program Files\FreeFileSyncc�Xdesktop-vu3i6kn�>�6�2B����o��w
\FreeFileSync.lnk        () leSync.exeC:\Program Files\FreeFileSyncc�Xdesktop-vu3i6kn�>�6�2B����o��w
\FULL-DISKfighter (2).lnk        (FDPRO) roductShortcu_9374267BBB8D415AB667F29A074CE29E.exe
\FULL-DISKfighter.lnk        (FDPRO) roductShortcu_9374267BBB8D415AB667F29A074CE29E.exe
\Glary Utilities 5 (2).lnk        () am Files (x86)\Glary Utilities 5\Integrator.exe(C:\Program Files
\Glary Utilities 5.lnk        () am Files (x86)\Glary Utilities 5\Integrator.exe(C:\Program Files
\Google Chrome (2).lnk        () ramFiles(x86)%\Google\Chrome\Application\chrome.exe
\Google Chrome.lnk        () ramFiles(x86)%\Google\Chrome\Application\chrome.exe
\Google Docs (2).lnk        (--new_document) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Docs.lnk        (--new_document) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Drive (2).lnk        () gledrivesync.exe$C:\Program Files (x86)\Google\Drive\�*�
\Google Drive.lnk        () gledrivesync.exe$C:\Program Files (x86)\Google\Drive\�*�
\Google Earth Pro (2).lnk        () Earth Pro\client\googleearth.exe6C:\Program Files (x86)\Google\G
\Google Earth Pro.lnk        () Earth Pro\client\googleearth.exe6C:\Program Files (x86)\Google\G
\Google Sheets (2).lnk        (--new_spreadsheet) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Sheets.lnk        (--new_spreadsheet) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Slides (2).lnk        (--new_presentation) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Slides.lnk        (--new_presentation) c.exe4..\..\Program Files\Google\Drive\googledrivesync.exeC:\Prog
\Google Talk (2).lnk        (/startmenu) am Files (x86)\Google\Google Talk\googletalk.exe)C:\Program File
\Google Talk.lnk        (/startmenu) am Files (x86)\Google\Google Talk\googletalk.exe)C:\Program File
\GoToMeeting (2).lnk        ("/Action Host" "/Trigger Shortcut" "/Product G2M") �e/..\AppData\Local\GoToMeeting\15404\g2mstart.exe2"/Action Host
\GoToMeeting.lnk        ("/Action Host" "/Trigger Shortcut" "/Product G2M") �e/..\AppData\Local\GoToMeeting\15404\g2mstart.exe2"/Action Host
\Greenshot (2).lnk        () enshot.exeC:\Program Files\Greenshotc�Xdesktop-vu3i6kn�>�6�2B����o��wM�i��
\Greenshot.lnk        () enshot.exeC:\Program Files\Greenshotc�Xdesktop-vu3i6kn�>�6�2B����o��wM�i��
\Identity Inspector (2).lnk        () Inspector.exe7C:\Program Files\Engelmann Software\Identity Inspe
\Identity Inspector.lnk        () Inspector.exe7C:\Program Files\Engelmann Software\Identity Inspe
\ImgBurn (2).lnk        () %ProgramFiles%\ImgBurn\ImgBurn.exe
\ImgBurn.lnk        () %ProgramFiles%\ImgBurn\ImgBurn.exe
\InfraRecorder (2).lnk        () nfraRecorder\infrarecorder.exeC:\Program Files\InfraRecorder\
\InfraRecorder.lnk        () nfraRecorder\infrarecorder.exeC:\Program Files\InfraRecorder\
\Internet Explorer (2).lnk        () ogram Files (x86)\Internet Explorer\iexplore.exe(C:\Program File
\Internet Explorer.lnk        () am Files (x86)\Internet Explorer\iexplore.exe(C:\Program Files (
\IrfanView (2).lnk        () ram Files (x86)\IrfanView\i_view32.exe�*���@Z|���K�J������c
\IrfanView.lnk        () ram Files (x86)\IrfanView\i_view32.exe�*���@Z|���K�J������c
\Kastor All Video Downloader.lnk        () s (x86)\Kastor All Video Downloader\avd.exe2C:\Program Files (x8
\KeePass (2).lnk        ()  Files (x86)\KeePass Password Safe\KeePass.exe,C:\Program Files 
\KeePass.lnk        ()  Files (x86)\KeePass Password Safe\KeePass.exe,C:\Program Files 
\Krita (2).lnk        () ogram Files\Krita (x64)\bin\krita.exeC:\Program Files\Krita (x6
\Krita.lnk        () ogram Files\Krita (x64)\bin\krita.exeC:\Program Files\Krita (x6
\Language Reader.lnk        () es (x86)\Language Reader\LanguageReader.exe�*���@Z|���K�J������
\LM-Viewer (2).lnk        () 3B5AE20F664337BCBB912BCEBD64FA.exe
\LM-Viewer.lnk        () 3B5AE20F664337BCBB912BCEBD64FA.exe
\LogMeIn Control Panel (2).lnk        () kit.exe�*���@Z|���K�J������c�Xdesktop-vu3i6kn�>�6�2B����o��w��i����hZ�j~A�>�6�
\LogMeIn Control Panel.lnk        () kit.exe�*���@Z|���K�J������c�Xdesktop-vu3i6kn�>�6�2B����o��w��i����hZ�j~A�>�6�
\Malwarebytes (2).lnk        () alwarebytes\Anti-Malware\mbam.exe
\Malwarebytes.lnk        () alwarebytes\Anti-Malware\mbam.exe
\Media Player Classic (2).lnk        () c Pack\MPC-HC64\mpc-hc64.exe1C:\Program Files (x86)\K-Lite Codec
\Media Player Classic Home Cinema (64bit) (2).lnk        () ombined Community Codec Pack 64bit\MPC\mpc-hc64.exe8C:\Program F
\Media Player Classic Home Cinema (64bit).lnk        () ombined Community Codec Pack 64bit\MPC\mpc-hc64.exe8C:\Program F
\Media Player Classic.lnk        () c Pack\MPC-HC64\mpc-hc64.exe1C:\Program Files (x86)\K-Lite Codec
\MediaMonkey (2).lnk        () s (x86)\MediaMonkey\MediaMonkey.exe"C:\Program Files (x86)\Media
\MediaMonkey.lnk        () s (x86)\MediaMonkey\MediaMonkey.exe"C:\Program Files (x86)\Media
\Mozilla Firefox (2).lnk        () .exeMozilla Firefox/..\..\Program Files\Mozilla Firefox\firefox.
\Mozilla Firefox.lnk        () .exeMozilla Firefox/..\..\Program Files\Mozilla Firefox\firefox.
\Mozilla Thunderbird (2).lnk        () lla Thunderbird\thunderbird.exe$C:\Program Files\Mozilla Thunder
\Mozilla Thunderbird.lnk        () lla Thunderbird\thunderbird.exe$C:\Program Files\Mozilla Thunder
\MultiCommander (2).lnk        () %ProgramFiles%\MultiCommander\MultiCommander.EXE
\MultiCommander.lnk        () %ProgramFiles%\MultiCommander\MultiCommander.EXE
\MyFormatConverter (2).lnk        () er\MyFormatConverter.exe<C:\Program Files (x86)\Engelmann Softwa
\MyFormatConverter.lnk        () er\MyFormatConverter.exe<C:\Program Files (x86)\Engelmann Softwa
\Navigateur Opera (2).lnk        () ra\launcher.exe5..\..\..\..\..\..\..\Program Files\Opera\launcher.exeC
\Navigateur Opera.lnk        () a\launcher.exe+C:\Users\dedie\AppData\Local\Programs\Opera����
\Nettoyer la mémoire.lnk        (--killproc) 6)\Slowin Killer\Slowin_Killer-2.1.1.exe$C:\Program Files (x86)\
\Notepad++ (2).lnk        () otepad++\notepad++.exe C:\Program Files (x86)\Notepad++�*�
\Notepad++.lnk        () otepad++\notepad++.exe C:\Program Files (x86)\Notepad++�*�
\NVDA (2).lnk        (launchNVDA -r) rogram Files (x86)\NVDA\nvda_slave.exe-..\..\Program Files (x86)\NVDA\nvda_slave.e
\NVDA.lnk        (launchNVDA -r) rogram Files (x86)\NVDA\nvda_slave.exe-..\..\Program Files (x86)\NVDA\nvda_slave.e
\Opera (2).lnk        () pera x64\opera.exe*..\..\..\Program Files\Opera x64\opera.exeC:\Program
\Opera.lnk        () pera x64\opera.exe*..\..\..\Program Files\Opera x64\opera.exeC:\Program
\PC Manager (2).lnk        (/showui) QQPCTray.exe
\PC Manager.lnk        (/showui) QQPCTray.exe
\PDFCreator (2).lnk        () or.exeC:\Program Files\PDFCreatorc�Xdesktop-vu3i6kn�>�6�2B����o��wQ	�i����hZ
\PDFCreator.lnk        () or.exeC:\Program Files\PDFCreatorc�Xdesktop-vu3i6kn�>�6�2B����o��wQ	�i����hZ
\PeaZip (2).lnk        () p\peazip.exe(..\..\..\Program Files\PeaZip\peazip.exeC:\Program File
\PeaZip.lnk        () p\peazip.exe(..\..\..\Program Files\PeaZip\peazip.exeC:\Program File
\Pidgin (2).lnk        () n.exeC:\Program Files (x86)\Pidgin�*���@Z|���K�J������c�X
\Pidgin.lnk        () n.exeC:\Program Files (x86)\Pidgin�*���@Z|���K�J������c�X
\PlayGalaxy Link.lnk        () ink\PlayGalaxyLinkPC.exe(C:\Program Files\Samsung\PlayGalaxy Lin
\PuTTY (2).lnk        () xe/..\..\..\..\..\..\Program Files\PuTTY\putty.exeC:\Program Fi
\PuTTY.lnk        () xe/..\..\..\..\..\..\Program Files\PuTTY\putty.exeC:\Program Fi
\qBittorrent (2).lnk        () rent\qbittorrent.exeC:\Program Files\qBittorrentc�Xdesktop-vu3i6k
\qBittorrent.lnk        () rent\qbittorrent.exeC:\Program Files\qBittorrentc�Xdesktop-vu3i6k
\RealTimeSync (2).lnk        () atique4..\..\..\Program Files\FreeFileSync\RealTimeSync.exeC:\P
\RealTimeSync.lnk        () atique4..\..\..\Program Files\FreeFileSync\RealTimeSync.exeC:\P
\Recuva (2).lnk        () Drive%\Program Files\Recuva\recuva64.exe
\Recuva.lnk        () Drive%\Program Files\Recuva\recuva64.exe
\Restore Windows Photo Viewer.lnk        () reWindowsPhotoViewer.exe-C:\Program Files\Restore Windows Photo 
\Revo Uninstaller (2).lnk        () ninstaller\RevoUnin.exe/C:\Program Files\VS Revo Group\Revo Unin
\Revo Uninstaller.lnk        () ninstaller\RevoUnin.exe/C:\Program Files\VS Revo Group\Revo Unin
\Safari (2).lnk        () 9648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
\Safari.lnk        () 9648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
\Should I Remove It.lnk        ()  Remove It\ShouldIRemoveIt.exe9C:\Users\dedie\AppData\Roaming\Re
\Silent Install Builder 5 (2).lnk        () 6)\Silent Install Builder 5\Sib.exe�*���@Z|���K�J������c�X
\Silent Install Builder 5.lnk        () 6)\Silent Install Builder 5\Sib.exe�*���@Z|���K�J������c�X
\Skype (2).lnk        () Skype for Desktop\Skype.exe2C:\Program Files (x86)\Microsoft\Sky
\Skype.lnk        () Skype for Desktop\Skype.exe2C:\Program Files (x86)\Microsoft\Sky
\Social Downloader for Facebook, Instagram and Twitter (2).lnk        () ..\Program Files (x86)\Social Downloader\SocialDownloader.exe(C:
\Social Downloader for Facebook, Instagram and Twitter.lnk        () ..\Program Files (x86)\Social Downloader\SocialDownloader.exe(C:
\Social Lite (2).lnk        () Social.exe,C:\Program Files (x86)\GrandSoft\Social Lite�*�
\Social Lite.lnk        () Social.exe,C:\Program Files (x86)\GrandSoft\Social Lite�*�
\Social Network Controller (2).lnk        () 9-D35B-43A8-9260-9CBC42CF24C6}\enterprise_logo.exe
\Social Network Controller.lnk        () 9-D35B-43A8-9260-9CBC42CF24C6}\enterprise_logo.exe
\SocialLoginLauncher (2).lnk        () cialLoginLauncher.exe8C:\Program Files (x86)\Easy-Social\Social 
\SocialLoginLauncher.lnk        () cialLoginLauncher.exe8C:\Program Files (x86)\Easy-Social\Social 
\Speccy (2).lnk        () \Speccy\Speccy64.exe*..\..\..\Program Files\Speccy\Speccy64.exeC:\Progra
\Speccy.lnk        () \Speccy\Speccy64.exe*..\..\..\Program Files\Speccy\Speccy64.exeC:\Progra
\Steam (2).lnk        () x86)\Steam\Steam.exe,..\..\..\Program Files (x86)\Steam\Steam.exeC:\Prog
\Steam.lnk        () x86)\Steam\Steam.exe,..\..\..\Program Files (x86)\Steam\Steam.exeC:\Prog
\SugarSync (2).lnk        () ugarSync.exe
\SugarSync.lnk        () ugarSync.exe
\SumatraPDF (2).lnk        () aPDF\SumatraPDF.exe�%ProgramFiles%\SumatraPDF\SumatraPDF.exe
\SumatraPDF.lnk        () aPDF\SumatraPDF.exe�%ProgramFiles%\SumatraPDF\SumatraPDF.exe
\SUPERAntiSpyware Free Edition (2).lnk        () tiSpyware.exe
\SUPERAntiSpyware Free Edition.lnk        () tiSpyware.exe
\TeamViewer 14 (2).lnk        () Viewer\TeamViewer.exe!C:\Program Files (x86)\TeamViewer�*�
\TeamViewer 14.lnk        () Viewer\TeamViewer.exe!C:\Program Files (x86)\TeamViewer�*�
\TeraCopy (2).lnk        () %SystemDrive%\Program Files\TeraCopy\TeraCopy.exe
\TeraCopy.lnk        () %SystemDrive%\Program Files\TeraCopy\TeraCopy.exe
\Trillian (2).lnk        () ..\..\Program Files (x86)\Trillian\trillian.exeC:\Program Files
\Trillian.lnk        () ..\..\Program Files (x86)\Trillian\trillian.exeC:\Program Files
\Trojan Killer (2).lnk        () \tk.exe$C:\Program Files (x86)\Trojan Killer�*���@Z|���K�J����
\Trojan Killer.lnk        () \tk.exe$C:\Program Files (x86)\Trojan Killer�*���@Z|���K�J����
\TrueCrypt (2).lnk        () gram Files\TrueCrypt\TrueCrypt.exe...\..\..\Program Files\TrueCrypt\TrueCrypt.ex
\TrueCrypt.lnk        () gram Files\TrueCrypt\TrueCrypt.exe...\..\..\Program Files\TrueCrypt\TrueCrypt.ex
\TunesKit Spotify Converter.lnk        () onverter.exe1C:\Program Files (x86)\TunesKit Spotify Converter
\UltraAdwareKiller - Raccourci (2).lnk        () ���=
UltraAdwareKiller.exe@1�X��8��)Ap
\UltraAdwareKiller - Raccourci.lnk        () ���=
UltraAdwareKiller.exe@1�X��8��)Ap
\UltraAdwareKiller64 - Raccourci (2).lnk        () o account\UltraAdwareKiller64.exe9
\UltraAdwareKiller64 - Raccourci.lnk        () o account\UltraAdwareKiller64.exe9
\UpdateStar SigParser.lnk        () arser\SigParser.exeUpdateStar SigParser+i:\Program Files (x86)\UpdateSta
\UVK - Ultra Virus Killer (2).lnk        () �%SystemDrive%\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
\UVK - Ultra Virus Killer.lnk        () �%SystemDrive%\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
\UVKPortable - Raccourci (2).lnk        () JAD en internet repairs for barro account\UVKPortable.exe91S
\UVKPortable - Raccourci.lnk        () JAD en internet repairs for barro account\UVKPortable.exe91S
\Visual Studio Code (2).lnk        () de.exe"C:\Program Files\Microsoft VS Codec�Xdesktop-vu3i6kn�>�6�2B����o
\Visual Studio Code.lnk        () de.exe"C:\Program Files\Microsoft VS Codec�Xdesktop-vu3i6kn�>�6�2B����o
\VLC media player (2).lnk        () es\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLCc�Xdeskt
\VLC media player.lnk        () es\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLCc�Xdeskt
\VNC Viewer (2).lnk        () exe7..\..\..\Program Files\RealVNC\VNC Viewer\vncviewer.exe$C:\Pr
\VNC Viewer.lnk        () exe7..\..\..\Program Files\RealVNC\VNC Viewer\vncviewer.exe$C:\Pr
\Winamp (2).lnk        ()  Files (x86)\Winamp\winamp.exe...\..\..\Program Files (x86)\Winamp\winamp.exe
\Winamp.lnk        ()  Files (x86)\Winamp\winamp.exe...\..\..\Program Files (x86)\Winamp\winamp.exe
\WinDirStat (2).lnk        () irStat\windirstat.exe!C:\Program Files (x86)\WinDirStat�*�
\WinDirStat.lnk        () irStat\windirstat.exe!C:\Program Files (x86)\WinDirStat�*�
\Windows_Repair_Toolbox - Raccourci (2).lnk        () x.exe@��X���)Application@0t�Z�A1
\Windows_Repair_Toolbox - Raccourci (3).lnk        () x.exe@��X���)Application@0t�Z�A1
\Windows_Repair_Toolbox - Raccourci (4).lnk        () x.exe@��X���)Application@0t�Z�A1
\Windows_Repair_Toolbox - Raccourci.lnk        () x.exe@��X���)Application@0t�Z�A1
\WinMerge (2).lnk        () geU.exeC:\Program Files\WinMergec�Xdesktop-vu3i6kn�>�6�2B����o��w��i����hZ�
\WinMerge.lnk        () geU.exeC:\Program Files\WinMergec�Xdesktop-vu3i6kn�>�6�2B����o��w��i����hZ�
\WinRAR (2).lnk        ()  Files\WinRAR\WinRAR.exec�Xdesktop-810dt5o�a�C�b$��J�mƃ�F��hZ�j~A�a�C�b$��J�
\WinRAR.lnk        ()  Files\WinRAR\WinRAR.exec�Xdesktop-810dt5o�a�C�b$��J�mƃ�F��hZ�j~A�a�C�b$��J�
\WinSCP (2).lnk        () .\Program Files (x86)\WinSCP\WinSCP.exeC:\Program Files (x86)\W
\WinSCP.lnk        () .\Program Files (x86)\WinSCP\WinSCP.exeC:\Program Files (x86)\W
\XnView (2).lnk        ()  Files (x86)\XnView\xnview.exe...\..\..\Program Files (x86)\XnView\xnview.exe
\XnView.lnk        ()  Files (x86)\XnView\xnview.exe...\..\..\Program Files (x86)\XnView\xnview.exe
c:\hp\hpqware\dtshortcuts\ca-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\da_dk\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\aut\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_at\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_ch\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de_de\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\hkg\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\mys\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\phl\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\sgp\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_au\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_gb\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_ie\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_in\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_nz\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_sg\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en_us\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es_es\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\eu-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_be\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_ch\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr_fr\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\gl-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\hi-in\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it_ch\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it_it\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\ja_jp\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nb_no\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl_be\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl_nl\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\pt_pt\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\sv_se\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-hk\hkg\做買賣？去ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh_cn\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\ca-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\da_dk\music, photos and videos\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\shopping and services\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_at\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_ch\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de_de\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\hkg\shopping and services\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=EN_IE&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\mys\shopping and services\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\phl\shopping and services\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\sgp\shopping and services\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_au\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_gb\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_ie\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_in\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_nz\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_sg\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en_us\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es_es\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\eu-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_be\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_ch\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr_fr\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\gl-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\hi-in\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it_ch\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it_it\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\ja_jp\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nb_no\music, photos and videos\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl_be\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl_nl\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\pt_pt\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\sv_se\music, photos and videos\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-hk\hkg\shopping and services\做買賣？去ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh_cn\music, photos and videos\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\users\public\desktop\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
c:\users\public\desktop\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
e:\recovery 7 user data backup\sm-w720nzkbxef_20200305\c drive\users\antifondance 10crem\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
e:\recovery 7 user data backup\sm-w720nzkbxef_20200305\c drive\users\antifondance 10crem\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
e:\recovery 7 user data backup\sm-w720nzkbxef_20200305\c drive\users\antifondance a-dfm2\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
h:\users\bur k cx30jjad 8janv\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
h:\programdata\microsoft\windows\start menu\programs\unhackme\check for unhackme updates.lnk - Encrypted: False - Target: E:\Program Files (x86)\UnHackMe\wu.exe - Args: (hxxp://greatis.com/unhackme.ini) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\ca-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\da_dk\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de-de\aut\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de-de\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de-de\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de-de\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de_at\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de_ch\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\de_de\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\aus\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\hkg\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\mys\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\phl\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\sgp\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en-us\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_au\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_gb\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_ie\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_in\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_nz\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_sg\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\en_us\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\es-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\es-es\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\es_es\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\eu-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr-fr\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr-fr\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr-fr\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr-fr\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr_be\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr_ca\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr_ch\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\fr_fr\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\gl-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\hi-in\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\it-it\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\it-it\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\it_ch\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\it_it\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\ja_jp\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\nb_no\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\nl-nl\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\nl-nl\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\nl_be\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\nl_nl\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\pt_pt\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\sv_se\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\zh-hk\hkg\做買賣？去ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\dtshortcuts\zh_cn\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\ca-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=ca_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\da_dk\music, photos and videos\snapfish billeder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_dk) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de-de\aut\shopping and services\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_at&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de-de\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de-de\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de-de\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=de_de&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de_at\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_at) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de_ch\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de_ch) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\de_de\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_de) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\aus\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_au&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ca&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_de&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_fr&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_gb&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\hkg\shopping and services\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_hk&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_in&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=EN_IE&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_it&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\mys\shopping and services\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_my&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_nl&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\phl\shopping and services\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_ph&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\sgp\shopping and services\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_sg&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en-us\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_au\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_au) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ca) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_gb\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_gb) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_ie\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_ie) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_in\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_in) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_nz\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nz) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_sg\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_sg) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\en_us\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_us) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\es-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=es_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\es-es\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=en_us&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\es_es\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_es) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\eu-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=eu_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr-fr\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr-fr\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ca&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr-fr\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr-fr\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=fr_fr&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr_be\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_be) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr_ca\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ca) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr_ch\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr_ch) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\fr_fr\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_fr) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\gl-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=gl_es&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\hi-in\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=hi_in&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\it-it\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_ch&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\it-it\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=it_it&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\it_ch\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_ch) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\it_it\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_it_it) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\ja_jp\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_jp) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\nb_no\music, photos and videos\snapfish-bilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_no) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\nl-nl\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_be&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\nl-nl\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=nl_nl&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\nl_be\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl_be) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\nl_nl\music, photos and videos\snapfish foto's.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_nl) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\pt_pt\music, photos and videos\fotos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_pt) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\sv_se\music, photos and videos\snapfishbilder.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_se) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\zh-hk\hkg\shopping and services\做買賣？去ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cndt&locale=zh_hk&bd=all&c=124) - Hidden: False - Status: OK
h:\hp\hpqware\startmenulink\zh_cn\music, photos and videos\惠普喀嚓鱼.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_desktop_desktopicon_2012_cn) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Control Panel\Desktop]
"DragHeight"=4   
"CoolSwitchColumns"=7   
"ActiveWndTrackTimeout"=0   
"MouseCornerClipLength"=6   
"DragWidth"=4   
"WallpaperStyle"=10   
"ScreenSaveActive"=1   
"TileWallpaper"=0   
"WheelScrollLines"=3   
"Pattern"=0   
"FontSmoothingType"=2   
"WindowArrangementActive"=1   
"BlockSendInputResets"=0   
"MenuShowDelay"=400   
"ClickLockTime"=1200   
"CaretWidth"=1   
"FocusBorderWidth"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"DragFullWindows"=1   
"CoolSwitchRows"=3   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"ForegroundLockTimeout"=200000   
"FontSmoothingGamma"=0   
"DragFromMaximize"=1   
"FontSmoothing"=2   
"FocusBorderHeight"=1   
"WheelScrollChars"=3   
"DockMoving"=1   
"SnapSizing"=1   
"CursorBlinkRate"=530   
"RightOverlapChars"=3   
"FontSmoothingOrientation"=1   
"PaintDesktopVersion"=0   
"ScreenSaverIsSecure"=1   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=1   
"Wallpaper"=C:\Windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg   [05/03/2013 10:06:40]
"MaxVirtualDesktopDimension"=1920   
"MaxMonitorDimension"=1920   
"TranscodedImageCount"=2   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100539C1D0080070000B004000080736A6B8C49CD0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00480050005C00480050005F005300760069006E006F00790061005F004E006F0072007700610079005F00530075006E007300650074002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2940178641   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"SIDUpdatedOnLibraries"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"GlobalAssocChangedCounter"=3   
"Browse For Folder Width"=347   
"Browse For Folder Height"=346   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=5   
"ReindexedProfile"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Control Panel\Desktop]
"DragHeight"=4   
"CoolSwitchColumns"=7   
"ActiveWndTrackTimeout"=0   
"MouseCornerClipLength"=6   
"DragWidth"=4   
"WallpaperStyle"=10   
"ScreenSaveActive"=1   
"TileWallpaper"=0   
"WheelScrollLines"=3   
"Pattern"=0   
"FontSmoothingType"=2   
"WindowArrangementActive"=1   
"BlockSendInputResets"=0   
"MenuShowDelay"=400   
"ClickLockTime"=1200   
"CaretWidth"=1   
"FocusBorderWidth"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"DragFullWindows"=1   
"CoolSwitchRows"=3   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"ForegroundLockTimeout"=200000   
"FontSmoothingGamma"=0   
"DragFromMaximize"=1   
"FontSmoothing"=2   
"FocusBorderHeight"=1   
"WheelScrollChars"=3   
"DockMoving"=1   
"SnapSizing"=1   
"CursorBlinkRate"=530   
"RightOverlapChars"=3   
"FontSmoothingOrientation"=1   
"PaintDesktopVersion"=0   
"ScreenSaverIsSecure"=1   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=1   
"Wallpaper"=C:\Windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg   [05/03/2013 10:06:40]
"MaxVirtualDesktopDimension"=1920   
"MaxMonitorDimension"=1920   
"TranscodedImageCount"=2   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100539C1D0080070000B004000080736A6B8C49CD0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00480050005C00480050005F005300760069006E006F00790061005F004E006F0072007700610079005F00530075006E007300650074002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2940178641   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"SIDUpdatedOnLibraries"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=5   
"ReindexedProfile"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Control Panel\Desktop]
"DragHeight"=4   
"CoolSwitchColumns"=7   
"ActiveWndTrackTimeout"=0   
"MouseCornerClipLength"=6   
"DragWidth"=4   
"WallpaperStyle"=10   
"ScreenSaveActive"=1   
"TileWallpaper"=0   
"WheelScrollLines"=3   
"Pattern"=0   
"FontSmoothingType"=2   
"WindowArrangementActive"=1   
"BlockSendInputResets"=0   
"MenuShowDelay"=400   
"ClickLockTime"=1200   
"CaretWidth"=1   
"FocusBorderWidth"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"DragFullWindows"=1   
"CoolSwitchRows"=3   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"ForegroundLockTimeout"=200000   
"FontSmoothingGamma"=0   
"DragFromMaximize"=1   
"FontSmoothing"=2   
"FocusBorderHeight"=1   
"WheelScrollChars"=3   
"DockMoving"=1   
"SnapSizing"=1   
"CursorBlinkRate"=530   
"RightOverlapChars"=3   
"FontSmoothingOrientation"=1   
"PaintDesktopVersion"=0   
"ScreenSaverIsSecure"=1   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=1   
"Wallpaper"=C:\Windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg   [05/03/2013 10:06:40]
"MaxVirtualDesktopDimension"=1920   
"MaxMonitorDimension"=1920   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100539C1D0080070000B004000080736A6B8C49CD0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00480050005C00480050005F005300760069006E006F00790061005F004E006F0072007700610079005F00530075006E007300650074002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2940178641   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"SIDUpdatedOnLibraries"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"GlobalAssocChangedCounter"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=5   
"ReindexedProfile"=1   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=0   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=1   
"NoActiveDesktop"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=3   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=0   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=1   
"NoActiveDesktop"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"GlobalAssocChangedCounter"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=9200   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=9200   
"FirstLogon"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=9200   
"FirstLogon"=0   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=C:\Windows\system32\userinit.exe,   
"LegalNoticeText"=   
"Shell"=explorer.exe   
"LegalNoticeCaption"=   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"ReportBootOk"=1   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"Background"=0 0 0   
"PasswordExpiryWarning"=5   
"CachedLogonsCount"=10   
"WinStationsDisabled"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"scremoveoption"=0   
"DisableCAD"=1   
"ShutdownFlags"=7   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-11-96-3623454863-58364-18864-2661722203-1597581903-338052579-1972401049-1998997503-665323614-3851843236   
"LastUsedUsername"=MicrosoftAccount\nathalie.et.noemie@outlook.com   
"AutoAdminLogon"=0   
"DefaultUserName"=MicrosoftAccount\nathalie.et.noemie@outlook.com   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=userinit.exe   
"Shell"=explorer.exe   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"DefaultDomainName"=   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultUserName"=   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.ItemTypeText;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.ItemTypeText;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\Firefox-F2BF4392835E8194\Shell\open\Command]
""="D:\Applications installées\Firefox Nightly\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\Firefox-F2BF4392835E8194\InstallInfo]
"ReinstallCommand"="D:\Applications installées\Firefox Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [26/07/2012 01:18:22]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command]
""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"   
[HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-F2BF4392835E8194\Shell\open\Command]
""="D:\Applications installées\Firefox Nightly\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-F2BF4392835E8194\InstallInfo]
"ReinstallCommand"="D:\Applications installées\Firefox Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [26/07/2012 01:18:22]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command]
""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser


---------- | AppcompatFlags

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\NathalieLynnloTorres\Downloads\MicrosoftEdgeSetup.exe"=0x534143500100000000000000070000002800000008431C007A691C00010000000000000000000206002100002EF6C8A3A56ACD01000000800000000002000000280000000000000000000000000000000000000000000000000000002F5F0300000000000100000001000000
"C:\Users\NathalieLynnloTorres\Downloads\pw12-free.exe"=0x5341435001000000000000000700000028000000907D3E0067593F00010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001FC31100000000000100000001000000
"C:\Users\NathalieLynnloTorres\Downloads\ssusetupg_systweak-default.exe"=0x5341435001000000000000000700000028000000E0DB6000ED0D6100010000000000000000000206002100002EF6C8A3A56ACD01000000800000000002000000280000000000000000000000000000000000000000000000000000000D780D00000000000100000001000000
"C:\Users\NathalieLynnloTorres\Downloads\NDP461-KB3102438-Web.exe"=0x5341435001000000000000000700000028000000C8BB15004C531600010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000807C0900000000000100000001000000
"C:\Users\NathalieLynnloTorres\Downloads\winrar-x64-580.exe"=0x5341435001000000000000000700000028000000A80C3100F1B8310001000000000000000000020600210000647CA60EA56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000A5650000000000000100000001000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D808240027A0240001000000000000000000020600210000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000602E0500000000000100000001000000
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x5341435001000000000000000700000028000000880B2800DBD9280001000000000000000000020600210000647CA60EA56ACD010000000000000000
"SIGN.MEDIA=9697CF0 Program Files\UVK - Ultra Virus Killer\UVK_en64.exe"=0x534143500100000000000000070000002800000038542F00A6AF2F0001000000000000000000020600210000647CA60EA56ACD010000000000000000
"C:\Users\kevin josiane sandra\Downloads\spsetup132.exe"=0x5341435001000000000000000700000028000000E01E69006B746900010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000E0DD1300000000000100000001000000
"C:\Users\kevin josiane sandra\Downloads\GPU-Z_ASUS_ROG_2.30.0.exe"=0x534143500100000000000000070000002800000090CE6D006E566E00010000000000000000000206712200002EF6C8A3A56ACD010000000000000000
"C:\Users\NathalieLynnloTorres\Downloads\firefox-77.0a1.fr.win64.installer.exe"=0x5341435001000000000000000700000028000000E8BA3B0381803C03010000000000000000000206002100002EF6C8A3A56ACD010000000000000000
"D:\Applications installées\Firefox Nightly\firefox.exe"=0x5341435001000000000000000700000028000000C8E40800CE33090001000000000000000000020600210000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000BE180000000000000100000001000000
"D:\Applications téléchargées\BootUsb.exe"=0x5341435001000000000000000700000028000000680F1D00BFB31D00010000000000000000000106710200002EF6C8A3A56ACD010000000000000000

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"D:\Applications installées\Firefox Nightly\firefox.exe"=0x5341435001000000000000000700000028000000C8E40800CE33090001000000000000000000020600210000647CA60EA56ACD010000000000000000

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"D:\Applications installées\Firefox Nightly\firefox.exe"=0x5341435001000000000000000700000028000000C8E40800CE33090001000000000000000000020600210000647CA60EA56ACD010000000000000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D808240027A0240001000000000000000000020600210000647CA60EA56ACD010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=129877610663917518
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=1
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"ProductType"=2
"ProductStatus"=0
"TrustedImageIdentifier"=P004N3-B2V
"InstallTime"=0x58DEA514E010D601
"DisableAntiVirus"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

---------- | @

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions"=yes
"Start Page"=http://www.bing.com/?pc=COS2&ptag=D041220-A3998C5640B2E4C5CB5F&form=CONMHP&conlogo=CT3332011
"Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"OperationalData"=1
"CompatibilityFlags"=0
"IE10TourNoShow"=1
"FullScreen"=no
"IconCache"=gv3wkg8
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3E0000003E000000EE040000E1020000
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xFFB03380E810D601

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=https://account.microsoft.com/
"url2"=https://dl.paragon-software.com/demo/Paragon-1081-FRU_WinInstallDemo_x64_17.9.1_000.exe
"url3"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"ZonesSecurityUpgrade"=0xD99F1DE9E410D601
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=160
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"GlobalUserOffline"=0

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Internet Explorer\Main]
"Start Page"=http://g.uk.msn.com/CQDSK13/3
"First Home Page"=http://g.uk.msn.com/CQDSK13/3
"Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"OperationalData"=1

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0x09DD52044112D601
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=160
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Internet Explorer\Main]
"Start Page"=http://g.uk.msn.com/CQDSK13/3
"First Home Page"=http://g.uk.msn.com/CQDSK13/3
"Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3
"Enable Browser Extensions"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"OperationalData"=1

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0x62B880364312D601
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=160
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://g.uk.msn.com/CQDSK13/3
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"OfflineInformation"=res://ieframe.dll/offcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://g.uk.msn.com/CQDSK13/3
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://g.uk.msn.com/CQDSK13/3
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"OfflineInformation"=res://ieframe.dll/offcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"EnablePunycode"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts
















---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded] - {4433A54A-1AC8-432F-90FC-85F045CF383C} --  C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\buShell.dll   [13/04/2020 16:50:23]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending] - {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} --  C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\buShell.dll   [13/04/2020 16:50:23]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected] - {476D0EA3-80F9-48B5-B70B-05E677C9C148} --  C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\buShell.dll   [13/04/2020 16:50:23]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [26/07/2012 03:03:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded] - {4433A54A-1AC8-432F-90FC-85F045CF383C} --  C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\buShell.dll   [13/04/2020 16:50:21]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending] - {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} --  C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\buShell.dll   [13/04/2020 16:50:21]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected] - {476D0EA3-80F9-48B5-B70B-05E677C9C148} --  C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\buShell.dll   [13/04/2020 16:50:21]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=0xE3EFEB7F196B494398D2FFB09D4B49CA0064070000   
"ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000000700005E010000060000004901000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E3EFEB7F196B494398D2FFB09D4B49CA0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=0   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"KnownProvidersUpgradeTime"=0x2F615183E810D601   
"Version"=3   
"UpgradeTime"=0x7CD50D84E810D601   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=Norton Toolbar   
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=Norton Toolbar   
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) -       []

---------- | SearchScopes

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?pc=COS2&ptag=D041220-N0550A3998C5640B2E4C5CB5F&form=CONBDF&conlogo=CT3332011&q={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}] - (Ask.com) - http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}] - (Ask.com) - http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}] - (Ask.com) - http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}] - (Ask.com) - http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPDTDFJS : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}] - (Ask.com) - http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{5BD8BA7A-83E9-4F8F-B045-4ACBBE3EDF7D}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}] - (Yahoo) - http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 

---------- | ElevationPolicy

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\4DDD5300-D063-473A-9D82-96B009619DA5] - (C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources) - HPSALauncher.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] - (C:\Program Files\Internet Explorer) - iexplore.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] - (C:\Windows\System32) - winfxdocobj.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}] - (C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63) - symerr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_32.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b71395d-ff8a-4ebc-bca3-abbb32790bec}] - (%SystemRoot%\system32\IME\IMESC\) - IMSCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}] - (C:\Program Files (x86)\Google\GoogleToolbarNotifier) - GoogleToolbarNotifier.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\4DDD5300-D063-473A-9D82-96B009619DA5] - (C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources) - HPSALauncher.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}] - (C:\Program Files (x86)\Internet Explorer) - iexplore.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files (x86)\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}] - (C:\Windows\SysWOW64) - winfxdocobj.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}] - (C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63) - symerr.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\SysWOW64) - msdt.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380689D0-AFAA-47E6-B80E-A33436FE314B}] - (C:\Program Files (x86)\Windows Live\Contacts\) - wlcomm.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5b71395d-ff8a-4ebc-bca3-abbb32790bec}] - (%SystemRoot%\system32\IME\IMESC\) - IMSCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}] - (C:\Program Files (x86)\Google\GoogleToolbarNotifier) - GoogleToolbarNotifier.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9019d14b-638d-4383-bb95-441b7f57eafb}] - (C:\Program Files (x86)\Windows Live\Installer\) - wlstartup.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] :  : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] :  : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

---------- | Ext\Stats

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] :  : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] :  : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] :  : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] -> (Norton Password Manager) : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll  [13/04/2020 16:50:45]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll  [14/04/2020 10:35:58]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] -> (Norton Password Manager) : C:\Program Files (x86)\Norton Internet Security\Engine32\22.19.9.63\coIEPlg.dll  [13/04/2020 16:50:45]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] -> (Norton Vulnerability Protection) : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL  
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> (Google Toolbar Helper) : C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll  [14/04/2020 10:35:58]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll  [09/07/2012 19:46:12]

---------- | Chrome


[HKLM\Software\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk]

---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (WildTangent Games App V2 Presence Detector Plugin) : C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll


C:\Users\bosch pinnacle romai\AppData\Roaming\Mozilla\Firefox\Profiles\mkc3rnec.default-nightly\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20200413225327");
user_pref("browser.startup.homepage_override.mstone", "77.0a1");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", 0);
user_pref("extensions.databaseSchema", 32);
user_pref("extensions.getAddons.cache.lastUpdate", 1586859401);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppVersion", "77.0a1");
user_pref("extensions.lastPlatformVersion", "77.0a1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"d810e7eb-d8a4-4270-934c-fd11d75f18dd\",\"formautofill@mozilla.org\":\"2731210a-149c-4549-a1df-f0c73dec67b7\",\"screenshots@mozilla.org\":\"51348600-8c52-4f3b-a923-7c65f6dd0087\",\"webcompat-reporter@mozilla.org\":\"6b160410-f2a5-46f2-99a8-6dee8ec8c189\",\"webcompat@mozilla.org\":\"b130a58e-436d-4574-b6b3-fd182ccafa71\",\"default-theme@mozilla.org\":\"09079923-57e7-47fe-8331-adb221bb9b79\",\"google@search.mozilla.org\":\"2e3370a9-f9ca-4990-934a-6a983efff316\",\"amazon@search.mozilla.org\":\"356eabc3-f676-4737-a7f3-f6431a2c192d\",\"ddg@search.mozilla.org\":\"a7a3c195-37c2-44c5-bb62-f961e7927864\",\"ebay@search.mozilla.org\":\"2f760fb4-eff0-4ca0-bcbf-38fca05389c5\",\"wikipedia@search.mozilla.org\":\"57532c06-2d46-4adc-a689-dac4589a3441\",\"bing@search.mozilla.org\":\"b33ef178-3b40-4e7d-bbf5-8622dd3f5dc3\",\"qwant@search.mozilla.org\":\"41be3197-3ea9-4d4b-a8ba-48335d58175e\"}");

C:\Users\kone thyssenkrupp sc\AppData\Roaming\Mozilla\Firefox\Profiles\7v5jr78m.default-nightly\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20200413225327");
user_pref("browser.startup.homepage_override.mstone", "77.0a1");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", 0);
user_pref("extensions.databaseSchema", 32);
user_pref("extensions.getAddons.cache.lastUpdate", 1586858097);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppVersion", "77.0a1");
user_pref("extensions.lastPlatformVersion", "77.0a1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"d7a2a5e8-fda2-47dd-b5f1-9dd8fe47a581\",\"formautofill@mozilla.org\":\"f0a5adc9-66cf-4992-a51a-752b3bd02587\",\"screenshots@mozilla.org\":\"dc53d27e-9da1-472b-aedd-1f9daf83918b\",\"webcompat-reporter@mozilla.org\":\"c8893c15-b80a-49d7-adbb-14329f74a5ba\",\"webcompat@mozilla.org\":\"826a363d-3b47-4442-b6a2-3d44ee90af04\",\"default-theme@mozilla.org\":\"bbe58778-1f31-4dbb-b835-54fff75a0b93\",\"google@search.mozilla.org\":\"507cd3de-2468-4933-9d57-60522ccedc84\",\"amazon@search.mozilla.org\":\"1d7443fb-b78f-4406-9156-7c5a661f541e\",\"ddg@search.mozilla.org\":\"834146e7-246f-4061-a926-efe63df0e3f9\",\"ebay@search.mozilla.org\":\"d125b6f2-d1c6-47a5-af67-747583f2e133\",\"wikipedia@search.mozilla.org\":\"841928df-12a2-464e-8e70-c5537d76ff34\",\"bing@search.mozilla.org\":\"d885bb3a-ade6-4d95-b339-d3d7e67c9eae\",\"qwant@search.mozilla.org\":\"296f0300-b8d8-4f90-bdd7-d5dff3945d7c\"}");

C:\Users\NathalieLynnloTorres\AppData\Roaming\Mozilla\Firefox\Profiles\vwnips6f.default-nightly\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20200413225327");
user_pref("browser.startup.homepage_override.mstone", "77.0a1");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", 0);
user_pref("extensions.databaseSchema", 32);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppBuildId", "20200413225327");
user_pref("extensions.lastAppVersion", "77.0a1");
user_pref("extensions.lastPlatformVersion", "77.0a1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"b191c2a7-1eab-47c8-8f34-0f776488a12d\",\"formautofill@mozilla.org\":\"a4f810e1-de65-445c-9c1c-6fe1a2a5ad29\",\"screenshots@mozilla.org\":\"112ecb0b-8441-4d9d-82da-ed777a1317d8\",\"webcompat-reporter@mozilla.org\":\"824f9d25-661b-4d1c-b625-da8ebd51a44f\",\"webcompat@mozilla.org\":\"354818a0-aad7-4d6b-a992-da542a5b7f7f\",\"default-theme@mozilla.org\":\"6695a3a0-fb75-4df5-9f5b-e47801289187\",\"google@search.mozilla.org\":\"38aa86ef-a80f-4a38-b876-c167023c9258\",\"amazon@search.mozilla.org\":\"7e4b38c8-a267-42ad-9def-220d4a35b8c0\",\"ddg@search.mozilla.org\":\"e1d1ef06-ef20-4935-9137-7c936dad2f29\",\"ebay@search.mozilla.org\":\"366eee0a-0a4e-4f91-bf19-ae25041a1917\",\"wikipedia@search.mozilla.org\":\"95bfab40-bb81-4047-b046-59aafb5be672\",\"bing@search.mozilla.org\":\"9790369a-78f8-44d8-aa92-b789ba981b28\",\"qwant@search.mozilla.org\":\"d19fcec5-620d-4208-901c-ba28f56d1065\"}");


[Profile0] - Name=default-nightly -> Profiles/mkc3rnec.default-nightly

[Profile0] - Name=default-nightly -> Profiles/7v5jr78m.default-nightly

[Profile0] - Name=default-nightly -> Profiles/vwnips6f.default-nightly

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{B389AB24-C362-4FAB-B29C-601C91B5A911}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{B389AB24-C362-4FAB-B29C-601C91B5A911}]
"DhcpNameServer"=192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - () - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - (Microsoft Edge) - -> "C:\Program Files (x86)\Microsoft\Edge\Application\81.0.416.53\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{30500C7C-2206-3DC6-9792-96E95A04669D}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "D:\Applications installées\Firefox Nightly\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "D:\Applications installées\Firefox Nightly\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: hpqwmiex - AppID: {0018752E-7735-4B30-9DA9-4A01F024F270}
Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: WinStore OM - AppID: {03e64e17-b220-4052-9b9b-155f9cb8e016}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323}
Name: SwapAPODll - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: IIS W3 Control - AppID: {119817C9-666D-4053-AEDA-627D0E25CCEF}
Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B}
Name: GamesAppService - AppID: {394447FA-A1B8-4E2D-8677-3441FD66C004}
Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: RadioManagement Lib Class - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: NavShExt - AppID: {50FBD810-BC18-42A9-B2D4-0E8352AA8CA5}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: Bonjour - AppID: {56608F9C-223B-4CB6-813D-85EDCCADFB4B}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: WT - AppID: {568C34F6-73E1-4F3E-ADAE-FF34A076294C}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: %SystemRoot%\System32\wsclient.dll - AppID: {5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}
Name: WLXMP4ParserThumbnailProvider - AppID: {5D6E8BC8-01F3-41CC-BF7D-D7EEF436896E}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: gusvc - AppID: {61E28BF8-C02B-499F-8E7A-34C1E4A1C649}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: IIS CertObj - AppID: {62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: CLMLSvc_P2G8 - AppID: {64260897-BFB4-451c-A60E-89377BAC66D3}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Sensors CPL Change Device Permission LUA Helper - AppID: {6CE51F75-0448-438e-B9CA-69C352A248A7}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Windows SideShow AutoWake Configuration Helper - AppID: {71B804C5-5577-471D-8FE5-C4A45B654EB8}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: Dispatch - AppID: {7D7B609B-D089-4687-9606-264A9AA2FBB2}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: hputils - AppID: {8195693E-0C55-4BE2-A2DB-32376ABC24C4}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: SymDgnHc - AppID: {8933BDBF-DADC-44c3-BA6D-F944EBF16362}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
Name: protector_dll - AppID: {96FBC13C-8214-4100-88E0-FF74D7A1CB4D}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: ahadmin - AppID: {9fa5c497-f46d-447f-8011-05d03d7d7ddc}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: ServiceModule - AppID: {A6B716CB-028B-404D-B72C-50E153DD68DA}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: ProtectorExe - AppID: {A97CA128-6998-4F8E-807E-8ED05FADAFB0}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: Windows Live Social Object Extractor Engine - AppID: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: Dispatch - AppID: {B1463312-25D9-4de4-96DC-FE9213084065}
Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: WinStore OM - AppID: {B3823009-106A-4898-8C5A-F28A7CA83ED6}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83}
Name: LockScreen Application Notification Broker - AppID: {C89FC3EF-A0DC-4feb-BFBC-F13A9C334D4F}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: ServiceModule - AppID: {CECDDD22-2E72-4832-9606-A9B0E5E344B2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Windows SideShow Device Configuration Helper - AppID: {D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: iisctl - AppID: {E8FB8615-588F-11D2-9D61-00C04F79C5FE}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: Windows SideShow PropertyPage Host - AppID: {F056D291-A2AB-45f7-8EE4-40454493B351}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: WinStore OM - AppID: {fc470800-12e0-4da3-81f3-e67240d19093}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{119817C9-666D-4053-AEDA-627D0E25CCEF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{119817C9-666D-4053-AEDA-627D0E25CCEF}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{62B8CCBE-5A45-4372-8C4A-6A87DD3EDD60}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7D7B609B-D089-4687-9606-264A9AA2FBB2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7D7B609B-D089-4687-9606-264A9AA2FBB2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8933BDBF-DADC-44c3-BA6D-F944EBF16362}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B1463312-25D9-4de4-96DC-FE9213084065}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B1463312-25D9-4de4-96DC-FE9213084065}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
DcomLaunch
"regsvc"=RemoteRegistry
"iissvcs"=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DeviceInstall
DcomLaunch
"iissvcs"=w3svc
was


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\AppDataLow]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\ATI]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\CyberLink]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Google]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Lavasoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Mine]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\MiniTool Software Limited]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Mozilla]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Norton]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Piriform]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Policies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Systweak]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\techPowerUp]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\vch]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\WinRAR]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Wow6432Node]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\AppDataLow\Software\Norton]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\.NETFramework]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\ActiveMovie]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Command Processor]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Edge]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\EdgeUpdate]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Fusion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\IdentityCRL]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Ieak]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\IME]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\InputPersonalization]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Keyboard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Spelling]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\TabletTip]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\TelemetryClient]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows Mail Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows Media]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows Script]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows Script Host]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\AppDataLow]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\ATI]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\CyberLink]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Hewlett-Packard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Mine]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\MiniTool Software Limited]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Mozilla]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Policies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\RegisteredApplications]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Wow6432Node]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Command Processor]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Edge]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Fusion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\IdentityCRL]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Ieak]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Keyboard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows Mail Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows Media]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1005\Software\Microsoft\Windows NT\CurrentVersion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\AppDataLow]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\ATI]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\CyberLink]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Hewlett-Packard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Mine]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\MiniTool Software Limited]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Mozilla]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Norton]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Policies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\RegisteredApplications]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\WinRAR]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Wow6432Node]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Command Processor]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Edge]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\EdgeUpdate]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Fusion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\IdentityCRL]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Ieak]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Keyboard]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows Mail Setup]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows Media]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2775032808-3154049738-94599714-1007\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AMD]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Avast Software]
[HKLM\Software\Clients]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\MiniTool Software Limited]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Symantec]
[HKLM\Software\Systweak]
[HKLM\Software\UVK - Ultra virus killer]
[HKLM\Software\UVK - Ultra virus killer backups]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\SOFTWARE\Microsoft\.NETFramework]
[HKLM\SOFTWARE\Microsoft\Active Setup]
[HKLM\SOFTWARE\Microsoft\ADs]
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup]
[HKLM\SOFTWARE\Microsoft\ALG]
[HKLM\SOFTWARE\Microsoft\AllUserInstallAgent]
[HKLM\SOFTWARE\Microsoft\ASP.NET]
[HKLM\SOFTWARE\Microsoft\Assistance]
[HKLM\SOFTWARE\Microsoft\AuthHost]
[HKLM\SOFTWARE\Microsoft\BidInterface]
[HKLM\SOFTWARE\Microsoft\Chkdsk]
[HKLM\SOFTWARE\Microsoft\COM3]
[HKLM\SOFTWARE\Microsoft\Command Processor]
[HKLM\SOFTWARE\Microsoft\Cryptography]
[HKLM\SOFTWARE\Microsoft\CTF]
[HKLM\SOFTWARE\Microsoft\DataAccess]
[HKLM\SOFTWARE\Microsoft\DevDiv]
[HKLM\SOFTWARE\Microsoft\Device Association Framework]
[HKLM\SOFTWARE\Microsoft\Dfrg]
[HKLM\SOFTWARE\Microsoft\DFS]
[HKLM\SOFTWARE\Microsoft\DirectDraw]
[HKLM\SOFTWARE\Microsoft\DirectInput]
[HKLM\SOFTWARE\Microsoft\DirectMusic]
[HKLM\SOFTWARE\Microsoft\DirectPlay8]
[HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp]
[HKLM\SOFTWARE\Microsoft\DirectShow]
[HKLM\SOFTWARE\Microsoft\DirectX]
[HKLM\SOFTWARE\Microsoft\Driver Signing]
[HKLM\SOFTWARE\Microsoft\DRM]
[HKLM\SOFTWARE\Microsoft\DVR]
[HKLM\SOFTWARE\Microsoft\DXP]
[HKLM\SOFTWARE\Microsoft\EAPSIMMethods]
[HKLM\SOFTWARE\Microsoft\EnterpriseCertificates]
[HKLM\SOFTWARE\Microsoft\EventSystem]
[HKLM\SOFTWARE\Microsoft\Fax]
[HKLM\SOFTWARE\Microsoft\FaxServer]
[HKLM\SOFTWARE\Microsoft\Feeds]
[HKLM\SOFTWARE\Microsoft\FTH]
[HKLM\SOFTWARE\Microsoft\Function Discovery]
[HKLM\SOFTWARE\Microsoft\Fusion]
[HKLM\SOFTWARE\Microsoft\HTMLHelp]
[HKLM\SOFTWARE\Microsoft\IdentityCRL]
[HKLM\SOFTWARE\Microsoft\IdentityStore]
[HKLM\SOFTWARE\Microsoft\IMAPI]
[HKLM\SOFTWARE\Microsoft\IME]
[HKLM\SOFTWARE\Microsoft\IMEJP]
[HKLM\SOFTWARE\Microsoft\IMEKR]
[HKLM\SOFTWARE\Microsoft\IMETC]
[HKLM\SOFTWARE\Microsoft\Immersive Browser]
[HKLM\SOFTWARE\Microsoft\InetStp]
[HKLM\SOFTWARE\Microsoft\Internet Account Manager]
[HKLM\SOFTWARE\Microsoft\Internet Domains]
[HKLM\SOFTWARE\Microsoft\Internet Explorer]
[HKLM\SOFTWARE\Microsoft\IsoBurn]
[HKLM\SOFTWARE\Microsoft\LPKSetup]
[HKLM\SOFTWARE\Microsoft\MediaPlayer]
[HKLM\SOFTWARE\Microsoft\MemoryDiagnostic]
[HKLM\SOFTWARE\Microsoft\MessengerService]
[HKLM\SOFTWARE\Microsoft\MigWiz]
[HKLM\SOFTWARE\Microsoft\MMC]
[HKLM\SOFTWARE\Microsoft\Mobile]
[HKLM\SOFTWARE\Microsoft\MSBuild]
[HKLM\SOFTWARE\Microsoft\MSDE]
[HKLM\SOFTWARE\Microsoft\MSDRM]
[HKLM\SOFTWARE\Microsoft\MSDTC]
[HKLM\SOFTWARE\Microsoft\MSF]
[HKLM\SOFTWARE\Microsoft\MSLicensing]
[HKLM\SOFTWARE\Microsoft\MSMQ]
[HKLM\SOFTWARE\Microsoft\MSN Apps]
[HKLM\SOFTWARE\Microsoft\Multimedia]
[HKLM\SOFTWARE\Microsoft\NapServer]
[HKLM\SOFTWARE\Microsoft\NET Framework Setup]
[HKLM\SOFTWARE\Microsoft\NetSh]
[HKLM\SOFTWARE\Microsoft\Network]
[HKLM\SOFTWARE\Microsoft\NetworkAccessProtection]
[HKLM\SOFTWARE\Microsoft\Non-Driver Signing]
[HKLM\SOFTWARE\Microsoft\Notepad]
[HKLM\SOFTWARE\Microsoft\ODBC]
[HKLM\SOFTWARE\Microsoft\Office]
[HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform]
[HKLM\SOFTWARE\Microsoft\Ole]
[HKLM\SOFTWARE\Microsoft\OnlineProviders]
[HKLM\SOFTWARE\Microsoft\Outlook Express]
[HKLM\SOFTWARE\Microsoft\PCHealth]
[HKLM\SOFTWARE\Microsoft\PLA]
[HKLM\SOFTWARE\Microsoft\PowerShell]
[HKLM\SOFTWARE\Microsoft\Print]
[HKLM\SOFTWARE\Microsoft\RADAR]
[HKLM\SOFTWARE\Microsoft\Ras]
[HKLM\SOFTWARE\Microsoft\Reliability Analysis]
[HKLM\SOFTWARE\Microsoft\RemovalTools]
[HKLM\SOFTWARE\Microsoft\RendezvousApps]
[HKLM\SOFTWARE\Microsoft\Router]
[HKLM\SOFTWARE\Microsoft\Rpc]
[HKLM\SOFTWARE\Microsoft\SchedulingAgent]
[HKLM\SOFTWARE\Microsoft\Security Center]
[HKLM\SOFTWARE\Microsoft\Sensors]
[HKLM\SOFTWARE\Microsoft\Shared Tools]
[HKLM\SOFTWARE\Microsoft\Shared Tools Location]
[HKLM\SOFTWARE\Microsoft\SideShow]
[HKLM\SOFTWARE\Microsoft\Software]
[HKLM\SOFTWARE\Microsoft\Speech]
[HKLM\SOFTWARE\Microsoft\SQMClient]
[HKLM\SOFTWARE\Microsoft\Sync Framework]
[HKLM\SOFTWARE\Microsoft\Sysprep]
[HKLM\SOFTWARE\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Microsoft\TableTextService]
[HKLM\SOFTWARE\Microsoft\TabletTip]
[HKLM\SOFTWARE\Microsoft\Tcpip]
[HKLM\SOFTWARE\Microsoft\TelemetryClient]
[HKLM\SOFTWARE\Microsoft\Terminal Server Client]
[HKLM\SOFTWARE\Microsoft\TermServLicensing]
[HKLM\SOFTWARE\Microsoft\TMM]
[HKLM\SOFTWARE\Microsoft\TouchPrediction]
[HKLM\SOFTWARE\Microsoft\TPG]
[HKLM\SOFTWARE\Microsoft\Tpm]
[HKLM\SOFTWARE\Microsoft\Tracing]
[HKLM\SOFTWARE\Microsoft\Transaction Server]
[HKLM\SOFTWARE\Microsoft\TV System Services]
[HKLM\SOFTWARE\Microsoft\uDRM]
[HKLM\SOFTWARE\Microsoft\UPnP Device Host]
[HKLM\SOFTWARE\Microsoft\Virtual Machine]
[HKLM\SOFTWARE\Microsoft\WAB]
[HKLM\SOFTWARE\Microsoft\Wbem]
[HKLM\SOFTWARE\Microsoft\WcmSvc]
[HKLM\SOFTWARE\Microsoft\WIMMount]
[HKLM\SOFTWARE\Microsoft\Windows]
[HKLM\SOFTWARE\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Microsoft\Windows Desktop Search]
[HKLM\SOFTWARE\Microsoft\Windows Live]
[HKLM\SOFTWARE\Microsoft\Windows Mail]
[HKLM\SOFTWARE\Microsoft\Windows Media Device Manager]
[HKLM\SOFTWARE\Microsoft\Windows Media Foundation]
[HKLM\SOFTWARE\Microsoft\Windows Media Player NSS]
[HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem]
[HKLM\SOFTWARE\Microsoft\Windows NT]
[HKLM\SOFTWARE\Microsoft\Windows Photo Viewer]
[HKLM\SOFTWARE\Microsoft\Windows Portable Devices]
[HKLM\SOFTWARE\Microsoft\Windows Script Host]
[HKLM\SOFTWARE\Microsoft\Windows Search]
[HKLM\SOFTWARE\Microsoft\WindowsRuntime]
[HKLM\SOFTWARE\Microsoft\Wisp]
[HKLM\SOFTWARE\Microsoft\WlanSvc]
[HKLM\SOFTWARE\Microsoft\WSDAPI]
[HKLM\SOFTWARE\Microsoft\WwanSvc]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Avast Software]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hewlett-Packard]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Lavasoft]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MiniTool ShadowMaker]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Norton]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Symantec]
[HKLM\Software\WOW6432Node\Systweak]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\.NETFramework]
[HKLM\Software\WOW6432Node\Microsoft\Active Setup]
[HKLM\Software\WOW6432Node\Microsoft\ADs]
[HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup]
[HKLM\Software\WOW6432Node\Microsoft\ASP.NET]
[HKLM\Software\WOW6432Node\Microsoft\Assistance]
[HKLM\Software\WOW6432Node\Microsoft\AuthHost]
[HKLM\Software\WOW6432Node\Microsoft\BidInterface]
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
[HKLM\Software\WOW6432Node\Microsoft\Cryptography]
[HKLM\Software\WOW6432Node\Microsoft\CTF]
[HKLM\Software\WOW6432Node\Microsoft\DataAccess]
[HKLM\Software\WOW6432Node\Microsoft\DevDiv]
[HKLM\Software\WOW6432Node\Microsoft\Device Association Framework]
[HKLM\Software\WOW6432Node\Microsoft\Direct3D]
[HKLM\Software\WOW6432Node\Microsoft\DirectDraw]
[HKLM\Software\WOW6432Node\Microsoft\DirectInput]
[HKLM\Software\WOW6432Node\Microsoft\DirectMusic]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay8]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp]
[HKLM\Software\WOW6432Node\Microsoft\DirectShow]
[HKLM\Software\WOW6432Node\Microsoft\DirectX]
[HKLM\Software\WOW6432Node\Microsoft\DRM]
[HKLM\Software\WOW6432Node\Microsoft\DVR]
[HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods]
[HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate]
[HKLM\Software\WOW6432Node\Microsoft\Exchange]
[HKLM\Software\WOW6432Node\Microsoft\Fax]
[HKLM\Software\WOW6432Node\Microsoft\Feeds]
[HKLM\Software\WOW6432Node\Microsoft\Function Discovery]
[HKLM\Software\WOW6432Node\Microsoft\Fusion]
[HKLM\Software\WOW6432Node\Microsoft\HTMLHelp]
[HKLM\Software\WOW6432Node\Microsoft\IdentityCRL]
[HKLM\Software\WOW6432Node\Microsoft\IdentityStore]
[HKLM\Software\WOW6432Node\Microsoft\IMAPI]
[HKLM\Software\WOW6432Node\Microsoft\IME]
[HKLM\Software\WOW6432Node\Microsoft\IMEJP]
[HKLM\Software\WOW6432Node\Microsoft\IMEKR]
[HKLM\Software\WOW6432Node\Microsoft\IMETC]
[HKLM\Software\WOW6432Node\Microsoft\Immersive Browser]
[HKLM\Software\WOW6432Node\Microsoft\InetStp]
[HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager]
[HKLM\Software\WOW6432Node\Microsoft\Internet Domains]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer]
[HKLM\Software\WOW6432Node\Microsoft\IsoBurn]
[HKLM\Software\WOW6432Node\Microsoft\Jet]
[HKLM\Software\WOW6432Node\Microsoft\MediaPlayer]
[HKLM\Software\WOW6432Node\Microsoft\MessengerService]
[HKLM\Software\WOW6432Node\Microsoft\Microsoft SQL Server Compact Edition]
[HKLM\Software\WOW6432Node\Microsoft\Migwiz]
[HKLM\Software\WOW6432Node\Microsoft\MMC]
[HKLM\Software\WOW6432Node\Microsoft\MSBuild]
[HKLM\Software\WOW6432Node\Microsoft\MSDE]
[HKLM\Software\WOW6432Node\Microsoft\MSDRM]
[HKLM\Software\WOW6432Node\Microsoft\MSDTC]
[HKLM\Software\WOW6432Node\Microsoft\MSF]
[HKLM\Software\WOW6432Node\Microsoft\MSLicensing]
[HKLM\Software\WOW6432Node\Microsoft\MSN Apps]
[HKLM\Software\WOW6432Node\Microsoft\Multimedia]
[HKLM\Software\WOW6432Node\Microsoft\NapServer]
[HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup]
[HKLM\Software\WOW6432Node\Microsoft\netsh]
[HKLM\Software\WOW6432Node\Microsoft\Network]
[HKLM\Software\WOW6432Node\Microsoft\NetworkAccessProtection]
[HKLM\Software\WOW6432Node\Microsoft\Notepad]
[HKLM\Software\WOW6432Node\Microsoft\ODBC]
[HKLM\Software\WOW6432Node\Microsoft\Office]
[HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform]
[HKLM\Software\WOW6432Node\Microsoft\OnlineProviders]
[HKLM\Software\WOW6432Node\Microsoft\Outlook Express]
[HKLM\Software\WOW6432Node\Microsoft\PCHealth]
[HKLM\Software\WOW6432Node\Microsoft\PLA]
[HKLM\Software\WOW6432Node\Microsoft\PowerShell]
[HKLM\Software\WOW6432Node\Microsoft\Print]
[HKLM\Software\WOW6432Node\Microsoft\RADAR]
[HKLM\Software\WOW6432Node\Microsoft\Reliability Analysis]
[HKLM\Software\WOW6432Node\Microsoft\RendezvousApps]
[HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent]
[HKLM\Software\WOW6432Node\Microsoft\Security Center]
[HKLM\Software\WOW6432Node\Microsoft\Sensors]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location]
[HKLM\Software\WOW6432Node\Microsoft\SideShow]
[HKLM\Software\WOW6432Node\Microsoft\Software]
[HKLM\Software\WOW6432Node\Microsoft\Speech]
[HKLM\Software\WOW6432Node\Microsoft\SQMClient]
[HKLM\Software\WOW6432Node\Microsoft\StrongName]
[HKLM\Software\WOW6432Node\Microsoft\Sync Framework]
[HKLM\Software\WOW6432Node\Microsoft\TableTextService]
[HKLM\Software\WOW6432Node\Microsoft\TabletTip]
[HKLM\Software\WOW6432Node\Microsoft\Tcpip]
[HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client]
[HKLM\Software\WOW6432Node\Microsoft\TouchPrediction]
[HKLM\Software\WOW6432Node\Microsoft\TPG]
[HKLM\Software\WOW6432Node\Microsoft\Tpm]
[HKLM\Software\WOW6432Node\Microsoft\Tracing]
[HKLM\Software\WOW6432Node\Microsoft\TV System Services]
[HKLM\Software\WOW6432Node\Microsoft\uDRM]
[HKLM\Software\WOW6432Node\Microsoft\Updates]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host]
[HKLM\Software\WOW6432Node\Microsoft\VisualStudio]
[HKLM\Software\WOW6432Node\Microsoft\WAB]
[HKLM\Software\WOW6432Node\Microsoft\WBEM]
[HKLM\Software\WOW6432Node\Microsoft\WIMMount]
[HKLM\Software\WOW6432Node\Microsoft\Windows]
[HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows Live]
[HKLM\Software\WOW6432Node\Microsoft\Windows Mail]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS]
[HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT]
[HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer]
[HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices]
[HKLM\Software\WOW6432Node\Microsoft\Windows Script Host]
[HKLM\Software\WOW6432Node\Microsoft\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime]
[HKLM\Software\WOW6432Node\Microsoft\Wisp]
[HKLM\Software\WOW6432Node\Microsoft\WlanSvc]
[HKLM\Software\WOW6432Node\Microsoft\WSDAPI]
[HKLM\Software\WOW6432Node\Microsoft\COM3]
[HKLM\Software\WOW6432Node\Microsoft\DFS]
[HKLM\Software\WOW6432Node\Microsoft\Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates]
[HKLM\Software\WOW6432Node\Microsoft\EventSystem]
[HKLM\Software\WOW6432Node\Microsoft\MSMQ]
[HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\Ole]
[HKLM\Software\WOW6432Node\Microsoft\Ras]
[HKLM\Software\WOW6432Node\Microsoft\Rpc]
[HKLM\Software\WOW6432Node\Microsoft\SystemCertificates]
[HKLM\Software\WOW6432Node\Microsoft\TermServLicensing]
[HKLM\Software\WOW6432Node\Microsoft\Transaction Server]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | FeatureControl

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"iexplore.exe"="1"
"*"="1"
"infopath.exe"="0"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"="8000"
"HelpPane.exe"="10000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"iexplore.exe"="1"
"SAPLOGON.exe"="0"
"SAPLgPad.exe"="0"
"explorer.exe"="1"
"SAPGuiIT.exe"="0"
"wmplayer.exe"="1"
"SAPfewgsrv.exe"="0"
"Scale_for_R3.exe"="0"
"SAPGUI.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"iexplore.exe"="1"
"ieuser.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"helppane.exe"="1"
"devenv.exe"="1"
"dexplore.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"sidebar.exe"="1"
"outlook.exe"="1"
"mshta.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"iexplore.exe"="0"
"explorer.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"prevhost.exe"="1"
"winmail.exe"="1"
"msimn.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
"HelpPane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"prevhost.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"prevhost.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"iexplore.exe"="1"
"*"="1"
"infopath.exe"="0"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"iexplore.exe"="1"
"SAPLOGON.exe"="0"
"SAPLgPad.exe"="0"
"explorer.exe"="1"
"SAPGuiIT.exe"="0"
"wmplayer.exe"="1"
"SAPfewgsrv.exe"="0"
"Scale_for_R3.exe"="0"
"SAPGUI.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"iexplore.exe"="1"
"ieuser.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"helppane.exe"="1"
"PresentationHost.exe"="0"
"devenv.exe"="1"
"dexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"sidebar.exe"="1"
"outlook.exe"="1"
"mshta.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"iexplore.exe"="0"
"explorer.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"winmail.exe"="1"
"prevhost.exe"="1"
"msimn.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [14/04/2020 10:33:05] - |D| - [32748706] - C:\Program Files (x86)\Google
[MD5.00000000000000000000000000000000] - [12/04/2020 18:53:47] - |D| - [33274060] - C:\Program Files (x86)\Lavasoft
[MD5.00000000000000000000000000000000] - [12/04/2020 18:39:36] - |D| - [639364291] - C:\Program Files (x86)\Microsoft
[MD5.00000000000000000000000000000000] - [14/04/2020 11:35:49] - |D| - [336821] - C:\Program Files (x86)\Mozilla Maintenance Service
[MD5.00000000000000000000000000000000] - [14/04/2020 09:50:42] - |D| - [18175869] - C:\Program Files (x86)\PC Cleaner
[MD5.00000000000000000000000000000000] - [14/04/2020 10:32:49] - |D| - [6556752] - C:\Program Files (x86)\Segurazo
[MD5.00000000000000000000000000000000] - [14/04/2020 09:47:13] - |D| - [6084309] - C:\Program Files (x86)\Smart Privacy Cleaner
[MD5.00000000000000000000000000000000] - [12/04/2020 18:47:20] - |D| - [13187380] - C:\Program Files (x86)\Systweak Software Updater
[MD5.00000000000000000000000000000000] - [14/04/2020 09:50:45] - |D| - [76596964] - C:\Program Files (x86)\UnHackMe
[MD5.00000000000000000000000000000000] - [14/04/2020 09:50:45] - |D| - [8263240] - C:\Program Files (x86)\WinThruster
[MD5.00000000000000000000000000000000] - [14/04/2020 11:40:58] - |D| - [132334] - C:\Windows\Minidump
[MD5.BB73BA0D27E8B6F92F97073585B1687D] - [12/04/2020 19:00:44] - |A| - [1635] - C:\Windows\PWCMDLST.BAK
[MD5.00000000000000000000000000000000] - [12/04/2020 18:09:14] - |D| - [1338295650] - C:\Windows\SoftwareDistribution
[MD5.2A15AF27258F4541F7A8D79647B3B108] - [12/04/2020 18:09:14] - |A| - [1716242] - C:\Windows\WindowsUpdate.log
[MD5.BE07AEB0F18AA12AC687E08887DB4808] - [14/04/2020 10:36:04] - |A| - [45056] - C:\Windows\Installer\545c67.msi
[MD5.72BF0B7142646F1CD0FA7C872DB106D6] - [14/04/2020 10:32:56] - |A| - [26112] - C:\Windows\Installer\545c6c.msi
[MD5.1766B021B0BAB4F82259974154C5A920] - [14/04/2020 10:39:36] - |A| - [40960] - C:\Windows\Installer\612cdf.msi
[MD5.ACE9250EA0048AD694090F4DCC8DC2A7] - [13/04/2020 18:30:27] - |A| - [135680] - C:\Windows\system32\appserverai.dll
[MD5.54E8F73F16B57B5025316AB78A552EF7] - [12/04/2020 19:05:53] - |A| - [30400] - C:\Windows\system32\aspnet_counters.dll
[MD5.F91F5ECC8EA77D7D268C43CB3BE8749B] - [12/04/2020 19:06:26] - |A| - [690016] - C:\Windows\system32\msvcp120_clr0400.dll
[MD5.23FA3A85E6AFB6E9B8277CB9D0C504D2] - [12/04/2020 19:06:26] - |A| - [993632] - C:\Windows\system32\msvcr120_clr0400.dll
[MD5.FD1AC96C5547D5A7AEE7071805A426B3] - [13/04/2020 18:30:28] - |A| - [148480] - C:\Windows\system32\poqexec.exe
[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - [12/04/2020 18:49:39] - |A| - [19152] - C:\Windows\system32\pwdrvio.sys
[MD5.D619356B955EEFA642F5FF72755E8B3C] - [12/04/2020 18:49:39] - |A| - [12504] - C:\Windows\system32\pwdspio.sys
[MD5.CC2BDE8319ED1C3BC60513E0A6037549] - [12/04/2020 18:49:40] - |A| - [3600896] - C:\Windows\system32\pwNative.exe
[MD5.5D418F76140C52D09C4E3872023B8C3C] - [13/04/2020 18:30:28] - |A| - [126976] - C:\Windows\system32\RDWebAI.dll
[MD5.07DE21A44C96710A2696CAC2D60942FC] - [12/04/2020 18:37:59] - |A| - [176640] - C:\Windows\system32\storewuauth.dll
[MD5.6009C4EC34F3037536907A0784C0D570] - [13/04/2020 18:30:30] - |A| - [144896] - C:\Windows\system32\tssdisai.dll
[MD5.3B89FB754A6FA82910A7EBA5A2B9F8CA] - [13/04/2020 18:30:28] - |A| - [122880] - C:\Windows\system32\VmHostAI.dll
[MD5.F9D935D60C397809FC6E1E0676F4AC6E] - [12/04/2020 18:37:54] - |A| - [17408] - C:\Windows\system32\wuaext.dll
[MD5.3B61E09694F82333A4A0609714469E1E] - [12/04/2020 18:37:48] - |A| - [773632] - C:\Windows\system32\wuapi.dll
[MD5.E07104ADA4972888FC2FADAC22CE4591] - [12/04/2020 18:37:39] - |A| - [40448] - C:\Windows\system32\wuapp.exe
[MD5.7B0A0BE4B067C9CC4898CFFC30BAD425] - [12/04/2020 18:37:54] - |A| - [59416] - C:\Windows\system32\wuauclt.exe
[MD5.F2463B2E9818D242B4F72B237E9BD545] - [12/04/2020 18:37:48] - |A| - [3286528] - C:\Windows\system32\wuaueng.dll
[MD5.B9E015C3C45556C39AD9A3F1C0F73639] - [12/04/2020 18:37:48] - |A| - [1623040] - C:\Windows\system32\wucltux.dll
[MD5.2762E48274640A6E8F17CACF49AA8DF0] - [12/04/2020 18:37:59] - |A| - [100352] - C:\Windows\system32\wudriver.dll
[MD5.A0C07056756C94FA19B231BBE58C33DF] - [12/04/2020 18:37:56] - |A| - [49664] - C:\Windows\system32\wups.dll
[MD5.633B9891D7C18B992CE9C6AF08DF4D05] - [12/04/2020 18:37:56] - |A| - [49152] - C:\Windows\system32\wups2.dll
[MD5.C7D91C7FF92B935FBEB1285DF720AE89] - [12/04/2020 18:37:54] - |A| - [253440] - C:\Windows\system32\WUSettingsProvider.dll
[MD5.7B013D1DB9D532C90B2A13C81A300362] - [12/04/2020 18:37:56] - |A| - [99328] - C:\Windows\system32\wushareduxresources.dll
[MD5.56BCA2F14F696FBB619D042770859D7B] - [12/04/2020 18:37:39] - |A| - [144384] - C:\Windows\system32\wuwebv.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/04/2020 18:12:49] - |RASH| - [0] - C:\Windows\system32\Drivers\103C_HP_cPC_CQ2904EF_Y53316J_0U_Q4CH3100VPJ_E12WE3RR8607_4A_I2AE3_SHP_V1.02_B8.17_T130125_W8101-0_L40C_M3660_J1000_7AMD_8BFF_91.40_#130304_N19692062_Z_G10029809_Ohp DVD A DH16ACSHR_DACR0503.MRK
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/04/2020 18:37:00] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
[MD5.00000000000000000000000000000000] - [13/04/2020 16:47:47] - |D| - [9873029] - C:\Windows\system32\Drivers\NGCx64
[MD5.030ACEF708C06751D532E43B36111DF3] - [12/04/2020 19:05:53] - |A| - [28352] - C:\Windows\syswow64\aspnet_counters.dll
[MD5.779267A740023E545668517E5D3CF14F] - [12/04/2020 19:06:26] - |A| - [484552] - C:\Windows\syswow64\msvcp120_clr0400.dll
[MD5.856DA04454A75CF6E7453D53CD90A29D] - [12/04/2020 19:06:26] - |A| - [987848] - C:\Windows\syswow64\msvcr120_clr0400.dll
[MD5.115DAE15480BA4FA00D11096EDA01A26] - [13/04/2020 18:30:27] - |A| - [132608] - C:\Windows\syswow64\poqexec.exe
[MD5.9C8920D4E47E3591203739E051248E42] - [12/04/2020 18:37:48] - |A| - [629248] - C:\Windows\syswow64\wuapi.dll
[MD5.0AA8927C7DAE50EBDBFD9D5523A21020] - [12/04/2020 18:37:39] - |A| - [35328] - C:\Windows\syswow64\wuapp.exe
[MD5.BC587C9D241C638A825B4D55BF91BAFA] - [12/04/2020 18:37:59] - |A| - [86528] - C:\Windows\syswow64\wudriver.dll
[MD5.B607284B548E9749B7DFE21F0B0EE376] - [12/04/2020 18:37:59] - |A| - [20992] - C:\Windows\syswow64\wups.dll
[MD5.7285D8DF13AA1F2BBDF8BE0C3FB65AF4] - [12/04/2020 18:37:39] - |A| - [128000] - C:\Windows\syswow64\wuwebv.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/04/2020 18:12:49] - |RASH| - [0] - C:\Windows\syswow64\Drivers\103C_HP_cPC_CQ2904EF_Y53316J_0U_Q4CH3100VPJ_E12WE3RR8607_4A_I2AE3_SHP_V1.02_B8.17_T130125_W8101-0_L40C_M3660_J1000_7AMD_8BFF_91.40_#130304_N19692062_Z_G10029809_Ohp DVD A DH16ACSHR_DACR0503.MRK

---------- | Drives


C:

[14/04/2020 10:33:09] - |A| - (.-.) - [1962] - (0.0.0.0) - C:\4 - Moby Dawn - Anti-JJAD en internet repairs for barro account - Raccourci.lnk
[14/04/2020 10:33:11] - |A| - (.-.) - [2124] - (0.0.0.0) - C:\Acrobat Reader DC (2).lnk
[14/04/2020 10:33:15] - |A| - (.-.) - [2124] - (0.0.0.0) - C:\Acrobat Reader DC.lnk
[14/04/2020 10:33:17] - |A| - (.-.) - [958] - (0.0.0.0) - C:\AIMP (2).lnk
[14/04/2020 10:33:18] - |A| - (.-.) - [958] - (0.0.0.0) - C:\AIMP.lnk
[14/04/2020 10:33:18] - |A| - (.-.) - [1201] - (0.0.0.0) - C:\Ashampoo Backup 2018 (2).lnk
[14/04/2020 10:33:19] - |A| - (.-.) - [1201] - (0.0.0.0) - C:\Ashampoo Backup 2018.lnk
[14/04/2020 10:33:22] - |A| - (.-.) - [1352] - (0.0.0.0) - C:\Ashampoo Music Studio 2013.lnk
[14/04/2020 10:33:22] - |A| - (.-.) - [1260] - (0.0.0.0) - C:\Ashampoo Snap 10 (2).lnk
[14/04/2020 10:33:23] - |A| - (.-.) - [1260] - (0.0.0.0) - C:\Ashampoo Snap 10.lnk
[14/04/2020 10:33:24] - |A| - (.-.) - [1445] - (0.0.0.0) - C:\Atomic Mail Sender.lnk
[14/04/2020 10:33:25] - |A| - (.-.) - [1080] - (0.0.0.0) - C:\Audacity (2).lnk
[14/04/2020 10:33:26] - |A| - (.-.) - [1080] - (0.0.0.0) - C:\Audacity.lnk
[14/04/2020 10:33:27] - |A| - (.-.) - [1111] - (0.0.0.0) - C:\Backup and Sync from Google (2).lnk
[14/04/2020 10:33:28] - |A| - (.-.) - [1111] - (0.0.0.0) - C:\Backup and Sync from Google.lnk
[14/04/2020 10:33:39] - |A| - (.-.) - [1153] - (0.0.0.0) - C:\blender (2).lnk
[14/04/2020 10:33:41] - |A| - (.-.) - [1153] - (0.0.0.0) - C:\blender.lnk
[14/04/2020 10:33:41] - |A| - (.-.) - [1199] - (0.0.0.0) - C:\BS.Player FREE (2).lnk
[14/04/2020 10:33:42] - |A| - (.-.) - [1199] - (0.0.0.0) - C:\BS.Player FREE.lnk
[14/04/2020 10:33:43] - |A| - (.-.) - [863] - (0.0.0.0) - C:\CCleaner (2).lnk
[14/04/2020 10:33:43] - |A| - (.-.) - [863] - (0.0.0.0) - C:\CCleaner.lnk
[14/04/2020 10:33:44] - |A| - (.-.) - [2326] - (0.0.0.0) - C:\Chromium.lnk
[14/04/2020 10:33:44] - |A| - (.-.) - [2108] - (0.0.0.0) - C:\Cisco WebEx Connect (2).lnk
[14/04/2020 10:33:44] - |A| - (.-.) - [2108] - (0.0.0.0) - C:\Cisco WebEx Connect.lnk
[14/04/2020 10:33:45] - |A| - (.-.) - [2551] - (0.0.0.0) - C:\Citrix Workspace (2).lnk
[14/04/2020 10:33:46] - |A| - (.-.) - [2551] - (0.0.0.0) - C:\Citrix Workspace.lnk
[14/04/2020 10:33:46] - |A| - (.-.) - [944] - (0.0.0.0) - C:\Click Translator.lnk
[14/04/2020 10:33:47] - |A| - (.-.) - [2996] - (0.0.0.0) - C:\ComIntRep_x64 - Raccourci (2).lnk
[14/04/2020 10:33:47] - |A| - (.-.) - [2996] - (0.0.0.0) - C:\ComIntRep_x64 - Raccourci.lnk
[14/04/2020 10:33:48] - |A| - (.-.) - [604] - (0.0.0.0) - C:\COMODO TrustConnect (VPN) (2).lnk
[14/04/2020 10:33:48] - |A| - (.-.) - [604] - (0.0.0.0) - C:\COMODO TrustConnect (VPN).lnk
[14/04/2020 10:33:49] - |A| - (.-.) - [1304] - (0.0.0.0) - C:\Corel PaintShop Pro 2020 (64-bit) (2).lnk
[14/04/2020 10:33:49] - |A| - (.-.) - [1304] - (0.0.0.0) - C:\Corel PaintShop Pro 2020 (64-bit).lnk
[14/04/2020 10:33:49] - |A| - (.-.) - [956] - (0.0.0.0) - C:\Cursor Translator.lnk
[14/04/2020 10:33:50] - |A| - (.-.) - [932] - (0.0.0.0) - C:\Cute Translator.lnk
[14/04/2020 10:33:50] - |A| - (.-.) - [1814] - (0.0.0.0) - C:\DAEMON Tools Lite (2).lnk
[14/04/2020 10:33:50] - |A| - (.-.) - [1814] - (0.0.0.0) - C:\DAEMON Tools Lite.lnk
[14/04/2020 10:33:50] - |A| - (.-.) - [1962] - (0.0.0.0) - C:\Dashlane.lnk
[14/04/2020 10:33:51] - |A| - (.-.) - [2693] - (0.0.0.0) - C:\defencebyte Computer Optimizer (2).lnk
[14/04/2020 10:33:51] - |A| - (.-.) - [2693] - (0.0.0.0) - C:\defencebyte Computer Optimizer.lnk
[14/04/2020 10:33:52] - |A| - (.-.) - [1809] - (0.0.0.0) - C:\Defraggler (2).lnk
[14/04/2020 10:33:52] - |A| - (.-.) - [1809] - (0.0.0.0) - C:\Defraggler.lnk
[14/04/2020 10:33:54] - |A| - (.-.) - [1232] - (0.0.0.0) - C:\Donner votre avis sur Slowin' Killer.lnk
[14/04/2020 10:33:55] - |A| - (.-.) - [643] - (0.0.0.0) - C:\DVB Dream.lnk
[14/04/2020 10:33:55] - |A| - (.-.) - [1406] - (0.0.0.0) - C:\DVDVideoSoft Free Studio (2).lnk
[14/04/2020 10:33:55] - |A| - (.-.) - [1406] - (0.0.0.0) - C:\DVDVideoSoft Free Studio.lnk
[14/04/2020 10:33:56] - |A| - (.-.) - [1068] - (0.0.0.0) - C:\eMule (2).lnk
[14/04/2020 10:33:56] - |A| - (.-.) - [1068] - (0.0.0.0) - C:\eMule.lnk
[14/04/2020 10:33:57] - |A| - (.-.) - [1196] - (0.0.0.0) - C:\FastStone Image Viewer (2).lnk
[14/04/2020 10:33:58] - |A| - (.-.) - [1196] - (0.0.0.0) - C:\FastStone Image Viewer.lnk
[14/04/2020 10:33:58] - |A| - (.-.) - [1053] - (0.0.0.0) - C:\FileZilla (2).lnk
[14/04/2020 10:33:59] - |A| - (.-.) - [1053] - (0.0.0.0) - C:\FileZilla.lnk
[14/04/2020 10:33:59] - |A| - (.-.) - [1035] - (0.0.0.0) - C:\Firefox (2).lnk
[14/04/2020 10:34:00] - |A| - (.-.) - [1063] - (0.0.0.0) - C:\Firefox Developer Edition (2).lnk
[14/04/2020 10:34:00] - |A| - (.-.) - [1063] - (0.0.0.0) - C:\Firefox Developer Edition.lnk
[14/04/2020 10:34:01] - |A| - (.-.) - [1037] - (0.0.0.0) - C:\Firefox Nightly (2).lnk
[14/04/2020 10:34:01] - |A| - (.-.) - [1037] - (0.0.0.0) - C:\Firefox Nightly.lnk
[14/04/2020 10:34:01] - |A| - (.-.) - [1035] - (0.0.0.0) - C:\Firefox.lnk
[14/04/2020 10:34:02] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\foobar2000 (2).lnk
[14/04/2020 10:34:03] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\foobar2000.lnk
[14/04/2020 10:34:03] - |A| - (.-.) - [1428] - (0.0.0.0) - C:\Foxit Reader (2).lnk
[14/04/2020 10:34:04] - |A| - (.-.) - [1428] - (0.0.0.0) - C:\Foxit Reader.lnk
[14/04/2020 10:34:05] - |A| - (.-.) - [1017] - (0.0.0.0) - C:\FreeFileSync (2).lnk
[14/04/2020 10:34:05] - |A| - (.-.) - [1017] - (0.0.0.0) - C:\FreeFileSync.lnk
[14/04/2020 10:34:09] - |A| - (.-.) - [2073] - (0.0.0.0) - C:\FULL-DISKfighter (2).lnk
[14/04/2020 10:34:10] - |A| - (.-.) - [2073] - (0.0.0.0) - C:\FULL-DISKfighter.lnk
[14/04/2020 10:34:11] - |A| - (.-.) - [1171] - (0.0.0.0) - C:\Glary Utilities 5 (2).lnk
[14/04/2020 10:34:12] - |A| - (.-.) - [1171] - (0.0.0.0) - C:\Glary Utilities 5.lnk
[14/04/2020 10:34:12] - |A| - (.-.) - [2258] - (0.0.0.0) - C:\Google Chrome (2).lnk
[14/04/2020 10:34:12] - |A| - (.-.) - [2258] - (0.0.0.0) - C:\Google Chrome.lnk
[14/04/2020 10:34:13] - |A| - (.-.) - [2061] - (0.0.0.0) - C:\Google Docs (2).lnk
[14/04/2020 10:34:13] - |A| - (.-.) - [2061] - (0.0.0.0) - C:\Google Docs.lnk
[14/04/2020 10:34:14] - |A| - (.-.) - [1153] - (0.0.0.0) - C:\Google Drive (2).lnk
[14/04/2020 10:34:14] - |A| - (.-.) - [1153] - (0.0.0.0) - C:\Google Drive.lnk
[14/04/2020 10:34:15] - |A| - (.-.) - [2283] - (0.0.0.0) - C:\Google Earth Pro (2).lnk
[14/04/2020 10:34:15] - |A| - (.-.) - [2283] - (0.0.0.0) - C:\Google Earth Pro.lnk
[14/04/2020 10:34:16] - |A| - (.-.) - [2071] - (0.0.0.0) - C:\Google Sheets (2).lnk
[14/04/2020 10:34:16] - |A| - (.-.) - [2071] - (0.0.0.0) - C:\Google Sheets.lnk
[14/04/2020 10:34:16] - |A| - (.-.) - [2073] - (0.0.0.0) - C:\Google Slides (2).lnk
[14/04/2020 10:34:17] - |A| - (.-.) - [2073] - (0.0.0.0) - C:\Google Slides.lnk
[14/04/2020 10:34:17] - |A| - (.-.) - [1324] - (0.0.0.0) - C:\Google Talk (2).lnk
[14/04/2020 10:34:18] - |A| - (.-.) - [1324] - (0.0.0.0) - C:\Google Talk.lnk
[14/04/2020 10:34:18] - |A| - (.-.) - [1436] - (0.0.0.0) - C:\GoToMeeting (2).lnk
[14/04/2020 10:34:18] - |A| - (.-.) - [1436] - (0.0.0.0) - C:\GoToMeeting.lnk
[14/04/2020 10:34:19] - |A| - (.-.) - [883] - (0.0.0.0) - C:\Greenshot (2).lnk
[14/04/2020 10:34:19] - |A| - (.-.) - [883] - (0.0.0.0) - C:\Greenshot.lnk
[14/04/2020 10:34:20] - |A| - (.-.) - [1312] - (0.0.0.0) - C:\Identity Inspector (2).lnk
[14/04/2020 10:34:20] - |A| - (.-.) - [1312] - (0.0.0.0) - C:\Identity Inspector.lnk
[14/04/2020 10:34:21] - |A| - (.-.) - [1938] - (0.0.0.0) - C:\ImgBurn (2).lnk
[14/04/2020 10:34:22] - |A| - (.-.) - [1938] - (0.0.0.0) - C:\ImgBurn.lnk
[14/04/2020 10:34:23] - |A| - (.-.) - [1042] - (0.0.0.0) - C:\InfraRecorder (2).lnk
[14/04/2020 10:34:24] - |A| - (.-.) - [1042] - (0.0.0.0) - C:\InfraRecorder.lnk
[14/04/2020 10:34:24] - |A| - (.-.) - [1218] - (0.0.0.0) - C:\Internet Explorer (2).lnk
[14/04/2020 10:34:25] - |A| - (.-.) - [1212] - (0.0.0.0) - C:\Internet Explorer.lnk
[14/04/2020 10:34:26] - |A| - (.-.) - [1071] - (0.0.0.0) - C:\IrfanView (2).lnk
[14/04/2020 10:34:26] - |A| - (.-.) - [1071] - (0.0.0.0) - C:\IrfanView.lnk
[14/04/2020 10:34:47] - |A| - (.-.) - [1178] - (0.0.0.0) - C:\Kastor All Video Downloader.lnk
[14/04/2020 10:34:48] - |A| - (.-.) - [1176] - (0.0.0.0) - C:\KeePass (2).lnk
[14/04/2020 10:34:48] - |A| - (.-.) - [1176] - (0.0.0.0) - C:\KeePass.lnk
[14/04/2020 10:34:50] - |A| - (.-.) - [1823] - (0.0.0.0) - C:\Krita (2).lnk
[14/04/2020 10:34:51] - |A| - (.-.) - [1823] - (0.0.0.0) - C:\Krita.lnk
[14/04/2020 10:34:52] - |A| - (.-.) - [1077] - (0.0.0.0) - C:\Language Reader.lnk
[14/04/2020 10:34:53] - |A| - (.-.) - [2051] - (0.0.0.0) - C:\LM-Viewer (2).lnk
[14/04/2020 10:34:54] - |A| - (.-.) - [2051] - (0.0.0.0) - C:\LM-Viewer.lnk
[14/04/2020 10:34:55] - |A| - (.-.) - [1061] - (0.0.0.0) - C:\LogMeIn Control Panel (2).lnk
[14/04/2020 10:34:55] - |A| - (.-.) - [1061] - (0.0.0.0) - C:\LogMeIn Control Panel.lnk
[14/04/2020 10:34:56] - |A| - (.-.) - [1912] - (0.0.0.0) - C:\Malwarebytes (2).lnk
[14/04/2020 10:34:57] - |A| - (.-.) - [1912] - (0.0.0.0) - C:\Malwarebytes.lnk
[14/04/2020 10:34:58] - |A| - (.-.) - [1278] - (0.0.0.0) - C:\Media Player Classic (2).lnk
[14/04/2020 10:34:58] - |A| - (.-.) - [1154] - (0.0.0.0) - C:\Media Player Classic Home Cinema (64bit) (2).lnk
[14/04/2020 10:34:59] - |A| - (.-.) - [1154] - (0.0.0.0) - C:\Media Player Classic Home Cinema (64bit).lnk
[14/04/2020 10:34:59] - |A| - (.-.) - [1278] - (0.0.0.0) - C:\Media Player Classic.lnk
[14/04/2020 10:35:00] - |A| - (.-.) - [1134] - (0.0.0.0) - C:\MediaMonkey (2).lnk
[14/04/2020 10:35:01] - |A| - (.-.) - [1134] - (0.0.0.0) - C:\MediaMonkey.lnk
[14/04/2020 10:35:01] - |A| - (.-.) - [1476] - (0.0.0.0) - C:\Microsoft Edge (2).lnk
[14/04/2020 10:35:02] - |A| - (.-.) - [1450] - (0.0.0.0) - C:\Microsoft Edge.lnk
[14/04/2020 10:35:02] - |A| - (.-.) - [1067] - (0.0.0.0) - C:\Mozilla Firefox (2).lnk
[14/04/2020 10:35:04] - |A| - (.-.) - [1067] - (0.0.0.0) - C:\Mozilla Firefox.lnk
[14/04/2020 10:35:05] - |A| - (.-.) - [1043] - (0.0.0.0) - C:\Mozilla Thunderbird (2).lnk
[14/04/2020 10:35:06] - |A| - (.-.) - [1043] - (0.0.0.0) - C:\Mozilla Thunderbird.lnk
[14/04/2020 10:35:06] - |A| - (.-.) - [2054] - (0.0.0.0) - C:\MultiCommander (2).lnk
[14/04/2020 10:35:07] - |A| - (.-.) - [2054] - (0.0.0.0) - C:\MultiCommander.lnk
[14/04/2020 10:35:08] - |A| - (.-.) - [1345] - (0.0.0.0) - C:\MyFormatConverter (2).lnk
[14/04/2020 10:35:08] - |A| - (.-.) - [1345] - (0.0.0.0) - C:\MyFormatConverter.lnk
[14/04/2020 10:35:09] - |A| - (.-.) - [1195] - (0.0.0.0) - C:\Navigateur Opera (2).lnk
[14/04/2020 10:35:10] - |A| - (.-.) - [1393] - (0.0.0.0) - C:\Navigateur Opera.lnk
[14/04/2020 10:35:10] - |A| - (.-.) - [2178] - (0.0.0.0) - C:\Nettoyer la mémoire.lnk
[14/04/2020 10:35:11] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\Notepad++ (2).lnk
[14/04/2020 10:35:12] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\Notepad++.lnk
[14/04/2020 10:35:13] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\NVDA (2).lnk
[14/04/2020 10:35:13] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\NVDA.lnk
[14/04/2020 10:35:14] - |A| - (.-.) - [1888] - (0.0.0.0) - C:\Opera (2).lnk
[14/04/2020 10:35:15] - |A| - (.-.) - [1888] - (0.0.0.0) - C:\Opera.lnk
[14/04/2020 10:35:15] - |A| - (.-.) - [2318] - (0.0.0.0) - C:\PC Manager (2).lnk
[14/04/2020 10:35:16] - |A| - (.-.) - [2318] - (0.0.0.0) - C:\PC Manager.lnk
[14/04/2020 10:35:16] - |A| - (.-.) - [877] - (0.0.0.0) - C:\PDFCreator (2).lnk
[14/04/2020 10:35:17] - |A| - (.-.) - [877] - (0.0.0.0) - C:\PDFCreator.lnk
[14/04/2020 10:35:17] - |A| - (.-.) - [825] - (0.0.0.0) - C:\PeaZip (2).lnk
[14/04/2020 10:35:17] - |A| - (.-.) - [825] - (0.0.0.0) - C:\PeaZip.lnk
[14/04/2020 10:35:18] - |A| - (.-.) - [1064] - (0.0.0.0) - C:\Pidgin (2).lnk
[14/04/2020 10:35:19] - |A| - (.-.) - [1064] - (0.0.0.0) - C:\Pidgin.lnk
[14/04/2020 10:35:19] - |A| - (.-.) - [1068] - (0.0.0.0) - C:\PlayGalaxy Link.lnk
[14/04/2020 10:35:19] - |A| - (.-.) - [1019] - (0.0.0.0) - C:\PuTTY (2).lnk
[14/04/2020 10:35:20] - |A| - (.-.) - [1019] - (0.0.0.0) - C:\PuTTY.lnk
[14/04/2020 10:35:20] - |A| - (.-.) - [907] - (0.0.0.0) - C:\qBittorrent (2).lnk
[14/04/2020 10:35:21] - |A| - (.-.) - [907] - (0.0.0.0) - C:\qBittorrent.lnk
[14/04/2020 10:35:21] - |A| - (.-.) - [987] - (0.0.0.0) - C:\RealTimeSync (2).lnk
[14/04/2020 10:35:21] - |A| - (.-.) - [987] - (0.0.0.0) - C:\RealTimeSync.lnk
[14/04/2020 10:35:22] - |A| - (.-.) - [1699] - (0.0.0.0) - C:\Recuva (2).lnk
[14/04/2020 10:35:23] - |A| - (.-.) - [1699] - (0.0.0.0) - C:\Recuva.lnk
[14/04/2020 10:35:25] - |A| - (.-.) - [1078] - (0.0.0.0) - C:\Restore Windows Photo Viewer.lnk
[14/04/2020 10:35:26] - |A| - (.-.) - [1079] - (0.0.0.0) - C:\Revo Uninstaller (2).lnk
[14/04/2020 10:35:26] - |A| - (.-.) - [1079] - (0.0.0.0) - C:\Revo Uninstaller.lnk
[14/04/2020 10:35:27] - |A| - (.-.) - [2519] - (0.0.0.0) - C:\Safari (2).lnk
[14/04/2020 10:35:27] - |A| - (.-.) - [2519] - (0.0.0.0) - C:\Safari.lnk
[14/04/2020 10:35:31] - |A| - (.-.) - [1242] - (0.0.0.0) - C:\Should I Remove It.lnk
[14/04/2020 10:35:31] - |A| - (.-.) - [989] - (0.0.0.0) - C:\Silent Install Builder 5 (2).lnk
[14/04/2020 10:35:32] - |A| - (.-.) - [989] - (0.0.0.0) - C:\Silent Install Builder 5.lnk
[14/04/2020 10:35:32] - |A| - (.-.) - [1383] - (0.0.0.0) - C:\Skype (2).lnk
[14/04/2020 10:35:33] - |A| - (.-.) - [1383] - (0.0.0.0) - C:\Skype.lnk
[14/04/2020 10:35:34] - |A| - (.-.) - [1262] - (0.0.0.0) - C:\Slowin' Killer - Analyser (1).lnk
[14/04/2020 10:35:35] - |A| - (.-.) - [1199] - (0.0.0.0) - C:\Social Downloader for Facebook, Instagram and Twitter (2).lnk
[14/04/2020 10:35:36] - |A| - (.-.) - [1199] - (0.0.0.0) - C:\Social Downloader for Facebook, Instagram and Twitter.lnk
[14/04/2020 10:35:37] - |A| - (.-.) - [1233] - (0.0.0.0) - C:\Social Lite (2).lnk
[14/04/2020 10:35:38] - |A| - (.-.) - [1233] - (0.0.0.0) - C:\Social Lite.lnk
[14/04/2020 10:35:38] - |A| - (.-.) - [2400] - (0.0.0.0) - C:\Social Network Controller (2).lnk
[14/04/2020 10:35:39] - |A| - (.-.) - [2400] - (0.0.0.0) - C:\Social Network Controller.lnk
[14/04/2020 10:35:40] - |A| - (.-.) - [1406] - (0.0.0.0) - C:\SocialLoginLauncher (2).lnk
[14/04/2020 10:35:40] - |A| - (.-.) - [1406] - (0.0.0.0) - C:\SocialLoginLauncher.lnk
[14/04/2020 10:35:41] - |A| - (.-.) - [837] - (0.0.0.0) - C:\Speccy (2).lnk
[14/04/2020 10:35:42] - |A| - (.-.) - [837] - (0.0.0.0) - C:\Speccy.lnk
[14/04/2020 10:35:43] - |A| - (.-.) - [1036] - (0.0.0.0) - C:\Steam (2).lnk
[14/04/2020 10:35:44] - |A| - (.-.) - [1036] - (0.0.0.0) - C:\Steam.lnk
[14/04/2020 10:35:44] - |A| - (.-.) - [1974] - (0.0.0.0) - C:\SugarSync (2).lnk
[14/04/2020 10:35:44] - |A| - (.-.) - [1974] - (0.0.0.0) - C:\SugarSync.lnk
[14/04/2020 10:35:45] - |A| - (.-.) - [1948] - (0.0.0.0) - C:\SumatraPDF (2).lnk
[14/04/2020 10:35:45] - |A| - (.-.) - [1948] - (0.0.0.0) - C:\SumatraPDF.lnk
[14/04/2020 10:35:45] - |A| - (.-.) - [1865] - (0.0.0.0) - C:\SUPERAntiSpyware Free Edition (2).lnk
[14/04/2020 10:35:46] - |A| - (.-.) - [1865] - (0.0.0.0) - C:\SUPERAntiSpyware Free Edition.lnk
[14/04/2020 10:35:48] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\TeamViewer 14 (2).lnk
[14/04/2020 10:35:48] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\TeamViewer 14.lnk
[14/04/2020 10:35:49] - |A| - (.-.) - [1725] - (0.0.0.0) - C:\TeraCopy (2).lnk
[14/04/2020 10:35:50] - |A| - (.-.) - [1725] - (0.0.0.0) - C:\TeraCopy.lnk
[14/04/2020 10:35:56] - |A| - (.-.) - [1152] - (0.0.0.0) - C:\Trillian (2).lnk
[14/04/2020 10:35:56] - |A| - (.-.) - [1152] - (0.0.0.0) - C:\Trillian.lnk
[14/04/2020 10:35:57] - |A| - (.-.) - [1083] - (0.0.0.0) - C:\Trojan Killer (2).lnk
[14/04/2020 10:35:58] - |A| - (.-.) - [1083] - (0.0.0.0) - C:\Trojan Killer.lnk
[14/04/2020 10:35:58] - |A| - (.-.) - [916] - (0.0.0.0) - C:\TrueCrypt (2).lnk
[14/04/2020 10:35:59] - |A| - (.-.) - [916] - (0.0.0.0) - C:\TrueCrypt.lnk
[14/04/2020 10:36:00] - |A| - (.-.) - [1242] - (0.0.0.0) - C:\TunesKit Spotify Converter.lnk
[14/04/2020 10:36:00] - |A| - (.-.) - [2423] - (0.0.0.0) - C:\UltraAdwareKiller - Raccourci (2).lnk
[14/04/2020 10:36:01] - |A| - (.-.) - [2423] - (0.0.0.0) - C:\UltraAdwareKiller - Raccourci.lnk
[14/04/2020 10:36:01] - |A| - (.-.) - [2443] - (0.0.0.0) - C:\UltraAdwareKiller64 - Raccourci (2).lnk
[14/04/2020 10:36:02] - |A| - (.-.) - [2443] - (0.0.0.0) - C:\UltraAdwareKiller64 - Raccourci.lnk
[14/04/2020 10:36:03] - |A| - (.-.) - [960] - (0.0.0.0) - C:\UpdateStar SigParser.lnk
[14/04/2020 10:36:04] - |A| - (.-.) - [956] - (0.0.0.0) - C:\Utilisateurs - Raccourci (2).lnk
[14/04/2020 10:36:05] - |A| - (.-.) - [956] - (0.0.0.0) - C:\Utilisateurs - Raccourci.lnk
[14/04/2020 10:36:05] - |A| - (.-.) - [1847] - (0.0.0.0) - C:\UVK - Ultra Virus Killer (2).lnk
[14/04/2020 10:36:06] - |A| - (.-.) - [1847] - (0.0.0.0) - C:\UVK - Ultra Virus Killer.lnk
[14/04/2020 10:36:06] - |A| - (.-.) - [2363] - (0.0.0.0) - C:\UVKPortable - Raccourci (2).lnk
[14/04/2020 10:36:07] - |A| - (.-.) - [2363] - (0.0.0.0) - C:\UVKPortable - Raccourci.lnk
[14/04/2020 10:36:08] - |A| - (.-.) - [993] - (0.0.0.0) - C:\Visual Studio Code (2).lnk
[14/04/2020 10:36:08] - |A| - (.-.) - [993] - (0.0.0.0) - C:\Visual Studio Code.lnk
[14/04/2020 10:36:09] - |A| - (.-.) - [916] - (0.0.0.0) - C:\VLC media player (2).lnk
[14/04/2020 10:36:09] - |A| - (.-.) - [916] - (0.0.0.0) - C:\VLC media player.lnk
[14/04/2020 10:36:10] - |A| - (.-.) - [1109] - (0.0.0.0) - C:\VNC Viewer (2).lnk
[14/04/2020 10:36:10] - |A| - (.-.) - [1109] - (0.0.0.0) - C:\VNC Viewer.lnk
[14/04/2020 10:36:11] - |A| - (.-.) - [1052] - (0.0.0.0) - C:\Winamp (2).lnk
[14/04/2020 10:36:11] - |A| - (.-.) - [1052] - (0.0.0.0) - C:\Winamp.lnk
[14/04/2020 10:30:56] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\WinDirStat (2).lnk
[14/04/2020 10:30:56] - |A| - (.-.) - [1104] - (0.0.0.0) - C:\WinDirStat.lnk
[14/04/2020 10:30:56] - |A| - (.-.) - [2813] - (0.0.0.0) - C:\Windows_Repair_Toolbox - Raccourci (2).lnk
[14/04/2020 10:30:57] - |A| - (.-.) - [2813] - (0.0.0.0) - C:\Windows_Repair_Toolbox - Raccourci (3).lnk
[14/04/2020 10:30:57] - |A| - (.-.) - [2813] - (0.0.0.0) - C:\Windows_Repair_Toolbox - Raccourci (4).lnk
[14/04/2020 10:31:01] - |A| - (.-.) - [2813] - (0.0.0.0) - C:\Windows_Repair_Toolbox - Raccourci.lnk
[14/04/2020 10:31:02] - |A| - (.-.) - [973] - (0.0.0.0) - C:\WinMerge (2).lnk
[14/04/2020 10:31:02] - |A| - (.-.) - [973] - (0.0.0.0) - C:\WinMerge.lnk
[14/04/2020 10:31:03] - |A| - (.-.) - [1038] - (0.0.0.0) - C:\WinRAR (2).lnk
[14/04/2020 10:31:03] - |A| - (.-.) - [1038] - (0.0.0.0) - C:\WinRAR.lnk
[14/04/2020 10:31:03] - |A| - (.-.) - [1132] - (0.0.0.0) - C:\WinSCP (2).lnk
[14/04/2020 10:31:04] - |A| - (.-.) - [1132] - (0.0.0.0) - C:\WinSCP.lnk
[14/04/2020 10:31:04] - |A| - (.-.) - [1128] - (0.0.0.0) - C:\XnView (2).lnk
[14/04/2020 10:31:04] - |A| - (.-.) - [1128] - (0.0.0.0) - C:\XnView.lnk
[14/04/2020 09:50:57] - |A| - (.-.) - [15533336] - (0.0.0.0) - C:\ApplicationManager_v1126_rv199819(1.2)_STD_APM181015-01.exe
[14/04/2020 10:33:30] - |A| - (.-.) - [11787448] - (0.0.0.0) - C:\bitdefender_windows_c6108922-9134-4747-9cf3-cd4cd5ee8587.exe
[14/04/2020 10:34:07] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2263552] - (4.12.2019.1) - C:\FRST64.exe
[14/04/2020 10:04:29] - |A| - (.© BleepingComputer.com. - Terminates malware processes so that you can run your normal security programs..) - [1802704] - (2.9.1.0) - C:\iExplore.exe
[14/04/2020 10:34:35] - |A| - (.- Junkware Removal Tool.) - [1790024] - (8.1.4.0) - C:\JRT.exe
[14/04/2020 10:04:30] - |A| - (.UEFM LFS Hyper EFM -.) - [96286087] - (1.0.0.0) - C:\LiveTuner_webcompanion_thememypc_leesoft_windowsxlive_setup_sib.exe
[14/04/2020 09:48:26] - |A| - (.Copyright (C) 2013-2018 Macrorit. - Macrorit NTFS To FAT32 Converter.) - [8882808] - (1.7.4.0) - C:\mn2f-free-setup.exe
[14/04/2020 09:50:38] - |A| - (.(C) 2015 Smart PC Utilities, Ltd. - PC Startup Master Setup.) - [7784934] - (3.0.238.0) - C:\startupmaster.exe
[14/04/2020 09:47:00] - |A| - (.Adlice Software Copyright ©  2015 - WhyIGotInfected.) - [329800] - (2.2.0.0) - C:\WhyIGotInfected.exe
[14/04/2020 10:33:53] - |A| - (.-.) - [1200] - (0.0.0.0) - C:\desktop (2).ini
[14/04/2020 10:33:53] - |A| - (.-.) - [1200] - (0.0.0.0) - C:\desktop.ini

D:

[12/04/2020 18:56:27] - |A| - (.PortableApps.com Installer Copyright 2007-2009 PortableApps.com. - FastMove Portable.) - [9830442] - (1.2019.929.11) - D:\FastMovePortable_1.2019.929.11_English.exe
[12/04/2020 18:12:44] - |ASH| - (.-.) - [44] - (0.0.0.0) - D:\language.ini

E:

[07/04/2020 12:26:56] - |A| - (.2012-2013 (c) AdTrustMedia. - PrivDog.) - [21854480] - (2.0.0.47) - E:\PrivDogSetup.exe
[29/11/2018 12:02:50] - |A| - (.Copyright (C) 2013-2018 Macrorit. - Macrorit NTFS To FAT32 Converter.) - [8882808] - (1.7.4.0) - E:\mn2f-free-setup.exe
[25/02/2019 07:10:00] - |A| - (.� 2008/2019 - El Desaparecido - www.SOSVirus.net - UsbFix Premium.) - [4576600] - (11.0.1.1) - E:\UsbFix_2019_11.012.exe
[25/02/2019 07:10:05] - |A| - (.Nicolas Coolman - ZHPDiag.) - [3274112] - (2020.4.5.190) - E:\ZHPDiag3.exe
[10/04/2020 14:21:57] - |A| - (.Nicolas Coolman - ZHPSuite.) - [3429248] - (2020.4.5.24) - E:\ZHPSuite (1).exe
[10/04/2020 14:21:58] - |A| - (.C 2008/2019 - El Desaparecido - www.SOSVirus.net - UsbFix Premium.) - [4773088] - (11.0.2.2) - E:\UsbFix_2019_11.022.exe
[10/04/2020 14:21:59] - |A| - (.Adlice Software Copyright ©  2015 - WhyIGotInfected.) - [329800] - (2.2.0.0) - E:\WhyIGotInfected.exe
[10/04/2020 14:21:59] - |A| - (.WiseCleaner.com                                                                                     - Wise PC 1stAid                                           .) - [3910256] - (1.4.8.67) - E:\WPCASetup.exe
[10/04/2020 14:22:00] - |A| - (.Copyright (C) 2007-2019   Tenorshare Co.,Ltd. - ReiBoot for Android.) - [1499360] - (2.4.0.3) - E:\reiboot-for-android.exe
[10/04/2020 14:22:01] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2281472] - (5.4.2020.0) - E:\FRST64-2.1.exe
[24/01/2020 00:00:00] - |A| - (.© 2005-2020 ClevX, LLC - Removable Media Antivirus..) - [4787800] - (7.1.5.0) - E:\DriveSecurity.exe
[12/04/2020 17:46:45] - |A| - (.-.) - [3739444] - (0.0.0.0) - E:\FastMove_1_keygen_by_Paradox.exe
[25/02/2019 09:30:41] - |A| - (.NCH Software - Debut Video Capture Software.) - [2406960] - (0.0.0.0) - E:\DebutVideoCaptureSoftware.exe
[25/02/2019 09:30:43] - |A| - (.© BleepingComputer.com. - Terminates malware processes so that you can run your normal security programs..) - [1802704] - (2.9.1.0) - E:\iExplore.exe

G:

[05/12/2019 11:23:11] - |A| - (.-.) - [2071] - (0.0.0.0) - G:\Google Sheets.lnk
[05/12/2019 11:23:12] - |A| - (.-.) - [2073] - (0.0.0.0) - G:\Google Slides.lnk
[05/12/2019 11:23:12] - |A| - (.-.) - [1067] - (0.0.0.0) - G:\Mozilla Firefox.lnk
[05/12/2019 11:23:12] - |A| - (.-.) - [1078] - (0.0.0.0) - G:\NVDA.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1962] - (0.0.0.0) - G:\Dashlane.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [2326] - (0.0.0.0) - G:\Chromium.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1262] - (0.0.0.0) - G:\Slowin' Killer - Analyser (1).lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1232] - (0.0.0.0) - G:\Donner votre avis sur Slowin' Killer.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [2178] - (0.0.0.0) - G:\Nettoyer la mémoire.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1242] - (0.0.0.0) - G:\TunesKit Spotify Converter.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1068] - (0.0.0.0) - G:\PlayGalaxy Link.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1352] - (0.0.0.0) - G:\Ashampoo Music Studio 2013.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1178] - (0.0.0.0) - G:\Kastor All Video Downloader.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1445] - (0.0.0.0) - G:\Atomic Mail Sender.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [643] - (0.0.0.0) - G:\DVB Dream.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [944] - (0.0.0.0) - G:\Click Translator.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [956] - (0.0.0.0) - G:\Cursor Translator.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1077] - (0.0.0.0) - G:\Language Reader.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [932] - (0.0.0.0) - G:\Cute Translator.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1078] - (0.0.0.0) - G:\Restore Windows Photo Viewer.lnk
[05/12/2019 11:23:51] - |A| - (.-.) - [1212] - (0.0.0.0) - G:\Internet Explorer.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1393] - (0.0.0.0) - G:\Navigateur Opera.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1450] - (0.0.0.0) - G:\Microsoft Edge.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1242] - (0.0.0.0) - G:\Should I Remove It.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1260] - (0.0.0.0) - G:\Ashampoo Snap 10.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [837] - (0.0.0.0) - G:\Speccy.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [2054] - (0.0.0.0) - G:\MultiCommander.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [2124] - (0.0.0.0) - G:\Acrobat Reader DC.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1823] - (0.0.0.0) - G:\Krita.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [2318] - (0.0.0.0) - G:\PC Manager.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [993] - (0.0.0.0) - G:\Visual Studio Code.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [916] - (0.0.0.0) - G:\VLC media player.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [2108] - (0.0.0.0) - G:\Cisco WebEx Connect.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1436] - (0.0.0.0) - G:\GoToMeeting.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1152] - (0.0.0.0) - G:\Trillian.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1134] - (0.0.0.0) - G:\MediaMonkey.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1974] - (0.0.0.0) - G:\SugarSync.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1154] - (0.0.0.0) - G:\Media Player Classic Home Cinema (64bit).lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1132] - (0.0.0.0) - G:\WinSCP.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1053] - (0.0.0.0) - G:\FileZilla.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [825] - (0.0.0.0) - G:\PeaZip.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1079] - (0.0.0.0) - G:\Revo Uninstaller.lnk
[05/12/2019 11:23:57] - |A| - (.-.) - [1128] - (0.0.0.0) - G:\XnView.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1948] - (0.0.0.0) - G:\SumatraPDF.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\foobar2000.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1042] - (0.0.0.0) - G:\InfraRecorder.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\Notepad++.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [916] - (0.0.0.0) - G:\TrueCrypt.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1176] - (0.0.0.0) - G:\KeePass.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1324] - (0.0.0.0) - G:\Google Talk.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [2519] - (0.0.0.0) - G:\Safari.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1888] - (0.0.0.0) - G:\Opera.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1061] - (0.0.0.0) - G:\LogMeIn Control Panel.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1201] - (0.0.0.0) - G:\Ashampoo Backup 2018.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1912] - (0.0.0.0) - G:\Malwarebytes.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [2283] - (0.0.0.0) - G:\Google Earth Pro.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [877] - (0.0.0.0) - G:\PDFCreator.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1428] - (0.0.0.0) - G:\Foxit Reader.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1383] - (0.0.0.0) - G:\Skype.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1111] - (0.0.0.0) - G:\Backup and Sync from Google.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1278] - (0.0.0.0) - G:\Media Player Classic.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1043] - (0.0.0.0) - G:\Mozilla Thunderbird.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\TeamViewer 14.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1109] - (0.0.0.0) - G:\VNC Viewer.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [973] - (0.0.0.0) - G:\WinMerge.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1725] - (0.0.0.0) - G:\TeraCopy.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1938] - (0.0.0.0) - G:\ImgBurn.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [883] - (0.0.0.0) - G:\Greenshot.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1036] - (0.0.0.0) - G:\Steam.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [989] - (0.0.0.0) - G:\Silent Install Builder 5.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [987] - (0.0.0.0) - G:\RealTimeSync.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1962] - (0.0.0.0) - G:\4 - Moby Dawn - Anti-JJAD en internet repairs for barro account - Raccourci.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [2996] - (0.0.0.0) - G:\ComIntRep_x64 - Raccourci.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [604] - (0.0.0.0) - G:\COMODO TrustConnect (VPN).lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [2693] - (0.0.0.0) - G:\defencebyte Computer Optimizer.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1063] - (0.0.0.0) - G:\Firefox Developer Edition.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1312] - (0.0.0.0) - G:\Identity Inspector.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [2051] - (0.0.0.0) - G:\LM-Viewer.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1345] - (0.0.0.0) - G:\MyFormatConverter.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1199] - (0.0.0.0) - G:\Social Downloader for Facebook, Instagram and Twitter.lnk
[05/12/2019 11:23:58] - |A| - (.-.) - [1233] - (0.0.0.0) - G:\Social Lite.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2400] - (0.0.0.0) - G:\Social Network Controller.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [1083] - (0.0.0.0) - G:\Trojan Killer.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2423] - (0.0.0.0) - G:\UltraAdwareKiller - Raccourci.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2443] - (0.0.0.0) - G:\UltraAdwareKiller64 - Raccourci.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [956] - (0.0.0.0) - G:\Utilisateurs - Raccourci.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2363] - (0.0.0.0) - G:\UVKPortable - Raccourci.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2813] - (0.0.0.0) - G:\Windows_Repair_Toolbox - Raccourci (2).lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [2813] - (0.0.0.0) - G:\Windows_Repair_Toolbox - Raccourci.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [958] - (0.0.0.0) - G:\AIMP.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [1037] - (0.0.0.0) - G:\Firefox Nightly.lnk
[05/12/2019 11:23:59] - |A| - (.-.) - [1035] - (0.0.0.0) - G:\Firefox.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1080] - (0.0.0.0) - G:\Audacity.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1153] - (0.0.0.0) - G:\blender.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1199] - (0.0.0.0) - G:\BS.Player FREE.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [863] - (0.0.0.0) - G:\CCleaner.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [2551] - (0.0.0.0) - G:\Citrix Workspace.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1304] - (0.0.0.0) - G:\Corel PaintShop Pro 2020 (64-bit).lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1814] - (0.0.0.0) - G:\DAEMON Tools Lite.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1809] - (0.0.0.0) - G:\Defraggler.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1406] - (0.0.0.0) - G:\DVDVideoSoft Free Studio.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1068] - (0.0.0.0) - G:\eMule.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1196] - (0.0.0.0) - G:\FastStone Image Viewer.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1017] - (0.0.0.0) - G:\FreeFileSync.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1171] - (0.0.0.0) - G:\Glary Utilities 5.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [2258] - (0.0.0.0) - G:\Google Chrome.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [2061] - (0.0.0.0) - G:\Google Docs.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1153] - (0.0.0.0) - G:\Google Drive.lnk
[05/12/2019 11:28:34] - |A| - (.-.) - [1071] - (0.0.0.0) - G:\IrfanView.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1064] - (0.0.0.0) - G:\Pidgin.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1019] - (0.0.0.0) - G:\PuTTY.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [907] - (0.0.0.0) - G:\qBittorrent.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1699] - (0.0.0.0) - G:\Recuva.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1406] - (0.0.0.0) - G:\SocialLoginLauncher.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1865] - (0.0.0.0) - G:\SUPERAntiSpyware Free Edition.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1847] - (0.0.0.0) - G:\UVK - Ultra Virus Killer.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1052] - (0.0.0.0) - G:\Winamp.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\WinDirStat.lnk
[05/12/2019 11:28:35] - |A| - (.-.) - [1038] - (0.0.0.0) - G:\WinRAR.lnk
[05/12/2019 11:34:27] - |A| - (.-.) - [2124] - (0.0.0.0) - G:\Acrobat Reader DC (2).lnk
[05/12/2019 11:34:51] - |A| - (.-.) - [958] - (0.0.0.0) - G:\AIMP (2).lnk
[05/12/2019 11:35:06] - |A| - (.-.) - [1201] - (0.0.0.0) - G:\Ashampoo Backup 2018 (2).lnk
[05/12/2019 11:35:14] - |A| - (.-.) - [1260] - (0.0.0.0) - G:\Ashampoo Snap 10 (2).lnk
[05/12/2019 11:35:23] - |A| - (.-.) - [1080] - (0.0.0.0) - G:\Audacity (2).lnk
[05/12/2019 11:35:26] - |A| - (.-.) - [1111] - (0.0.0.0) - G:\Backup and Sync from Google (2).lnk
[05/12/2019 11:36:05] - |A| - (.-.) - [1153] - (0.0.0.0) - G:\blender (2).lnk
[05/12/2019 11:36:39] - |A| - (.-.) - [1199] - (0.0.0.0) - G:\BS.Player FREE (2).lnk
[05/12/2019 11:36:42] - |A| - (.-.) - [863] - (0.0.0.0) - G:\CCleaner (2).lnk
[05/12/2019 11:36:47] - |A| - (.-.) - [2108] - (0.0.0.0) - G:\Cisco WebEx Connect (2).lnk
[05/12/2019 11:36:47] - |A| - (.-.) - [2551] - (0.0.0.0) - G:\Citrix Workspace (2).lnk
[05/12/2019 11:36:47] - |A| - (.-.) - [2996] - (0.0.0.0) - G:\ComIntRep_x64 - Raccourci (2).lnk
[05/12/2019 11:36:47] - |A| - (.-.) - [604] - (0.0.0.0) - G:\COMODO TrustConnect (VPN) (2).lnk
[05/12/2019 11:36:51] - |A| - (.-.) - [1304] - (0.0.0.0) - G:\Corel PaintShop Pro 2020 (64-bit) (2).lnk
[05/12/2019 11:36:51] - |A| - (.-.) - [1814] - (0.0.0.0) - G:\DAEMON Tools Lite (2).lnk
[05/12/2019 11:36:51] - |A| - (.-.) - [2693] - (0.0.0.0) - G:\defencebyte Computer Optimizer (2).lnk
[05/12/2019 11:36:51] - |A| - (.-.) - [1809] - (0.0.0.0) - G:\Defraggler (2).lnk
[05/12/2019 11:37:10] - |A| - (.-.) - [1406] - (0.0.0.0) - G:\DVDVideoSoft Free Studio (2).lnk
[05/12/2019 11:37:13] - |A| - (.-.) - [1068] - (0.0.0.0) - G:\eMule (2).lnk
[05/12/2019 11:37:16] - |A| - (.-.) - [1196] - (0.0.0.0) - G:\FastStone Image Viewer (2).lnk
[05/12/2019 11:37:21] - |A| - (.-.) - [1053] - (0.0.0.0) - G:\FileZilla (2).lnk
[05/12/2019 11:37:28] - |A| - (.-.) - [1035] - (0.0.0.0) - G:\Firefox (2).lnk
[05/12/2019 11:37:28] - |A| - (.-.) - [1063] - (0.0.0.0) - G:\Firefox Developer Edition (2).lnk
[05/12/2019 11:37:31] - |A| - (.-.) - [1037] - (0.0.0.0) - G:\Firefox Nightly (2).lnk
[05/12/2019 11:37:31] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\foobar2000 (2).lnk
[05/12/2019 11:37:31] - |A| - (.-.) - [1428] - (0.0.0.0) - G:\Foxit Reader (2).lnk
[05/12/2019 11:37:45] - |A| - (.-.) - [1017] - (0.0.0.0) - G:\FreeFileSync (2).lnk
[05/12/2019 11:37:52] - |A| - (.-.) - [2073] - (0.0.0.0) - G:\FULL-DISKfighter (2).lnk
[05/12/2019 11:37:52] - |A| - (.-.) - [1171] - (0.0.0.0) - G:\Glary Utilities 5 (2).lnk
[05/12/2019 11:37:52] - |A| - (.-.) - [2258] - (0.0.0.0) - G:\Google Chrome (2).lnk
[05/12/2019 11:37:52] - |A| - (.-.) - [2061] - (0.0.0.0) - G:\Google Docs (2).lnk
[05/12/2019 11:37:58] - |A| - (.-.) - [1153] - (0.0.0.0) - G:\Google Drive (2).lnk
[05/12/2019 11:38:01] - |A| - (.-.) - [2283] - (0.0.0.0) - G:\Google Earth Pro (2).lnk
[05/12/2019 11:38:06] - |A| - (.-.) - [2071] - (0.0.0.0) - G:\Google Sheets (2).lnk
[05/12/2019 11:38:07] - |A| - (.-.) - [2073] - (0.0.0.0) - G:\Google Slides (2).lnk
[05/12/2019 11:38:07] - |A| - (.-.) - [1324] - (0.0.0.0) - G:\Google Talk (2).lnk
[05/12/2019 11:38:10] - |A| - (.-.) - [1436] - (0.0.0.0) - G:\GoToMeeting (2).lnk
[05/12/2019 11:38:10] - |A| - (.-.) - [883] - (0.0.0.0) - G:\Greenshot (2).lnk
[05/12/2019 11:38:10] - |A| - (.-.) - [1312] - (0.0.0.0) - G:\Identity Inspector (2).lnk
[05/12/2019 11:38:11] - |A| - (.-.) - [1938] - (0.0.0.0) - G:\ImgBurn (2).lnk
[05/12/2019 11:38:11] - |A| - (.-.) - [1042] - (0.0.0.0) - G:\InfraRecorder (2).lnk
[05/12/2019 11:38:11] - |A| - (.-.) - [1218] - (0.0.0.0) - G:\Internet Explorer (2).lnk
[05/12/2019 11:38:17] - |A| - (.-.) - [1071] - (0.0.0.0) - G:\IrfanView (2).lnk
[05/12/2019 11:38:23] - |A| - (.-.) - [1176] - (0.0.0.0) - G:\KeePass (2).lnk
[05/12/2019 11:38:23] - |A| - (.-.) - [1823] - (0.0.0.0) - G:\Krita (2).lnk
[05/12/2019 11:38:24] - |A| - (.-.) - [2051] - (0.0.0.0) - G:\LM-Viewer (2).lnk
[05/12/2019 11:38:24] - |A| - (.-.) - [1061] - (0.0.0.0) - G:\LogMeIn Control Panel (2).lnk
[05/12/2019 11:38:24] - |A| - (.-.) - [1912] - (0.0.0.0) - G:\Malwarebytes (2).lnk
[05/12/2019 11:38:24] - |A| - (.-.) - [1278] - (0.0.0.0) - G:\Media Player Classic (2).lnk
[05/12/2019 11:38:28] - |A| - (.-.) - [1154] - (0.0.0.0) - G:\Media Player Classic Home Cinema (64bit) (2).lnk
[05/12/2019 11:38:38] - |A| - (.-.) - [1134] - (0.0.0.0) - G:\MediaMonkey (2).lnk
[05/12/2019 11:38:53] - |A| - (.-.) - [1476] - (0.0.0.0) - G:\Microsoft Edge (2).lnk
[05/12/2019 11:39:09] - |A| - (.-.) - [1067] - (0.0.0.0) - G:\Mozilla Firefox (2).lnk
[05/12/2019 11:39:09] - |A| - (.-.) - [1043] - (0.0.0.0) - G:\Mozilla Thunderbird (2).lnk
[05/12/2019 11:39:10] - |A| - (.-.) - [2054] - (0.0.0.0) - G:\MultiCommander (2).lnk
[05/12/2019 11:39:10] - |A| - (.-.) - [1345] - (0.0.0.0) - G:\MyFormatConverter (2).lnk
[05/12/2019 11:39:10] - |A| - (.-.) - [1195] - (0.0.0.0) - G:\Navigateur Opera (2).lnk
[05/12/2019 11:39:12] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\Notepad++ (2).lnk
[05/12/2019 11:39:20] - |A| - (.-.) - [1078] - (0.0.0.0) - G:\NVDA (2).lnk
[05/12/2019 11:39:27] - |A| - (.-.) - [1888] - (0.0.0.0) - G:\Opera (2).lnk
[05/12/2019 11:39:31] - |A| - (.-.) - [2318] - (0.0.0.0) - G:\PC Manager (2).lnk
[05/12/2019 11:39:33] - |A| - (.-.) - [877] - (0.0.0.0) - G:\PDFCreator (2).lnk
[05/12/2019 11:39:37] - |A| - (.-.) - [825] - (0.0.0.0) - G:\PeaZip (2).lnk
[05/12/2019 11:39:44] - |A| - (.-.) - [1064] - (0.0.0.0) - G:\Pidgin (2).lnk
[05/12/2019 11:40:01] - |A| - (.-.) - [1019] - (0.0.0.0) - G:\PuTTY (2).lnk
[05/12/2019 11:40:04] - |A| - (.-.) - [907] - (0.0.0.0) - G:\qBittorrent (2).lnk
[05/12/2019 11:40:12] - |A| - (.-.) - [987] - (0.0.0.0) - G:\RealTimeSync (2).lnk
[05/12/2019 11:40:15] - |A| - (.-.) - [1699] - (0.0.0.0) - G:\Recuva (2).lnk
[05/12/2019 11:40:19] - |A| - (.-.) - [1079] - (0.0.0.0) - G:\Revo Uninstaller (2).lnk
[05/12/2019 11:40:23] - |A| - (.-.) - [2519] - (0.0.0.0) - G:\Safari (2).lnk
[05/12/2019 11:40:23] - |A| - (.-.) - [989] - (0.0.0.0) - G:\Silent Install Builder 5 (2).lnk
[05/12/2019 11:40:23] - |A| - (.-.) - [1383] - (0.0.0.0) - G:\Skype (2).lnk
[05/12/2019 11:40:27] - |A| - (.-.) - [1199] - (0.0.0.0) - G:\Social Downloader for Facebook, Instagram and Twitter (2).lnk
[05/12/2019 11:40:27] - |A| - (.-.) - [1233] - (0.0.0.0) - G:\Social Lite (2).lnk
[05/12/2019 11:40:27] - |A| - (.-.) - [2400] - (0.0.0.0) - G:\Social Network Controller (2).lnk
[05/12/2019 11:40:27] - |A| - (.-.) - [1406] - (0.0.0.0) - G:\SocialLoginLauncher (2).lnk
[05/12/2019 11:40:30] - |A| - (.-.) - [837] - (0.0.0.0) - G:\Speccy (2).lnk
[05/12/2019 11:40:36] - |A| - (.-.) - [1036] - (0.0.0.0) - G:\Steam (2).lnk
[05/12/2019 11:40:37] - |A| - (.-.) - [1974] - (0.0.0.0) - G:\SugarSync (2).lnk
[05/12/2019 11:40:37] - |A| - (.-.) - [1948] - (0.0.0.0) - G:\SumatraPDF (2).lnk
[05/12/2019 11:40:37] - |A| - (.-.) - [1865] - (0.0.0.0) - G:\SUPERAntiSpyware Free Edition (2).lnk
[05/12/2019 11:41:03] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\TeamViewer 14 (2).lnk
[05/12/2019 11:41:31] - |A| - (.-.) - [1725] - (0.0.0.0) - G:\TeraCopy (2).lnk
[05/12/2019 11:42:40] - |A| - (.-.) - [1152] - (0.0.0.0) - G:\Trillian (2).lnk
[05/12/2019 11:42:47] - |A| - (.-.) - [1083] - (0.0.0.0) - G:\Trojan Killer (2).lnk
[05/12/2019 11:42:57] - |A| - (.-.) - [916] - (0.0.0.0) - G:\TrueCrypt (2).lnk
[05/12/2019 11:43:33] - |A| - (.-.) - [2423] - (0.0.0.0) - G:\UltraAdwareKiller - Raccourci (2).lnk
[05/12/2019 11:43:47] - |A| - (.-.) - [2443] - (0.0.0.0) - G:\UltraAdwareKiller64 - Raccourci (2).lnk
[05/12/2019 11:44:01] - |A| - (.-.) - [956] - (0.0.0.0) - G:\Utilisateurs - Raccourci (2).lnk
[05/12/2019 11:44:05] - |A| - (.-.) - [1847] - (0.0.0.0) - G:\UVK - Ultra Virus Killer (2).lnk
[05/12/2019 11:44:18] - |A| - (.-.) - [2363] - (0.0.0.0) - G:\UVKPortable - Raccourci (2).lnk
[05/12/2019 11:44:56] - |A| - (.-.) - [993] - (0.0.0.0) - G:\Visual Studio Code (2).lnk
[05/12/2019 11:45:26] - |A| - (.-.) - [916] - (0.0.0.0) - G:\VLC media player (2).lnk
[05/12/2019 11:45:33] - |A| - (.-.) - [1109] - (0.0.0.0) - G:\VNC Viewer (2).lnk
[05/12/2019 11:45:33] - |A| - (.-.) - [1052] - (0.0.0.0) - G:\Winamp (2).lnk
[05/12/2019 11:45:33] - |A| - (.-.) - [1104] - (0.0.0.0) - G:\WinDirStat (2).lnk
[05/12/2019 11:45:47] - |A| - (.-.) - [2813] - (0.0.0.0) - G:\Windows_Repair_Toolbox - Raccourci (3).lnk
[05/12/2019 11:46:01] - |A| - (.-.) - [2813] - (0.0.0.0) - G:\Windows_Repair_Toolbox - Raccourci (4).lnk
[05/12/2019 11:46:14] - |A| - (.-.) - [973] - (0.0.0.0) - G:\WinMerge (2).lnk
[05/12/2019 11:46:33] - |A| - (.-.) - [1038] - (0.0.0.0) - G:\WinRAR (2).lnk
[05/12/2019 11:46:42] - |A| - (.-.) - [1132] - (0.0.0.0) - G:\WinSCP (2).lnk
[05/12/2019 11:46:42] - |A| - (.-.) - [1128] - (0.0.0.0) - G:\XnView (2).lnk
[05/12/2019 11:55:20] - |A| - (.-.) - [2073] - (0.0.0.0) - G:\FULL-DISKfighter.lnk
[05/12/2019 11:57:47] - |A| - (.-.) - [960] - (0.0.0.0) - G:\UpdateStar SigParser.lnk
[05/12/2019 11:23:41] - |A| - (.- Junkware Removal Tool.) - [1790024] - (8.1.4.0) - G:\JRT.exe
[05/12/2019 11:23:50] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2263552] - (4.12.2019.1) - G:\FRST64.exe
[05/12/2019 11:23:51] - |A| - (.-.) - [11787448] - (0.0.0.0) - G:\bitdefender_windows_c6108922-9134-4747-9cf3-cd4cd5ee8587.exe
[05/12/2019 11:28:34] - |A| - (.-.) - [1200] - (0.0.0.0) - G:\desktop.ini
[05/12/2019 11:28:35] - |A| - (.-.) - [20] - (0.0.0.0) - G:\ntuser.ini
[05/12/2019 11:37:01] - |A| - (.-.) - [1200] - (0.0.0.0) - G:\desktop (2).ini

H:

[13/03/2020 09:36:54] - |A| - (.-.) - [1222] - (0.0.0.0) - H:\EdrawMax.exe.lnk
[13/03/2020 09:36:54] - |A| - (.-.) - [629] - (0.0.0.0) - H:\EdrawInfo.lnk
[13/03/2020 09:37:06] - |A| - (.-.) - [685] - (0.0.0.0) - H:\ESET Online Scanner.lnk
[17/03/2020 16:13:30] - |A| - (.-.) - [1374] - (0.0.0.0) - H:\EaseUS Partition Master 13.8.lnk
[17/03/2020 11:59:57] - |A| - (.-.) - [1363] - (0.0.0.0) - H:\EaseUS Todo PCTrans.lnk
[24/03/2020 15:47:08] - |A| - (.-.) - [616] - (0.0.0.0) - H:\Ashampoo Snap 10 (2).lnk
[17/03/2020 16:04:41] - |A| - (.-.) - [1264] - (0.0.0.0) - H:\Ashampoo Snap 10.lnk
[24/03/2020 15:48:17] - |A| - (.-.) - [1062] - (0.0.0.0) - H:\Ashampoo_Snap_mardi 24 mars 2020_14h30m03s_001_.wmv.lnk
[24/03/2020 15:47:07] - |A| - (.-.) - [1062] - (0.0.0.0) - H:\Ashampoo_Snap_mardi 24 mars 2020_14h45m47s_001_.wmv.lnk
[25/03/2020 09:30:51] - |A| - (.-.) - [1062] - (0.0.0.0) - H:\Ashampoo_Snap_mardi 24 mars 2020_15h05m02s_001_.wmv.lnk
[25/03/2020 09:30:15] - |A| - (.-.) - [1077] - (0.0.0.0) - H:\Ashampoo_Snap_mercredi 25 mars 2020_06h44m36s_001_.wmv.lnk
[25/03/2020 10:12:16] - |A| - (.-.) - [1077] - (0.0.0.0) - H:\Ashampoo_Snap_mercredi 25 mars 2020_08h24m18s_001_.wmv.lnk
[18/12/2017 10:21:52] - |A| - (.Â©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2392064] - (17.12.2017.0) - H:\FRST64(2).exe
[18/12/2017 10:21:54] - |A| - (.Â©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2392064] - (17.12.2017.0) - H:\FRST64.exe
[18/12/2017 10:21:54] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2947968] - (2017.12.15.215) - H:\ZHPDiag3.exe
[19/06/2019 05:14:01] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - AdsFix.) - [6503848] - (1.6.17.2) - H:\adsfix_4_01.06.17.2.exe
[10/03/2020 11:49:31] - |A| - (.-.) - [160100] - (0.0.0.0) - H:\Android Start Button.exe
[19/06/2019 05:14:00] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - AdsFix.) - [6503336] - (19.5.17.3) - H:\adsfix_4_19.05.17.3.exe
[19/06/2019 11:00:08] - |A| - (.Xplode - Removal tools cleaner.) - [797760] - (1.0.1.3) - H:\delfix_1.013.exe
[10/03/2020 10:24:06] - |A| - (.-.) - [2282112] - (0.0.0.0) - H:\easybcd_2-4_fr_33420.exe
[13/03/2020 09:37:05] - |A| - (.Copyright © 2007-2018 WebMinds, Inc.                                                                - Easy Duplicate Finder Setup                              .) - [1220040] - (5.28.0.1100) - H:\edfSetup.exe
[25/03/2020 16:49:17] - |A| - (.                                                                                                   - Ashampoo Backup 2018 Setup                               .) - [86070288] - (11.10.0.0) - H:\ashampoo_backup_2018_11.10_sm.exe
[17/03/2020 11:37:56] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo Snap 10 Setup                                   .) - [55627728] - (10.1.0.0) - H:\ashampoo_snap_10_10.1.0_sm (1).exe
[25/03/2020 16:49:42] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo ZIP Pro 3 Setup                                 .) - [75578072] - (3.0.30.0) - H:\ashampoo_zip_pro_3_3.0.30_sm.exe
[13/03/2020 14:34:07] - |A| - (.-.) - [4096] - (0.0.0.0) - H:\etfsboot.com

I:

[22/01/2019 06:35:34] - |N| - (.(C) 2015 Smart PC Utilities, Ltd. - PC Startup Master Setup.) - [7784934] - (3.0.238.0) - I:\startupmaster.exe
[26/02/2019 12:19:36] - |A| - (.© BleepingComputer.com. - Terminates malware processes so that you can run your normal security programs..) - [1802704] - (2.9.1.0) - I:\iExplore.exe
[26/02/2019 13:25:48] - |A| - (.UEFM LFS Hyper EFM -.) - [96286087] - (1.0.0.0) - I:\LiveTuner_webcompanion_thememypc_leesoft_windowsxlive_setup_sib.exe
[03/03/2019 13:43:57] - |A| - (.-.) - [15533336] - (0.0.0.0) - I:\ApplicationManager_v1126_rv199819(1.2)_STD_APM181015-01.exe
[03/03/2019 14:41:19] - |H| - (.-.) - [16] - (0.0.0.0) - I:\AUTORUN.INF

J:

[10/04/2020 14:40:42] - |A| - (.Copyright (C) 2013-2018 Macrorit. - Macrorit NTFS To FAT32 Converter.) - [8882808] - (1.7.4.0) - J:\mn2f-free-setup.exe
[10/04/2020 14:40:44] - |A| - (.Adlice Software Copyright ©  2015 - WhyIGotInfected.) - [329800] - (2.2.0.0) - J:\WhyIGotInfected.exe
[11/11/2019 13:56:29] - |A| - (.-.) - [71] - (0.0.0.0) - J:\autorun.inf
[25/03/2020 10:00:19] - |A| - (.-.) - [415] - (0.0.0.0) - J:\SmartClean.ini
[26/03/2020 15:32:49] - |A| - (.-.) - [68] - (0.0.0.0) - J:\pmp_usb.ini

---------- | C:\Windows

[26/07/2012 10:12:59] - |D| - [802] - C:\Windows\addins
[26/07/2012 10:12:59] - |D| - [4704676] - C:\Windows\AppCompat
[26/07/2012 10:12:59] - |D| - [12403588] - C:\Windows\apppatch
[26/07/2012 10:12:58] - |RSD| - [891356927] - C:\Windows\assembly
[MD5.4798DA87CFA18F7CDF1CE7A7B622BFF7] - [29/08/2012 10:11:11] - |A| - (.-.) - [38557] - (0.0.0.0) - C:\Windows\atiogl.xml
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/03/2013 01:09:53] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\AUInstallAgent
[MD5.059AE72BB6B928804D5385AF2896D2DC] - [26/07/2012 03:59:23] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [75264] - (6.2.9200.16384) - C:\Windows\bfsvc.exe
[26/07/2012 10:12:59] - |D| - [38555035] - C:\Windows\Boot
[MD5.CBDC3EC78A4AB457BD623B6EF653B9BC] - [26/07/2012 09:21:26] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[26/07/2012 10:12:59] - |D| - [2294248] - C:\Windows\Branding
[26/07/2012 09:59:48] - |D| - [0] - C:\Windows\CbsTemp
[MD5.A59F3E4CFD0FFC84FEBCFB548EC0F064] - [26/07/2012 11:46:02] - |A| - (.-.) - [31497] - (0.0.0.0) - C:\Windows\Core.xml
[MD5.B749466D1A93B0BFE3590BD487A793BF] - [05/03/2013 01:14:16] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\csup.txt
[26/07/2012 10:12:59] - |D| - [2113488] - C:\Windows\Cursors
[26/07/2012 10:12:59] - |D| - [952] - C:\Windows\debug
[26/07/2012 10:12:59] - |RD| - [21094] - C:\Windows\DesktopTileResources
[26/07/2012 10:12:59] - |D| - [3513266] - C:\Windows\diagnostics
[26/07/2012 10:18:12] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.1125AAECF81A3142FB25C74E73F82F6D] - [05/03/2013 01:45:51] - |A| - (.-.) - [204] - (0.0.0.0) - C:\Windows\DirectX.log
[26/07/2012 10:12:59] - |SD| - [65] - C:\Windows\Downloaded Program Files
[MD5.4847A76D316251FA389BC3835CE13217] - [26/07/2012 10:13:49] - |A| - (.-.) - [3608] - (0.0.0.0) - C:\Windows\DtcInstall.log
[26/07/2012 10:12:59] - |HD| - [25744] - C:\Windows\ELAMBKUP
[26/07/2012 11:43:43] - |D| - [116160] - C:\Windows\en-GB
[26/07/2012 10:18:12] - |D| - [0] - C:\Windows\en-US
[MD5.928791755FDDEA721B053535EF84FA17] - [26/07/2012 01:14:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2380440] - (6.2.9200.16384) - C:\Windows\explorer.exe
[26/07/2012 07:37:59] - |RSD| - [378780859] - C:\Windows\Fonts
[05/03/2013 01:46:39] - |D| - [116648] - C:\Windows\fr
[05/03/2013 09:53:36] - |D| - [113664] - C:\Windows\fr-FR
[26/07/2012 10:12:59] - |D| - [74391260] - C:\Windows\Globalization
[26/07/2012 10:12:59] - |D| - [4084231] - C:\Windows\Help
[MD5.300F9CD081590CC4A3D3C64259D837C1] - [26/07/2012 02:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [883712] - (6.2.9200.16384) - C:\Windows\HelpPane.exe
[MD5.AAFA7BB276B802F8D791ECACFC380FBD] - [26/07/2012 04:15:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17408] - (6.2.9200.16384) - C:\Windows\hh.exe
[MD5.F5C6DC2903984E3076A3286EAC1A70BB] - [01/08/2012 19:09:30] - |A| - (.-.) - [9068] - (0.0.0.0) - C:\Windows\iis.log
[26/07/2012 10:12:59] - |D| - [202329669] - C:\Windows\IME
[26/07/2012 10:12:59] - |RD| - [1203583] - C:\Windows\ImmersiveControlPanel
[26/07/2012 07:37:59] - |D| - [122850943] - C:\Windows\Inf
[26/07/2012 10:12:59] - |SHD| - [312597265] - C:\Windows\Installer
[26/07/2012 10:12:59] - |D| - [57303] - C:\Windows\L2Schemas
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\LiveKernelReports
[26/07/2012 07:37:59] - |D| - [1379521551] - C:\Windows\Logs
[26/07/2012 10:12:59] - |RSD| - [12703521] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [25/07/2012 22:37:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[26/07/2012 10:12:58] - |D| - [681682546] - C:\Windows\Microsoft.NET
[14/04/2020 11:40:58] - |D| - [132334] - C:\Windows\Minidump
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\ModemLogs
[MD5.5A18F00AB9330AC7539675F3F326CF11] - [26/07/2012 03:13:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243712] - (6.2.9200.16384) - C:\Windows\notepad.exe
[26/07/2012 10:12:59] - |RD| - [65] - C:\Windows\Offline Web Pages
[02/08/2012 04:02:31] - |D| - [3298597] - C:\Windows\Panther
[05/03/2013 01:46:12] - |D| - [0] - C:\Windows\PCHEALTH
[26/07/2012 10:12:59] - |D| - [44836780] - C:\Windows\Performance
[MD5.FC5E0ADAE6B120BDE38E29DC4BD09E7C] - [01/08/2012 19:02:50] - |A| - (.-.) - [6856] - (0.0.0.0) - C:\Windows\PFRO.log
[26/07/2012 10:12:59] - |D| - [1136441] - C:\Windows\PLA
[26/07/2012 10:12:59] - |D| - [2405936] - C:\Windows\PolicyDefinitions
[01/08/2012 19:03:20] - |D| - [29239277] - C:\Windows\Prefetch
[MD5.BB73BA0D27E8B6F92F97073585B1687D] - [12/04/2020 19:00:44] - |A| - (.-.) - [1635] - (0.0.0.0) - C:\Windows\PWCMDLST.BAK
[MD5.FBBAD33ED97E961CC1500872DE5D96DD] - [26/07/2012 03:14:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [159232] - (6.2.9200.16384) - C:\Windows\regedit.exe
[26/07/2012 10:12:59] - |D| - [22588] - C:\Windows\Registration
[26/07/2012 10:12:59] - |D| - [5142519] - C:\Windows\rescache
[26/07/2012 10:12:59] - |D| - [2480380] - C:\Windows\Resources
[MD5.2A7B78F4CFA0F1A5655891DDAACEFAD9] - [05/03/2013 01:18:17] - |A| - (.Copyright (C) 2012 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1706640] - (1.0.3.8) - C:\Windows\RtlExUpd.dll
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\SchCache
[26/07/2012 10:12:59] - |D| - [99253] - C:\Windows\schemas
[26/07/2012 10:12:59] - |D| - [1071008] - C:\Windows\security
[26/07/2012 09:19:54] - |D| - [64709261] - C:\Windows\ServiceProfiles
[26/07/2012 07:37:59] - |D| - [107684376] - C:\Windows\servicing
[26/07/2012 09:20:02] - |D| - [42] - C:\Windows\Setup
[MD5.3AE17022334F5828B2601A8562531774] - [26/07/2012 09:21:16] - |A| - (.-.) - [34833] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2012 09:21:16] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[26/07/2012 11:45:49] - |D| - [4544] - C:\Windows\ShellNew
[26/07/2012 11:45:49] - |D| - [16378336] - C:\Windows\SKB
[12/04/2020 18:09:14] - |D| - [1338295650] - C:\Windows\SoftwareDistribution
[26/07/2012 10:12:59] - |D| - [100049735] - C:\Windows\Speech
[MD5.974A3A675E5E0CECA74F62F6C39AF592] - [26/07/2012 03:27:54] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [126464] - (6.2.9200.16384) - C:\Windows\splwow64.exe
[MD5.E8F40F7C46A1D730763AFC1D9BD96326] - [26/07/2012 09:59:47] - |A| - (.-.) - [31537] - (0.0.0.0) - C:\Windows\Starter.xml
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [26/07/2012 07:26:52] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[26/07/2012 07:38:00] - |RD| - [3319666442] - C:\Windows\System32
[26/07/2012 07:38:00] - |D| - [1320358801] - C:\Windows\SysWOW64
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\TAPI
[26/07/2012 10:12:59] - |D| - [6] - C:\Windows\Tasks
[26/07/2012 07:38:00] - |D| - [62993898] - C:\Windows\Temp
[26/07/2012 10:12:59] - |RD| - [19134] - C:\Windows\ToastData
[26/07/2012 10:12:59] - |D| - [0] - C:\Windows\tracing
[26/07/2012 10:12:59] - |D| - [7680] - C:\Windows\twain_32
[MD5.DA7EB5D3652FE2B1676AAA9E6E241E68] - [26/07/2012 03:19:02] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [50176] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.4BB56723D5AD05FF6F31F3749CD03DE5] - [26/07/2012 09:21:16] - |A| - (.-.) - [1585] - (0.0.0.0) - C:\Windows\vmgcoinstall.log
[26/07/2012 10:12:59] - |D| - [12420] - C:\Windows\Vss
[26/07/2012 10:12:59] - |D| - [18301935] - C:\Windows\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [26/07/2012 07:26:52] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [02/06/2012 16:32:56] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.2A15AF27258F4541F7A8D79647B3B108] - [12/04/2020 18:09:14] - |A| - (.-.) - [1716242] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.EADA08C87AD2A913563244CCF4391E5D] - [26/07/2012 04:09:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10752] - (6.2.9200.16384) - C:\Windows\winhlp32.exe
[26/07/2012 10:12:59] - |D| - [1250982] - C:\Windows\WinStore
[26/07/2012 07:38:00] - |D| - [13930382567] - C:\Windows\WinSxS
[MD5.D935AD9372C6858C04E3FB423149134C] - [28/07/2012 04:54:00] - |A| - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [321472] - (16.4.3503.728) - C:\Windows\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [02/06/2012 16:34:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.CDEE22097674B556817D09AA96467902] - [26/07/2012 04:00:48] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10752] - (6.2.9200.16384) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[29/08/2012 20:23:50] - C:\Windows\Installer\15b2ee.msi : ( - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/08/2012 23:53:54] - C:\Windows\Installer\15b2f3.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/08/2012 07:20:32] - C:\Windows\Installer\15b2f8.msi : (HP Postscript Converter - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/07/2012 23:54:11] - C:\Windows\Installer\15b301.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2012 04:07:50] - C:\Windows\Installer\15b307.msi : ( - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/07/2012 01:12:59] - C:\Windows\Installer\15b310.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/07/2012 00:22:32] - C:\Windows\Installer\2dfc7.msi : (Blank Project Template - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:54] - C:\Windows\Installer\2dfcc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:05:09] - C:\Windows\Installer\2dfd2.msi : (AMD Catalyst Install Manager Installer (64 bit) - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 09:59:01] - C:\Windows\Installer\2dfd7.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:33] - C:\Windows\Installer\2dfdc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:42] - C:\Windows\Installer\2dfe1.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:46] - C:\Windows\Installer\2dfe6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:52] - C:\Windows\Installer\2dfeb.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:58] - C:\Windows\Installer\2dff0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:04] - C:\Windows\Installer\2dff5.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:11] - C:\Windows\Installer\2dffa.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:16] - C:\Windows\Installer\2dfff.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:20] - C:\Windows\Installer\2e004.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:27] - C:\Windows\Installer\2e009.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:33] - C:\Windows\Installer\2e00e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:37] - C:\Windows\Installer\2e013.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:43] - C:\Windows\Installer\2e018.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:47] - C:\Windows\Installer\2e01d.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:52] - C:\Windows\Installer\2e022.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:02:59] - C:\Windows\Installer\2e027.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:03] - C:\Windows\Installer\2e02c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:10] - C:\Windows\Installer\2e031.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:14] - C:\Windows\Installer\2e036.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:20] - C:\Windows\Installer\2e03b.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:26] - C:\Windows\Installer\2e040.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:32] - C:\Windows\Installer\2e045.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:36] - C:\Windows\Installer\2e04a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:03:44] - C:\Windows\Installer\2e04f.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:04:11] - C:\Windows\Installer\2e054.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:01:24] - C:\Windows\Installer\2e05a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2012 10:05:35] - C:\Windows\Installer\2e05f.msi : (AMD Accelerated Parallel Processing SDK - Advanced Micro Devices Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/03/2013 01:20:47] - C:\Windows\Installer\2e065.msi : (HP Support Assistant - Hewlett-Packard Company)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/06/2012 09:46:42] - C:\Windows\Installer\2e06a.msi : (Blank Project Template - Hewlett-Packard Company)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/03/2013 01:24:47] - C:\Windows\Installer\2e06f.msi : (Blank Project Template - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/07/2012 03:38:58] - C:\Windows\Installer\2e073.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2012 00:03:55] - C:\Windows\Installer\2e081.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/07/2012 23:59:51] - C:\Windows\Installer\2e086.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/04/2020 10:36:04] - C:\Windows\Installer\545c67.msi : (Google Toolbar for Internet Explorer - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/04/2020 10:32:56] - C:\Windows\Installer\545c6c.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/04/2020 10:39:36] - C:\Windows\Installer\612cdf.msi : (Google Update Helper - Google LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/06/2011 23:27:28] - [4028928] - (.().-. - ()) - C:\Windows\Installer\1a8e1.msp
[28/06/2011 23:21:32] - [4637184] - (.().-. - ()) - C:\Windows\Installer\1cc49.msp
[05/03/2013 01:24:49] - [10134] - C:\Windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:08] - [88102] - C:\Windows\Installer\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:37:42] - [300318] - C:\Windows\Installer\{0FA995CC-C849-4755-B14B-5404CC75DC24}\_853F67D554F05449430E7E.exe     () - ()
[05/03/2013 01:20:03] - [88102] - C:\Windows\Installer\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:02] - [88102] - C:\Windows\Installer\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:04] - [88102] - C:\Windows\Installer\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:11] - [88102] - C:\Windows\Installer\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:28:50] - [156903] - C:\Windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:37:25] - [101879] - C:\Windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:16] - [88102] - C:\Windows\Installer\{2E2526C8-51A8-F6EB-8289-6787E880CE27}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:16] - [88102] - C:\Windows\Installer\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:25:52] - [74032] - C:\Windows\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:23] - [10134] - C:\Windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:06] - [88102] - C:\Windows\Installer\{5AD25D5C-C813-146B-4FB0-76561F7875B7}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:09] - [88102] - C:\Windows\Installer\{5B4886EE-5A95-C257-A68F-2DCADE47A273}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:12] - [88102] - C:\Windows\Installer\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:01] - [88102] - C:\Windows\Installer\{5F5ACD0C-A454-32A7-E206-EE89B1510128}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut2_3B1A0823966A48909E77539C330FBF6E.exe     () - ()
[05/03/2013 01:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut3_3B1A0823966A48909E77539C330FBF6E.exe     () - ()
[05/03/2013 01:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut4_3B1A0823966A48909E77539C330FBF6E.exe     () - ()
[05/03/2013 01:19:38] - [88102] - C:\Windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\NewShortcut5_3B1A0823966A48909E77539C330FBF6E.exe     () - ()
[05/03/2013 01:20:11] - [88102] - C:\Windows\Installer\{67087BB4-19B4-C169-3E52-2BED796D8AB3}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:08] - [88102] - C:\Windows\Installer\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:24:44] - [53248] - C:\Windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe     (Copyright (C) 2010 Flexera Software, Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[05/03/2013 01:19:59] - [10134] - C:\Windows\Installer\{7474548C-E456-4818-8ED0-4A1F00EF77A1}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:04] - [88102] - C:\Windows\Installer\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:00] - [88102] - C:\Windows\Installer\{839D1577-5415-6C89-6642-515DFFE6432F}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:07] - [88102] - C:\Windows\Installer\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:13] - [88102] - C:\Windows\Installer\{A666A6E7-3A51-E289-559B-BF3486036ABF}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:19:36] - [88102] - C:\Windows\Installer\{ABA39912-380C-0EF3-C820-868115EB1DAC}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:03] - [88102] - C:\Windows\Installer\{AC7A441A-353F-75F6-6ABA-3BF98161B530}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:49:28] - [10134] - C:\Windows\Installer\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}\_6FB06134364694D5797749.exe     () - ()
[05/03/2013 01:20:05] - [88102] - C:\Windows\Installer\{B6480ED1-448E-813B-4FE0-BED811D1C01F}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:00] - [88102] - C:\Windows\Installer\{BDBF9803-B57C-AB2A-8830-CBED34703840}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:09] - [88102] - C:\Windows\Installer\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:29:54] - [79345] - C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:06] - [88102] - C:\Windows\Installer\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:43:25] - [297086] - C:\Windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:17:28] - [53248] - C:\Windows\Installer\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}\ARPPRODUCTICON.exe     (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[05/03/2013 01:20:20] - [88102] - C:\Windows\Installer\{E8406BA9-5D47-4A62-08C3-759EA677229A}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:14] - [88102] - C:\Windows\Installer\{F193812F-83C0-3CED-1EDE-BE2525267303}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_853F67D554F05449430E7E.exe     () - ()
[05/03/2013 01:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_E6113B9D6EB98153552F17.exe     () - ()
[05/03/2013 01:35:27] - [165425] - C:\Windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_E8C9E3A9CF262083682835.exe     () - ()
[05/03/2013 01:20:13] - [88102] - C:\Windows\Installer\{F754BC24-2C04-F76E-C403-0175F0954560}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:20:10] - [88102] - C:\Windows\Installer\{FC62C740-2339-618C-467B-36CE6D409E5F}\ARPPRODUCTICON.exe     () - ()
[05/03/2013 01:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\ARPPRODUCTICON.exe     (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[05/03/2013 01:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\HPSF.exe2_2EBA634C3DB04BEC8765F065A06AB6AA.exe     (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)
[05/03/2013 01:23:32] - [98304] - C:\Windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\NewShortcut2_06EDE08E9D6342F1AC2C30BC31ED1770.exe     (Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc.) - (InstallShield)

---------- | %System%\*.in*

[26/07/2012 10:13:14] - [75] - C:\Windows\System32\desktop.ini
[26/07/2012 00:57:48] - [25185] - C:\Windows\System32\ieuinit.inf
[26/07/2012 09:28:09] - [1797594] - C:\Windows\System32\PerfStringBackup.INI
[02/06/2012 22:26:07] - [60124] - C:\Windows\System32\tcpmon.ini
[26/07/2012 00:54:50] - [25185] - C:\Windows\Syswow64\ieuinit.inf
[01/08/2012 19:09:37] - [915038] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.60AB39637FD7496E21DE870FDA4CC5CA] - |A| - [25/07/2012 22:35:41] - (.-.) - [6.71 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb
[MD5.368A0B4A8A69885B0DBACD8BDAE40A96] - |A| - [05/03/2013 10:01:59] - (.-.) - [354.85 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.085EBD119F5FC6B8F63720FAC1166FF5] - |A| - [12/04/2020 18:42:30] - (.-.) - [24 Ko] - (0.0.0.0) - C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db
[MD5.13CB88A6E830821B99C5A2911A02B150] - |A| - [12/04/2020 18:42:30] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2020 18:52:32] - [57078.01 Ko] - C:\Windows\Temp\asw.9f53c37288f360f1
[MD5.00000000000000000000000000000000] - |D| - [14/04/2020 02:46:05] - [3326.88 Ko] - C:\Windows\Temp\EDGEMITMP_3EC2D.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/04/2020 18:02:18] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/04/2020 18:02:18] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\FXSTIFFDebugLogFile.txt
[MD5.1FC491355F5E95F5A7EF532E3CB414B1] - |A| - [14/04/2020 10:34:55] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\Temp\gui4C2D.tmp
[MD5.841E0673C4774693D1D3EDFF8574EC5F] - |A| - [12/04/2020 19:50:55] - (.-.) - [24.72 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200412-195055-0.log
[MD5.402A3D3CF1DBBD29D288B20BBA2B00CA] - |A| - [13/04/2020 16:15:01] - (.-.) - [3.15 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200413-161501-0.log
[MD5.B697CFC379EFBE9574FA1BCA35071495] - |A| - [14/04/2020 08:47:13] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200414-084713-0.log
[MD5.90450FD250F576E166D6989B0CB580FA] - |A| - [14/04/2020 09:01:30] - (.-.) - [1.98 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200414-090130-0.log
[MD5.1D844F582A8FD8935600FA4D446050E4] - |A| - [14/04/2020 09:04:26] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200414-090426-0.log
[MD5.4A76731F0CEA9A380A15C6656FFF88C0] - |A| - [14/04/2020 11:41:09] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20200414-114109-0.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/04/2020 18:42:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-1428.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/04/2020 02:47:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-4136.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/04/2020 20:45:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\mat-debug-5704.log
[MD5.2773FEE34AB9D0DAAEA9659684F4940C] - |A| - [12/04/2020 18:09:49] - (.-.) - [1.16 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [12/04/2020 18:41:44] - [0.14 Ko] - C:\Windows\Temp\MsEdgeCrashpad
[MD5.DBACDA1B2E177E2A31950580EF650A69] - |A| - [14/04/2020 02:46:09] - (.-.) - [23.28 Ko] - (0.0.0.0) - C:\Windows\Temp\msedge_installer.log
[MD5.FDB219153F97EB371E48D562CFD00AD7] - |A| - [13/04/2020 22:47:17] - (.-.) - [31.16 Ko] - (0.0.0.0) - C:\Windows\Temp\patch.js
[MD5.3C403F016A48AA0FBE7D5D1FA639E489] - |A| - [13/04/2020 17:01:05] - (.-.) - [22.67 Ko] - (0.0.0.0) - C:\Windows\Temp\SYMEVENT.LOG
[MD5.1FAD7F8D527F79BD57597C24B7227210] - |A| - [12/04/2020 18:40:06] - (.-.) - [320 Ko] - (0.0.0.0) - C:\Windows\Temp\TS_5AC.tmp
[MD5.7063676A3935135697C6FB4E8F54BF61] - |A| - [14/04/2020 09:04:53] - (.-.) - [192 Ko] - (0.0.0.0) - C:\Windows\Temp\TS_DD34.tmp
[MD5.440E0B538C4A772216523EA695529CF0] - |A| - [14/04/2020 09:04:54] - (.-.) - [192 Ko] - (0.0.0.0) - C:\Windows\Temp\TS_E041.tmp
[MD5.BE864AC992FBC1B7723F82FCBBBAB7B3] - |A| - [12/04/2020 18:40:01] - (.-.) - [192 Ko] - (0.0.0.0) - C:\Windows\Temp\TS_F086.tmp
[MD5.05468E4220E8F1738CEF581102E11B0C] - |A| - [12/04/2020 18:02:54] - (.-.) - [1.87 Ko] - (0.0.0.0) - C:\Windows\Temp\UploadUI.log
[MD5.A904A840B4F1613379326154779454D0] - |A| - [12/04/2020 17:36:23] - (.-.) - [76.57 Ko] - (0.0.0.0) - C:\Windows\Temp\winstore.log
[MD5.00000000000000000000000000000000] - |D| - [05/03/2013 09:53:31] - [0 Ko] - C:\Windows\System32\040C
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [3887 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.2EB8152BF8417C530318099F3F813DED] - |A| - [08/08/2012 13:08:50] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.1 Runtime.) - [16079 Ko] - (10.0.938.2) - C:\Windows\System32\amdocl64.dll
[MD5.1F65A4ADAA6C8AD5317C81BE73FCD1A8] - |A| - [29/08/2012 10:08:41] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll
[MD5.284FC144C5DB09182B43FD728C31C6C3] - |A| - [05/03/2013 10:02:00] - (.-.) - [353.45 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [245 Ko] - C:\Windows\System32\ar-SA
[MD5.411DF2BD73FADE38352CCC5396D7A458] - |A| - [29/08/2012 10:08:48] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [528 Ko] - (6.14.10.1106) - C:\Windows\System32\atiadlxx.dll
[MD5.BB02C38DC0AEF5458B5F250BD2B5301C] - |A| - [29/08/2012 10:08:53] - (.-.) - [262.43 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb
[MD5.7231EA92A64A0D660BF18CFA6430254D] - |A| - [29/08/2012 10:08:55] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [160 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe
[MD5.749584902AE80A53EFDA4F8FA03E1713] - |A| - [29/08/2012 10:08:57] - (.Copyright (C) 2008 Advanced Micro Devices, Inc. - ATIBRTMON.) - [116 Ko] - (2.0.0.0) - C:\Windows\System32\atibtmon.exe
[MD5.340BE31D61A156727BB94C1C3084B057] - |A| - [29/08/2012 10:09:01] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [43.5 Ko] - (6.14.10.1741) - C:\Windows\System32\aticalcl64.dll
[MD5.19362F8F976D6A9A498BA02470ED8984] - |A| - [29/08/2012 10:09:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15658.5 Ko] - (6.14.10.1741) - C:\Windows\System32\aticaldd64.dll
[MD5.3FEE3D3805FDC4F7447A97F010BCDD2E] - |A| - [29/08/2012 10:09:48] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [50 Ko] - (6.14.10.1741) - C:\Windows\System32\aticalrt64.dll
[MD5.18EB7BBD18BAB5520988E41D69501ADB] - |A| - [29/08/2012 10:09:55] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1085 Ko] - (8.17.10.1140) - C:\Windows\System32\aticfx64.dll
[MD5.A2474A0E1DD9FDF1A71A89A8CF6F45FE] - |A| - [29/08/2012 10:09:58] - (.2002-2012 - Graphics DEM.) - [432 Ko] - (2.0.4603.17607) - C:\Windows\System32\atidemgy.dll
[MD5.EF630FAA4252832FD7A24BF7C756D0E9] - |A| - [29/08/2012 10:10:12] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [6887 Ko] - (8.17.10.451) - C:\Windows\System32\atidxx64.dll
[MD5.E4410DCE9BD5904BE8992E9AD17FB1CC] - |A| - [29/08/2012 10:10:15] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [522 Ko] - (6.14.11.1126) - C:\Windows\System32\atieclxx.exe
[MD5.DA4698C0C86B6A034C687EC7F8A5FCA6] - |A| - [29/08/2012 10:10:17] - (.Copyright (c) ATI Technologies Inc. 2003-2009 - atiedu64.) - [58 Ko] - (6.14.10.2514) - C:\Windows\System32\atiedu64.dll
[MD5.15223ECAD7D688273DADA63ADA8B6BBA] - |A| - [29/08/2012 10:10:20] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [234 Ko] - (6.14.11.1126) - C:\Windows\System32\atiesrxx.exe
[MD5.73CA5DFE023ED7F853D6E3E6892E6417] - |A| - [29/08/2012 10:10:22] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [17.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atig6pxx.dll
[MD5.BFF79F418BADE9B85EBF76CDFC4F6749] - |A| - [29/08/2012 10:10:23] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [41 Ko] - (8.14.1.6268) - C:\Windows\System32\atig6txx.dll
[MD5.08742B0F440CC87C7DE6DE9C74775089] - |A| - [29/08/2012 10:10:27] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [14.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiglpxx.dll
[MD5.E94666EE349D54F0FD71AFE2E99A5C06] - |A| - [29/08/2012 10:10:29] - (.-.) - [622.8 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat
[MD5.655B2378106E28C290C45CD1F58B1D48] - |A| - [29/08/2012 10:10:49] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll
[MD5.F842B1014FF639584F14CC23869DCCC4] - |A| - [29/08/2012 10:10:51] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [21 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll
[MD5.5871EA0B431893C717C0CA90029346CE] - |A| - [29/08/2012 10:11:04] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24350.5 Ko] - (6.14.10.11764) - C:\Windows\System32\atio6axx.dll
[MD5.A6BAAA6608A9B00220E9D5C023FC53D1] - |A| - [29/08/2012 10:11:07] - (.Copyright (C) 2008 - ATIODCLI Application.) - [50 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe
[MD5.463FFBD3350E3EB57F7D5746EBD233CA] - |A| - [29/08/2012 10:11:09] - (.Copyright (C) 2008 - ATIODE Application.) - [325 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [29/08/2012 10:11:43] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\System32\atipblag.dat
[MD5.6D8E893105AF373AE6BD06B7C75C9239] - |A| - [29/08/2012 10:11:49] - (.Copyright 2006 - TMM Clone Control Module.) - [117.5 Ko] - (6.14.11.23) - C:\Windows\System32\atitmm64.dll
[MD5.35E417F4D0C575AF7EA324998B6F0E30] - |A| - [29/08/2012 10:11:51] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [101.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiu9p64.dll
[MD5.49B53EDC929566B2F1B42DE87DE6A02E] - |A| - [29/08/2012 10:12:05] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [6520 Ko] - (9.14.10.924) - C:\Windows\System32\atiumd64.dll
[MD5.8A0C05FF322C291872F47A9C6D33D678] - |A| - [29/08/2012 10:12:14] - (.-.) - [3076.72 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap
[MD5.6FE49E834B74431F54B0589DCB4A716D] - |A| - [29/08/2012 10:12:21] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [4169 Ko] - (8.14.10.363) - C:\Windows\System32\atiumd6a.dll
[MD5.3C076057F15735DDBE20415F714C3CB6] - |A| - [29/08/2012 10:12:47] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [126.5 Ko] - (8.14.1.6268) - C:\Windows\System32\atiuxp64.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [29/08/2012 10:12:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [29/08/2012 10:12:54] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [219.5 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [4969.58 Ko] - C:\Windows\System32\Boot
[MD5.F7801B03B7E1D01B0935C588B9D0A9C4] - |A| - [26/07/2012 03:14:01] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [88.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0.93 Ko] - C:\Windows\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [63373 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [35937.64 Ko] - C:\Windows\System32\catroot2
[MD5.D71E5F62C81108A14C798C87F8231708] - |A| - [08/08/2012 13:09:30] - (.-.) - [183 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [4970.94 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.9865FD1D1E507688670D9DF9B6E44A09] - |A| - [29/08/2012 10:12:56] - (.AMD. - CoInstaller DLL.) - [68.5 Ko] - (1.0.4.7) - C:\Windows\System32\coinst_8.982.7.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [355.5 Ko] - C:\Windows\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [185622.41 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [264.5 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [261.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [287 Ko] - C:\Windows\System32\de-DE
[MD5.08750A50CF027F93070C8BB78E27C3B7] - |ASH| - [26/07/2012 10:13:14] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [6280.5 Ko] - C:\Windows\System32\Dism
[MD5.ED635BAC13F523CD64911C2E71922BB2] - |A| - [05/03/2013 01:08:27] - (.-.) - [278.75 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [05/03/2013 09:53:31] - [1710 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [39436.12 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.BC9CCCBE9800C732940C7F8ED335B7D9] - |A| - [02/06/2012 16:31:20] - (.-.) - [42.95 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [234 Ko] - C:\Windows\System32\he-IL
[MD5.67FC2C86490CB84F4AD74B6F5AF3A89C] - |A| - [05/03/2013 01:35:48] - (.© Copyright 2012 HPDC - Port Monitor Server DLL.) - [347.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbprtmon.dll
[MD5.D0519B40392DB0D156B61502D5F650F4] - |A| - [05/03/2013 01:35:48] - (.© Copyright 2012 HPDC - Port Monitor UI DLL.) - [166.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbprtmonui.dll
[MD5.06F13BD51FB6A9B199B73C1605238BBF] - |A| - [05/03/2013 01:35:48] - (.© Copyright 2012 HPDC - Real Port Monitor DLL.) - [368.5 Ko] - (0.3.1282.3591) - C:\Windows\System32\hpbrprtmon.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [05/03/2013 01:53:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\HPCheckOA21.err
[MD5.3083DEF0BC30D66A5D320B9979C178EC] - |A| - [05/03/2013 01:53:16] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\HPCheckOA21.txt
[MD5.1A4695BDC5017B37E6D23A88CFEC0760] - |A| - [05/03/2013 01:14:27] - (.Copyright (C) 2011 -.) - [114.5 Ko] - (1.3.0.0) - C:\Windows\System32\HPMUIDir.exe
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [213.5 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [268 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [25/07/2012 22:22:54] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\Windows\System32\igcompkrng500.bin
[MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [25/07/2012 22:22:54] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\Windows\System32\igfcg500m.bin
[MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [25/07/2012 22:22:54] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\Windows\System32\igkrng500.bin
[MD5.9A014CE65642722D72588D5196F147CE] - |A| - [25/07/2012 22:22:54] - (.-.) - [1945.25 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa
[MD5.DB945DDE9D7825BB4A173CD108193C49] - |A| - [25/07/2012 22:22:56] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp
[MD5.A980B0ED5543E3DFD1C21058B06C5A65] - |A| - [25/07/2012 22:22:56] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp
[MD5.82001B2CC6728CE282EF036ABC2BC975] - |A| - [25/07/2012 22:22:56] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp
[MD5.3B6C78580EC3B9A0346D2AD63EC7906A] - |A| - [25/07/2012 22:22:56] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp
[MD5.0E74C595B6F7276F41425F50D414B680] - |A| - [25/07/2012 22:22:56] - (.-.) - [5.3 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [25944.67 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [3933.54 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [281.5 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [203 Ko] - C:\Windows\System32\ja-JP
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [26/07/2012 10:13:07] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [113.79 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [14963.82 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [211.5 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [212.5 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [13576.51 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [25/07/2012 22:17:25] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |SD| - [26/07/2012 09:19:50] - [5.55 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [4336.5 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [40302.25 Ko] - C:\Windows\System32\migwiz
[MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [25/07/2012 22:18:14] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [25.14 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [257 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\NDF
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [26/07/2012 09:21:16] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-119437.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [26/07/2012 09:21:17] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-120093.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [26/07/2012 09:21:18] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-120828.txt
[MD5.0D1B9A4AA0E64E1D3C9B23D4C33E8646] - |A| - [26/07/2012 09:21:18] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-121015.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [26/07/2012 09:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-121796.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [26/07/2012 09:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122078.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [26/07/2012 09:21:19] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122250.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [26/07/2012 09:21:19] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122625.txt
[MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [26/07/2012 09:21:20] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-122828.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [26/07/2012 09:21:20] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-123046.txt
[MD5.9F72E06493E8E034E4F3E287B2F6D5D4] - |A| - [01/08/2012 19:10:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-303172.txt
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [01/08/2012 19:03:24] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40170.txt
[MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [01/08/2012 19:03:24] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40591.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [01/08/2012 19:03:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-40934.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [01/08/2012 19:03:25] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41340.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [01/08/2012 19:03:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41667.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [01/08/2012 19:03:26] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-41933.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [01/08/2012 19:03:26] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42213.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [01/08/2012 19:03:26] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42510.txt
[MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [01/08/2012 19:03:27] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-42947.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [01/08/2012 19:03:27] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-43290.txt
[MD5.E4843FF1AB51E26581AC8DB00AF1A4C5] - |A| - [01/08/2012 19:03:29] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-44959.txt
[MD5.E8B1395E16EADC6DF8A46B495B18ECEE] - |A| - [26/07/2012 09:20:47] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-89875.txt
[MD5.5CC4F3864BDCE5E9213C52939312AC01] - |A| - [26/07/2012 09:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93281.txt
[MD5.5801C1FACB698C5002EEDBA6250335EF] - |A| - [26/07/2012 09:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93328.txt
[MD5.821921F348A22369B1C581EA13BBC758] - |A| - [26/07/2012 09:20:50] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93375.txt
[MD5.0D8BF6EF6C21BECB154A7436A59566A3] - |A| - [26/07/2012 09:20:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93593.txt
[MD5.AEAF58F9892C9A4FF1908484C39ED304] - |A| - [26/07/2012 09:20:50] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93625.txt
[MD5.7D493C49123B6DE8B0B54C2423F999A6] - |A| - [26/07/2012 09:20:50] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93671.txt
[MD5.36F91CAF533BED05AFE56F61F4C71219] - |A| - [26/07/2012 09:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-93734.txt
[MD5.FACC27AD18C2F04F14E8E085176E8E96] - |A| - [26/07/2012 09:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94359.txt
[MD5.948440016A48DEB170FB67536DAE1E31] - |A| - [26/07/2012 09:20:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94625.txt
[MD5.44F9A26DA8A19CEB894842E2AE89F4C5] - |A| - [26/07/2012 09:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-94906.txt
[MD5.9AC5678D9C90D7448A66AEB137851A6B] - |A| - [26/07/2012 09:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95156.txt
[MD5.330FC34920FBECA5CC97FF6B3EF494EE] - |A| - [26/07/2012 09:20:52] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95218.txt
[MD5.001C4FC0D09C74099E7D249DDACE46E2] - |A| - [26/07/2012 09:20:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95500.txt
[MD5.811E3BF0C6E28021B6F86BCC82657796] - |A| - [26/07/2012 09:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-95828.txt
[MD5.A312E3421569C57EACF369953FFC7B12] - |A| - [26/07/2012 09:20:53] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96078.txt
[MD5.2F8ADAACE1FD789259BABC0F76B6168B] - |A| - [26/07/2012 09:20:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96140.txt
[MD5.556DC677D7AE5C9C16E753DC56266CD4] - |A| - [26/07/2012 09:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96203.txt
[MD5.FDDCED8294A694F146FD5FE85F40EF00] - |A| - [26/07/2012 09:20:53] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-96437.txt
[MD5.8FF69A1CCC2A8135E57664C4D0F20EB5] - |A| - [26/07/2012 09:20:54] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-97218.txt
[MD5.3299FC715DC4E50EC28C3E4139F61F72] - |A| - [26/07/2012 09:20:55] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-97875.txt
[MD5.DCBE2C1A0A9B0381DC878592682ACDBB] - |A| - [26/07/2012 09:20:55] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98187.txt
[MD5.008033CDCE4B5F060BA01839A2CE184F] - |A| - [26/07/2012 09:20:55] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98390.txt
[MD5.794DCE04F1DE3EA60F3B74A4931CAC4E] - |A| - [26/07/2012 09:20:55] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-98625.txt
[MD5.DF60AA1767C2940E700D8B078A477793] - |A| - [26/07/2012 09:20:56] - (.-.) - [1.04 Ko] - (0.0.0.0) - C:\Windows\System32\netcfg-99140.txt
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [25/07/2012 22:23:38] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [275.5 Ko] - C:\Windows\System32\nl-NL
[MD5.976773F90E055314CCA82223606139C9] - |A| - [26/07/2012 10:13:05] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [25/07/2012 22:17:10] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [73595.98 Ko] - C:\Windows\System32\oobe
[MD5.FEA7C5495FA97FA85091260BA99F443A] - |A| - [08/08/2012 13:09:14] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [74 Ko] - (10.0.938.2) - C:\Windows\System32\OpenVideo64.dll
[MD5.FD4964DC69D2CA2F77872224A0F2EBBF] - |A| - [08/08/2012 13:09:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [62 Ko] - (10.0.938.2) - C:\Windows\System32\OVDecode64.dll
[MD5.89741FD208706704C41DCEBD96DF6A06] - |A| - [26/07/2012 10:15:05] - (.-.) - [140.28 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.03D7EF77E2D5066715AC2B2056CD370B] - |A| - [05/03/2013 09:54:08] - (.-.) - [166.57 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [25/07/2012 22:21:53] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [26/07/2012 10:15:05] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [05/03/2013 09:54:08] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.59A6414C45A2C62F21772E9BC2314CBF] - |A| - [26/07/2012 10:15:05] - (.-.) - [681.47 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.E94A50A75D71FCF5C6E4BE3CE53986D6] - |A| - [05/03/2013 09:54:08] - (.-.) - [770.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.F915FC15D5A273FD3B5D8225F4491BEF] - |A| - [26/07/2012 09:28:09] - (.-.) - [1755.46 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [272 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:41] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [02/06/2012 16:34:22] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [268.5 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [271 Ko] - C:\Windows\System32\pt-PT
[MD5.C32ECB99AD25E9A04F01C8665DF29EF8] - |A| - [12/04/2020 18:49:39] - (.-.) - [18.7 Ko] - (0.0.0.0) - C:\Windows\System32\pwdrvio.sys
[MD5.D619356B955EEFA642F5FF72755E8B3C] - |A| - [12/04/2020 18:49:39] - (.-.) - [12.21 Ko] - (0.0.0.0) - C:\Windows\System32\pwdspio.sys
[MD5.CC2BDE8319ED1C3BC60513E0A6037549] - |A| - [12/04/2020 18:49:40] - (.-.) - [3516.5 Ko] - (0.0.0.0) - C:\Windows\System32\pwNative.exe
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [16/07/2012 11:46:28] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [16/07/2012 11:46:32] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [16/07/2012 11:46:47] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [16/07/2012 11:46:49] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [16/07/2012 11:46:52] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [16/07/2012 11:46:55] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [02/06/2012 16:50:36] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0.01 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [02/06/2012 22:25:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [217.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [213.5 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [49.83 Ko] - C:\Windows\System32\slmgr
[MD5.5DA94C1082B9331928DFC87F5E13EAB2] - |A| - [23/01/2012 15:15:14] - (.- SlotMaximizerAg.dll.) - [120 Ko] - (1.0.2.32) - C:\Windows\System32\SlotMaximizerAg.dll
[MD5.E93999885EA5519A5D4B1EEF6EA448B3] - |A| - [23/01/2012 15:15:14] - (.- SlotMaximizerBe.dll.) - [2420.5 Ko] - (1.0.2.32) - C:\Windows\System32\SlotMaximizerBe.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [12865.02 Ko] - C:\Windows\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [25875 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [139077.98 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [2440.42 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [23.55 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [216 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.65CF29D0A4CC17686E0622DAEFAE73D5] - |A| - [14/07/2012 04:00:47] - (.-.) - [42.85 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [16/07/2012 11:49:35] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [16/07/2012 11:49:38] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [2384 Ko] - C:\Windows\System32\sru
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [25/07/2012 22:21:57] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [262 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [3554.01 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [544 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.6D93E318269732EE13E019D01F3554B9] - |A| - [21/07/2012 03:44:51] - (.-.) - [117.11 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [446.71 Ko] - C:\Windows\System32\Tasks
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [02/06/2012 22:26:07] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.D5AA255705D410C0D2D257B01350E6E4] - |A| - [07/07/2012 04:00:48] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [202 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [258.5 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [212.5 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [70191.73 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:42] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [54290.94 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [26/07/2012 00:55:55] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [128 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [88 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [6289.72 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [40560 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [1284.5 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [107.53 Ko] - C:\Windows\System32\winrm
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [02/06/2012 16:31:26] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [179.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [180.5 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [180.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [05/03/2013 09:53:33] - [0 Ko] - C:\Windows\SysWOW64\040C
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [2207 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.996AEE07EA1C5A1C438AC3846C72975B] - |A| - [08/08/2012 13:08:04] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.1 Runtime.) - [12708.5 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\amdocl.dll
[MD5.66E39A331EDC366C4442DDD0C0452F9A] - |A| - [29/08/2012 10:08:39] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55.5 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [230.5 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.911C09DB34B094B4FE6B3C74523BC769] - |A| - [29/08/2012 10:08:43] - (.Copyright (c) ATI Technologies Inc. 2003-2009 - ati2edxx.) - [42.5 Ko] - (6.14.10.2514) - C:\Windows\SysWOW64\ati2edxx.dll
[MD5.BF0102205681BD2957E36ED3EEFFC296] - |A| - [29/08/2012 10:08:50] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [360 Ko] - (6.14.10.1106) - C:\Windows\SysWOW64\atiadlxy.dll
[MD5.BB02C38DC0AEF5458B5F250BD2B5301C] - |A| - [29/08/2012 10:08:53] - (.-.) - [262.43 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb
[MD5.E99966397AE9B31DA012604D8594EA52] - |A| - [29/08/2012 10:08:59] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [43 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticalcl.dll
[MD5.E90242CB359E803E17CADF37C0665DB2] - |A| - [29/08/2012 10:09:26] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13287 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticaldd.dll
[MD5.19DB23DD169B285BDC1292F91C5AF6B1] - |A| - [29/08/2012 10:09:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [45 Ko] - (6.14.10.1741) - C:\Windows\SysWOW64\aticalrt.dll
[MD5.E8C88BBBDBE4F42B3B60411D9E8A81A9] - |A| - [29/08/2012 10:09:52] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [905.5 Ko] - (8.17.10.1140) - C:\Windows\SysWOW64\aticfx32.dll
[MD5.A022CAC324F89C8753102093F9527F8D] - |A| - [29/08/2012 10:10:03] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [6279.5 Ko] - (8.17.10.451) - C:\Windows\SysWOW64\atidxx32.dll
[MD5.F8D1BCC6C27C8E24E201A463F35B948E] - |A| - [29/08/2012 10:10:25] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [32.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atigktxx.dll
[MD5.08742B0F440CC87C7DE6DE9C74775089] - |A| - [29/08/2012 10:10:27] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [14.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiglpxx.dll
[MD5.B1B2FE82AFCD9EA8B78B42C1DE7BE28A] - |A| - [29/08/2012 10:10:47] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [55.5 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll
[MD5.C7BE0B03A28F8338C50FE68DCDDABF90] - |A| - [29/08/2012 10:11:39] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [20065 Ko] - (6.14.10.11764) - C:\Windows\SysWOW64\atioglxx.dll
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [29/08/2012 10:11:43] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atipblag.dat
[MD5.38ABF593173F8B255BFDEAA984DD7630] - |A| - [29/08/2012 10:11:53] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [81.5 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiu9pag.dll
[MD5.726BA31E42CC48006EC693366ECDFB5C] - |A| - [29/08/2012 10:12:28] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [5409.16 Ko] - (9.14.10.924) - C:\Windows\SysWOW64\atiumdag.dll
[MD5.CB06D68069F3B033482907725FCA5B10] - |A| - [29/08/2012 10:12:37] - (.-.) - [3112.44 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap
[MD5.C2E7171F4B4144912ACDC7790AA19020] - |A| - [29/08/2012 10:12:45] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [4642 Ko] - (8.14.10.363) - C:\Windows\SysWOW64\atiumdva.dll
[MD5.B3AA5668DF2F3079678C1DC7A1302387] - |A| - [29/08/2012 10:12:49] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [107 Ko] - (8.14.1.6268) - C:\Windows\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [29/08/2012 10:12:52] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [29/08/2012 10:12:54] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [202.5 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [308 Ko] - C:\Windows\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [4669.82 Ko] - C:\Windows\SysWOW64\config
[MD5.C27CB9AF7ACD6DCC164C386E4B46259D] - |A| - [24/08/2012 12:05:44] - (.© Copyright 2006 - cPC_DMIRDll Dynamic Link Library.) - [248 Ko] - (1.3.1.1) - C:\Windows\SysWOW64\cPC_DMIRD.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [248 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [245.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [269.5 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [4828.5 Ko] - C:\Windows\SysWOW64\Dism
[MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [25/07/2012 22:22:54] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igcompkrng500.bin
[MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [25/07/2012 22:22:54] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igfcg500m.bin
[MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [25/07/2012 22:22:54] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igkrng500.bin
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [20443.67 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [3130.07 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [264 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [192 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [26/07/2012 10:13:10] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [113.79 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [195.5 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [196 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [11546.51 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [3077.5 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [35650.3 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [25.12 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [241.5 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [258.5 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [638 Ko] - C:\Windows\SysWOW64\oobe
[MD5.89E5D3CCE6573E4EE28083FCF0369E25] - |A| - [08/08/2012 13:09:08] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [63.5 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\OpenVideo.dll
[MD5.B69BAB6A94B21DA7FC610C032677E5DD] - |A| - [08/08/2012 13:08:58] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [55 Ko] - (10.0.938.2) - C:\Windows\SysWOW64\OVDecode.dll
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [25/07/2012 22:24:43] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.189BBC2566992858D5706FA8E8AE020C] - |A| - [01/08/2012 19:09:37] - (.-.) - [893.59 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [254.5 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [251.5 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [253.5 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0.84 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [199.5 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [05/03/2013 01:09:52] - [1387.8 Ko] - C:\Windows\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [250 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [199.5 Ko] - C:\Windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [197 Ko] - C:\Windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [49.83 Ko] - C:\Windows\SysWOW64\slmgr
[MD5.5DA94C1082B9331928DFC87F5E13EAB2] - |A| - [23/01/2012 15:29:14] - (.- SlotMaximizerAg.dll.) - [120 Ko] - (1.0.2.32) - C:\Windows\SysWOW64\SlotMaximizerAg.dll
[MD5.E93999885EA5519A5D4B1EEF6EA448B3] - |A| - [23/01/2012 15:29:14] - (.- SlotMaximizerBe.dll.) - [2420.5 Ko] - (1.0.2.32) - C:\Windows\SysWOW64\SlotMaximizerBe.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [0 Ko] - C:\Windows\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [4181.5 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [342.01 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [23.55 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [200 Ko] - C:\Windows\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [246.5 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [186.5 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [242.5 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [196 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 07:38:00] - [12111.53 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [148.78 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [5722.07 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [1284.5 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 11:43:43] - [107.53 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [05/03/2013 09:53:33] - [10.08 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [171 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [171.5 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [26/07/2012 10:12:59] - [171.5 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | [bosch pinnacle romai]

[14/04/2020 11:56:53] - |HD| - [202571370] - C:\Users\bosch pinnacle romai\AppData
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Application Data
[14/04/2020 11:58:21] - |RD| - [412] - C:\Users\bosch pinnacle romai\Contacts
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Cookies
[14/04/2020 11:56:53] - |RD| - [282] - C:\Users\bosch pinnacle romai\Desktop
[14/04/2020 11:56:51] - |RD| - [204484613] - C:\Users\bosch pinnacle romai\Documents
[14/04/2020 11:56:51] - |RD| - [842216808] - C:\Users\bosch pinnacle romai\Downloads
[14/04/2020 11:56:51] - |RD| - [1967] - C:\Users\bosch pinnacle romai\Favorites
[14/04/2020 11:56:51] - |RD| - [4433] - C:\Users\bosch pinnacle romai\Links
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Local Settings
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Menu Démarrer
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Mes documents
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Modèles
[14/04/2020 11:56:51] - |RD| - [504] - C:\Users\bosch pinnacle romai\Music
[14/04/2020 11:56:51] - |ASH| - [524288] - C:\Users\bosch pinnacle romai\NTUSER.DAT
[14/04/2020 11:57:15] - |ASH| - [344064] - C:\Users\bosch pinnacle romai\ntuser.dat.LOG1
[14/04/2020 11:57:15] - |ASH| - [0] - C:\Users\bosch pinnacle romai\ntuser.dat.LOG2
[14/04/2020 11:57:15] - |ASH| - [65536] - C:\Users\bosch pinnacle romai\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf
[14/04/2020 11:57:15] - |ASH| - [524288] - C:\Users\bosch pinnacle romai\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms
[14/04/2020 11:57:15] - |ASH| - [524288] - C:\Users\bosch pinnacle romai\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms
[14/04/2020 11:57:15] - |ASH| - [20] - C:\Users\bosch pinnacle romai\ntuser.ini
[14/04/2020 11:56:51] - |RD| - [504] - C:\Users\bosch pinnacle romai\Pictures
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Recent
[14/04/2020 11:56:51] - |RD| - [282] - C:\Users\bosch pinnacle romai\Saved Games
[14/04/2020 11:58:22] - |RD| - [1020] - C:\Users\bosch pinnacle romai\Searches
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\SendTo
[14/04/2020 11:56:51] - |RD| - [504] - C:\Users\bosch pinnacle romai\Videos
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Voisinage d'impression
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\Voisinage réseau
[14/04/2020 11:56:53] - |D| - [155739890] - C:\Users\bosch pinnacle romai\AppData\Local
[14/04/2020 11:57:15] - |D| - [17199] - C:\Users\bosch pinnacle romai\AppData\LocalLow
[14/04/2020 11:56:53] - |D| - [46814388] - C:\Users\bosch pinnacle romai\AppData\Roaming
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\AppData\Local\Application Data
[14/04/2020 11:58:14] - |D| - [6537756] - C:\Users\bosch pinnacle romai\AppData\Local\assembly
[14/04/2020 11:59:55] - |D| - [60166] - C:\Users\bosch pinnacle romai\AppData\Local\ATI
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\AppData\Local\Historique
[14/04/2020 11:56:53] - |D| - [84968259] - C:\Users\bosch pinnacle romai\AppData\Local\Microsoft
[14/04/2020 12:06:04] - |D| - [57549177] - C:\Users\bosch pinnacle romai\AppData\Local\Mozilla
[14/04/2020 11:57:21] - |D| - [820779] - C:\Users\bosch pinnacle romai\AppData\Local\Packages
[14/04/2020 11:58:55] - |D| - [40960] - C:\Users\bosch pinnacle romai\AppData\Local\Power2Go8
[14/04/2020 11:56:53] - |D| - [5762793] - C:\Users\bosch pinnacle romai\AppData\Local\Temp
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\AppData\Local\Temporary Internet Files
[14/04/2020 11:57:23] - |D| - [0] - C:\Users\bosch pinnacle romai\AppData\Local\VirtualStore
[14/04/2020 11:58:19] - |D| - [17199] - C:\Users\bosch pinnacle romai\AppData\LocalLow\Microsoft
[14/04/2020 12:06:05] - |D| - [0] - C:\Users\bosch pinnacle romai\AppData\LocalLow\Mozilla
[14/04/2020 11:58:16] - |D| - [0] - C:\Users\bosch pinnacle romai\AppData\Roaming\Adobe
[14/04/2020 11:59:55] - |D| - [0] - C:\Users\bosch pinnacle romai\AppData\Roaming\ATI
[14/04/2020 11:58:13] - |D| - [262381] - C:\Users\bosch pinnacle romai\AppData\Roaming\Hewlett-Packard
[14/04/2020 11:56:53] - |SD| - [1134262] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft
[14/04/2020 12:06:04] - |D| - [45417541] - C:\Users\bosch pinnacle romai\AppData\Roaming\Mozilla
[14/04/2020 12:01:03] - |D| - [192] - C:\Users\bosch pinnacle romai\AppData\Roaming\QtProject
[14/04/2020 12:15:25] - |D| - [12] - C:\Users\bosch pinnacle romai\AppData\Roaming\WinRAR
[14/04/2020 11:58:21] - |SH| - [174] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[14/04/2020 11:57:15] - |SHD| - [0] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[14/04/2020 11:56:53] - |RD| - [15053] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[14/04/2020 11:56:53] - |RD| - [3888] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[14/04/2020 11:56:53] - |RD| - [1486] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[14/04/2020 11:58:22] - |RD| - [174] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[14/04/2020 11:58:16] - |SH| - [334] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[14/04/2020 11:58:16] - |A| - [1448] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[14/04/2020 11:56:53] - |D| - [170] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[14/04/2020 11:57:13] - |A| - [2103] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[14/04/2020 11:58:22] - |RD| - [174] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[14/04/2020 11:56:53] - |RD| - [5276] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[14/04/2020 11:58:22] - |SH| - [174] - C:\Users\bosch pinnacle romai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [kevin josiane sandra]

[14/04/2020 09:20:00] - |HD| - [212168410] - C:\Users\kevin josiane sandra\AppData
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Application Data
[14/04/2020 09:22:05] - |RD| - [412] - C:\Users\kevin josiane sandra\Contacts
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Cookies
[14/04/2020 09:20:00] - |RD| - [173814] - C:\Users\kevin josiane sandra\Desktop
[14/04/2020 09:19:56] - |RD| - [204484613] - C:\Users\kevin josiane sandra\Documents
[14/04/2020 09:19:56] - |RD| - [14085770] - C:\Users\kevin josiane sandra\Downloads
[14/04/2020 09:19:56] - |RD| - [1967] - C:\Users\kevin josiane sandra\Favorites
[14/04/2020 09:19:56] - |RD| - [4433] - C:\Users\kevin josiane sandra\Links
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\Local Settings
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Menu Démarrer
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Mes documents
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\Modèles
[14/04/2020 09:19:56] - |RD| - [504] - C:\Users\kevin josiane sandra\Music
[14/04/2020 09:19:56] - |ASH| - [524288] - C:\Users\kevin josiane sandra\NTUSER.DAT
[14/04/2020 09:20:32] - |ASH| - [61440] - C:\Users\kevin josiane sandra\ntuser.dat.LOG1
[14/04/2020 09:20:32] - |ASH| - [0] - C:\Users\kevin josiane sandra\ntuser.dat.LOG2
[14/04/2020 09:20:32] - |ASH| - [65536] - C:\Users\kevin josiane sandra\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf
[14/04/2020 09:20:32] - |ASH| - [524288] - C:\Users\kevin josiane sandra\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms
[14/04/2020 09:20:32] - |ASH| - [524288] - C:\Users\kevin josiane sandra\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms
[14/04/2020 09:20:33] - |ASH| - [20] - C:\Users\kevin josiane sandra\ntuser.ini
[14/04/2020 09:19:56] - |RD| - [504] - C:\Users\kevin josiane sandra\Pictures
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Recent
[14/04/2020 09:19:56] - |RD| - [282] - C:\Users\kevin josiane sandra\Saved Games
[14/04/2020 09:22:05] - |RD| - [1020] - C:\Users\kevin josiane sandra\Searches
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\SendTo
[14/04/2020 09:19:56] - |RD| - [504] - C:\Users\kevin josiane sandra\Videos
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Voisinage d'impression
[14/04/2020 09:20:32] - |SHD| - [0] - C:\Users\kevin josiane sandra\Voisinage réseau
[14/04/2020 09:20:01] - |D| - [181645805] - C:\Users\kevin josiane sandra\AppData\Local
[14/04/2020 09:20:33] - |D| - [53626] - C:\Users\kevin josiane sandra\AppData\LocalLow
[14/04/2020 09:20:00] - |D| - [30468979] - C:\Users\kevin josiane sandra\AppData\Roaming
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\AppData\Local\Application Data
[14/04/2020 09:21:33] - |D| - [6537756] - C:\Users\kevin josiane sandra\AppData\Local\assembly
[14/04/2020 09:23:39] - |D| - [60166] - C:\Users\kevin josiane sandra\AppData\Local\ATI
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\AppData\Local\Historique
[14/04/2020 09:20:01] - |D| - [118190034] - C:\Users\kevin josiane sandra\AppData\Local\Microsoft
[14/04/2020 09:20:43] - |D| - [820779] - C:\Users\kevin josiane sandra\AppData\Local\Packages
[14/04/2020 09:22:40] - |D| - [40960] - C:\Users\kevin josiane sandra\AppData\Local\Power2Go8
[14/04/2020 09:20:01] - |D| - [5317912] - C:\Users\kevin josiane sandra\AppData\Local\Temp
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\AppData\Local\Temporary Internet Files
[14/04/2020 09:20:47] - |D| - [0] - C:\Users\kevin josiane sandra\AppData\Local\VirtualStore
[14/04/2020 09:52:34] - |D| - [50678198] - C:\Users\kevin josiane sandra\AppData\Local\Waterfox
[14/04/2020 09:21:52] - |D| - [53626] - C:\Users\kevin josiane sandra\AppData\LocalLow\Microsoft
[14/04/2020 09:52:41] - |D| - [0] - C:\Users\kevin josiane sandra\AppData\LocalLow\Mozilla
[14/04/2020 09:21:46] - |D| - [0] - C:\Users\kevin josiane sandra\AppData\Roaming\Adobe
[14/04/2020 09:23:39] - |D| - [0] - C:\Users\kevin josiane sandra\AppData\Roaming\ATI
[14/04/2020 09:21:33] - |D| - [262381] - C:\Users\kevin josiane sandra\AppData\Roaming\Hewlett-Packard
[14/04/2020 09:20:00] - |SD| - [1364504] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft
[14/04/2020 09:52:41] - |D| - [0] - C:\Users\kevin josiane sandra\AppData\Roaming\Mozilla
[14/04/2020 09:24:45] - |D| - [192] - C:\Users\kevin josiane sandra\AppData\Roaming\QtProject
[14/04/2020 09:52:34] - |D| - [28841902] - C:\Users\kevin josiane sandra\AppData\Roaming\Waterfox
[14/04/2020 09:22:05] - |SH| - [174] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[14/04/2020 09:20:33] - |SHD| - [0] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[14/04/2020 09:20:00] - |RD| - [15053] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[14/04/2020 09:20:01] - |RD| - [3888] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[14/04/2020 09:20:01] - |RD| - [1486] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[14/04/2020 09:22:05] - |RD| - [174] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[14/04/2020 09:21:46] - |SH| - [334] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[14/04/2020 09:21:46] - |A| - [1448] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[14/04/2020 09:20:01] - |D| - [170] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[14/04/2020 09:20:30] - |A| - [2103] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[14/04/2020 09:22:05] - |RD| - [174] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[14/04/2020 09:20:00] - |RD| - [5276] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[14/04/2020 09:22:05] - |SH| - [174] - C:\Users\kevin josiane sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [kone thyssenkrupp sc]

[14/04/2020 11:41:43] - |HD| - [181391622] - C:\Users\kone thyssenkrupp sc\AppData
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Application Data
[14/04/2020 11:42:50] - |RD| - [412] - C:\Users\kone thyssenkrupp sc\Contacts
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Cookies
[14/04/2020 11:41:43] - |RD| - [282] - C:\Users\kone thyssenkrupp sc\Desktop
[14/04/2020 11:41:41] - |RD| - [204484613] - C:\Users\kone thyssenkrupp sc\Documents
[14/04/2020 11:41:41] - |RD| - [282] - C:\Users\kone thyssenkrupp sc\Downloads
[14/04/2020 11:41:41] - |RD| - [1967] - C:\Users\kone thyssenkrupp sc\Favorites
[14/04/2020 11:41:41] - |RD| - [4433] - C:\Users\kone thyssenkrupp sc\Links
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Local Settings
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Menu Démarrer
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Mes documents
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Modèles
[14/04/2020 11:41:41] - |RD| - [504] - C:\Users\kone thyssenkrupp sc\Music
[14/04/2020 11:41:41] - |ASH| - [524288] - C:\Users\kone thyssenkrupp sc\NTUSER.DAT
[14/04/2020 11:42:01] - |ASH| - [348160] - C:\Users\kone thyssenkrupp sc\ntuser.dat.LOG1
[14/04/2020 11:42:01] - |ASH| - [0] - C:\Users\kone thyssenkrupp sc\ntuser.dat.LOG2
[14/04/2020 11:42:01] - |ASH| - [65536] - C:\Users\kone thyssenkrupp sc\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf
[14/04/2020 11:42:01] - |ASH| - [524288] - C:\Users\kone thyssenkrupp sc\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms
[14/04/2020 11:42:01] - |ASH| - [524288] - C:\Users\kone thyssenkrupp sc\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms
[14/04/2020 11:42:02] - |ASH| - [20] - C:\Users\kone thyssenkrupp sc\ntuser.ini
[14/04/2020 11:41:41] - |RD| - [504] - C:\Users\kone thyssenkrupp sc\Pictures
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Recent
[14/04/2020 11:41:41] - |RD| - [282] - C:\Users\kone thyssenkrupp sc\Saved Games
[14/04/2020 11:42:50] - |RD| - [1020] - C:\Users\kone thyssenkrupp sc\Searches
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\SendTo
[14/04/2020 11:41:41] - |RD| - [504] - C:\Users\kone thyssenkrupp sc\Videos
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Voisinage d'impression
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\Voisinage réseau
[14/04/2020 11:41:43] - |D| - [135776017] - C:\Users\kone thyssenkrupp sc\AppData\Local
[14/04/2020 11:42:02] - |D| - [9668] - C:\Users\kone thyssenkrupp sc\AppData\LocalLow
[14/04/2020 11:41:43] - |D| - [45605937] - C:\Users\kone thyssenkrupp sc\AppData\Roaming
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Local\Application Data
[14/04/2020 11:44:40] - |D| - [6537756] - C:\Users\kone thyssenkrupp sc\AppData\Local\assembly
[14/04/2020 11:44:36] - |D| - [59282] - C:\Users\kone thyssenkrupp sc\AppData\Local\ATI
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Local\Historique
[14/04/2020 11:41:43] - |D| - [84506095] - C:\Users\kone thyssenkrupp sc\AppData\Local\Microsoft
[14/04/2020 11:46:21] - |D| - [38256692] - C:\Users\kone thyssenkrupp sc\AppData\Local\Mozilla
[14/04/2020 11:42:07] - |D| - [820779] - C:\Users\kone thyssenkrupp sc\AppData\Local\Packages
[14/04/2020 11:43:36] - |D| - [40960] - C:\Users\kone thyssenkrupp sc\AppData\Local\Power2Go8
[14/04/2020 11:41:43] - |D| - [5554453] - C:\Users\kone thyssenkrupp sc\AppData\Local\Temp
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Local\Temporary Internet Files
[14/04/2020 11:42:09] - |D| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Local\VirtualStore
[14/04/2020 11:42:05] - |SD| - [9668] - C:\Users\kone thyssenkrupp sc\AppData\LocalLow\Microsoft
[14/04/2020 11:46:22] - |D| - [0] - C:\Users\kone thyssenkrupp sc\AppData\LocalLow\Mozilla
[14/04/2020 11:42:37] - |D| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Adobe
[14/04/2020 11:44:36] - |D| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\ATI
[14/04/2020 11:44:40] - |D| - [262381] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Hewlett-Packard
[14/04/2020 11:41:43] - |SD| - [1127002] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft
[14/04/2020 11:46:21] - |D| - [44216362] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Mozilla
[14/04/2020 11:45:46] - |D| - [192] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\QtProject
[14/04/2020 11:42:50] - |SH| - [174] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[14/04/2020 11:42:02] - |SHD| - [0] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[14/04/2020 11:41:43] - |RD| - [15053] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[14/04/2020 11:41:43] - |RD| - [3888] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[14/04/2020 11:41:43] - |RD| - [1486] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[14/04/2020 11:42:50] - |RD| - [174] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[14/04/2020 11:42:37] - |SH| - [334] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[14/04/2020 11:42:37] - |A| - [1448] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[14/04/2020 11:41:43] - |D| - [170] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[14/04/2020 11:42:01] - |A| - [2103] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[14/04/2020 11:42:50] - |RD| - [174] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[14/04/2020 11:41:43] - |RD| - [5276] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[14/04/2020 11:42:50] - |SH| - [174] - C:\Users\kone thyssenkrupp sc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [NathalieLynnloTorres]

[12/04/2020 18:09:01] - |HD| - [779025344] - C:\Users\NathalieLynnloTorres\AppData
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Application Data
[12/04/2020 18:13:45] - |RD| - [412] - C:\Users\NathalieLynnloTorres\Contacts
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Cookies
[12/04/2020 18:09:01] - |RD| - [49912] - C:\Users\NathalieLynnloTorres\Desktop
[12/04/2020 18:08:59] - |RD| - [204486010] - C:\Users\NathalieLynnloTorres\Documents
[12/04/2020 18:08:59] - |RD| - [80707520] - C:\Users\NathalieLynnloTorres\Downloads
[12/04/2020 18:08:59] - |RD| - [1967] - C:\Users\NathalieLynnloTorres\Favorites
[12/04/2020 18:08:59] - |RD| - [4339] - C:\Users\NathalieLynnloTorres\Links
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Local Settings
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Menu Démarrer
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Mes documents
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Modèles
[12/04/2020 18:08:59] - |RD| - [504] - C:\Users\NathalieLynnloTorres\Music
[12/04/2020 18:08:59] - |ASH| - [786432] - C:\Users\NathalieLynnloTorres\NTUSER.DAT
[12/04/2020 18:09:08] - |ASH| - [40960] - C:\Users\NathalieLynnloTorres\ntuser.dat.LOG1
[12/04/2020 18:09:08] - |ASH| - [0] - C:\Users\NathalieLynnloTorres\ntuser.dat.LOG2
[13/04/2020 16:16:53] - |ASH| - [1048576] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.0.regtrans-ms
[13/04/2020 16:16:53] - |ASH| - [1048576] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.1.regtrans-ms
[13/04/2020 16:16:53] - |ASH| - [1048576] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.2.regtrans-ms
[13/04/2020 16:16:53] - |ASH| - [65536] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc2-d701-11e1-9f13-782bcb37b9d5}.TxR.blf
[12/04/2020 18:09:08] - |ASH| - [65536] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TM.blf
[12/04/2020 18:09:08] - |ASH| - [524288] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000001.regtrans-ms
[12/04/2020 18:09:08] - |ASH| - [524288] - C:\Users\NathalieLynnloTorres\NTUSER.DAT{c62ccdc3-d701-11e1-9f13-782bcb37b9d5}.TMContainer00000000000000000002.regtrans-ms
[12/04/2020 18:09:08] - |SH| - [20] - C:\Users\NathalieLynnloTorres\ntuser.ini
[12/04/2020 18:08:59] - |RD| - [504] - C:\Users\NathalieLynnloTorres\Pictures
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Recent
[12/04/2020 18:08:59] - |RD| - [282] - C:\Users\NathalieLynnloTorres\Saved Games
[12/04/2020 18:13:45] - |RD| - [1020] - C:\Users\NathalieLynnloTorres\Searches
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\SendTo
[12/04/2020 18:08:59] - |RD| - [504] - C:\Users\NathalieLynnloTorres\Videos
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Voisinage d'impression
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\Voisinage réseau
[12/04/2020 18:09:01] - |D| - [747035523] - C:\Users\NathalieLynnloTorres\AppData\Local
[12/04/2020 18:09:08] - |D| - [2044281] - C:\Users\NathalieLynnloTorres\AppData\LocalLow
[12/04/2020 18:09:01] - |D| - [29945540] - C:\Users\NathalieLynnloTorres\AppData\Roaming
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\Application Data
[12/04/2020 18:10:35] - |D| - [6537756] - C:\Users\NathalieLynnloTorres\AppData\Local\assembly
[12/04/2020 18:15:31] - |D| - [60166] - C:\Users\NathalieLynnloTorres\AppData\Local\ATI
[14/04/2020 10:33:04] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\Google
[13/04/2020 16:22:47] - |D| - [482] - C:\Users\NathalieLynnloTorres\AppData\Local\Hewlett-Packard
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\Historique
[12/04/2020 19:01:03] - |AH| - [24234] - C:\Users\NathalieLynnloTorres\AppData\Local\IconCache.db
[12/04/2020 18:55:01] - |D| - [4743] - C:\Users\NathalieLynnloTorres\AppData\Local\Lavasoft
[12/04/2020 18:09:01] - |D| - [153830967] - C:\Users\NathalieLynnloTorres\AppData\Local\Microsoft
[14/04/2020 11:36:21] - |D| - [23965669] - C:\Users\NathalieLynnloTorres\AppData\Local\Mozilla
[12/04/2020 18:09:35] - |D| - [30145571] - C:\Users\NathalieLynnloTorres\AppData\Local\Packages
[12/04/2020 18:14:27] - |D| - [40960] - C:\Users\NathalieLynnloTorres\AppData\Local\Power2Go8
[12/04/2020 18:41:47] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\Programs
[12/04/2020 18:09:01] - |D| - [532424975] - C:\Users\NathalieLynnloTorres\AppData\Local\Temp
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\Temporary Internet Files
[12/04/2020 18:09:42] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Local\VirtualStore
[12/04/2020 18:09:56] - |SD| - [2044281] - C:\Users\NathalieLynnloTorres\AppData\LocalLow\Microsoft
[14/04/2020 11:36:26] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\LocalLow\Mozilla
[12/04/2020 18:13:36] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Adobe
[12/04/2020 18:15:31] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Roaming\ATI
[12/04/2020 18:10:31] - |D| - [263329] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Hewlett-Packard
[13/04/2020 22:52:20] - |D| - [0] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Identities
[12/04/2020 18:54:18] - |D| - [20] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Lavasoft
[12/04/2020 18:09:01] - |SD| - [1412207] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft
[14/04/2020 11:36:20] - |D| - [28260625] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Mozilla
[12/04/2020 18:50:24] - |D| - [192] - C:\Users\NathalieLynnloTorres\AppData\Roaming\QtProject
[12/04/2020 18:48:19] - |D| - [9155] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Systweak
[12/04/2020 18:55:08] - |D| - [12] - C:\Users\NathalieLynnloTorres\AppData\Roaming\WinRAR
[12/04/2020 18:13:45] - |SH| - [174] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[12/04/2020 18:09:08] - |SHD| - [0] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[12/04/2020 18:09:01] - |RD| - [21119] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[12/04/2020 18:09:01] - |RD| - [3888] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[12/04/2020 18:09:01] - |RD| - [1486] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[12/04/2020 18:13:45] - |RD| - [174] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[12/04/2020 18:13:36] - |SH| - [334] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[12/04/2020 18:13:36] - |A| - [1448] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[12/04/2020 18:09:01] - |D| - [170] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[12/04/2020 18:09:06] - |A| - [2103] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[12/04/2020 18:13:45] - |RD| - [174] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[12/04/2020 18:09:01] - |RD| - [5276] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[14/04/2020 10:55:02] - |D| - [1717] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[12/04/2020 18:52:40] - |D| - [4349] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[12/04/2020 18:13:45] - |SH| - [174] - C:\Users\NathalieLynnloTorres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[12/04/2020 17:39:23] - |RHD| - [196] - C:\Users\Public\AccountPictures
[14/04/2020 13:05:28] - |D| - [72] - C:\Users\Public\BlueStacks
[14/04/2020 13:05:28] - |D| - [4011] - C:\Users\Public\CyberLink
[26/07/2012 10:12:59] - |RHD| - [21111] - C:\Users\Public\Desktop
[26/07/2012 10:13:00] - |ASH| - [174] - C:\Users\Public\desktop.ini
[26/07/2012 10:12:59] - |RD| - [1164139] - C:\Users\Public\Documents
[26/07/2012 10:12:59] - |RD| - [174] - C:\Users\Public\Downloads
[26/07/2012 10:12:59] - |RHD| - [1174] - C:\Users\Public\Libraries
[26/07/2012 10:12:59] - |RD| - [380] - C:\Users\Public\Music
[26/07/2012 10:12:59] - |RD| - [380] - C:\Users\Public\Pictures
[05/03/2013 01:49:07] - |D| - [30936] - C:\Users\Public\Symantec
[26/07/2012 10:12:59] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[14/04/2020 11:09:04] - |D| - [36899] - C:\ProgramData\360Quarant
[14/04/2020 11:09:04] - |D| - [2746698] - C:\ProgramData\ABBYY
[14/04/2020 11:09:15] - |D| - [459807875] - C:\ProgramData\Abelssoft
[14/04/2020 11:12:54] - |D| - [3423706] - C:\ProgramData\Acebyte
[14/04/2020 11:13:12] - |D| - [13657248] - C:\ProgramData\ADiag
[14/04/2020 11:13:14] - |D| - [0] - C:\ProgramData\Adobe
[14/04/2020 11:00:45] - |A| - [102940] - C:\ProgramData\agent.1579417490.bdinstall.v2.bin
[14/04/2020 11:00:45] - |A| - [42004] - C:\ProgramData\agent.1579700723.10212.v2.bin
[14/04/2020 11:00:45] - |A| - [42004] - C:\ProgramData\agent.1579714760.9016.v2.bin
[14/04/2020 11:00:45] - |A| - [42004] - C:\ProgramData\agent.1579760988.9144.v2.bin
[14/04/2020 11:00:45] - |A| - [42004] - C:\ProgramData\agent.1579783488.13888.v2.bin
[14/04/2020 11:00:45] - |A| - [45924] - C:\ProgramData\agent.uninstall.1579681800.bdinstall.v2.bin
[14/04/2020 11:00:46] - |A| - [75180] - C:\ProgramData\agent.update.1579441777.bdinstall.v2.bin
[14/04/2020 11:13:14] - |D| - [0] - C:\ProgramData\Aimersoft
[14/04/2020 11:00:48] - |D| - [443] - C:\ProgramData\AomeiBR
[05/03/2013 01:35:50] - |D| - [182422055] - C:\ProgramData\Apple
[14/04/2020 11:01:06] - |D| - [166125733] - C:\ProgramData\Apple Computer
[26/07/2012 09:22:08] - |SHD| - [0] - C:\ProgramData\Application Data
[14/04/2020 11:13:14] - |D| - [786701] - C:\ProgramData\Ashampoo
[14/04/2020 11:01:22] - |D| - [0] - C:\ProgramData\Atc
[05/03/2013 01:21:33] - |D| - [186] - C:\ProgramData\ATI
[12/04/2020 18:52:31] - |D| - [2427664] - C:\ProgramData\Avast Software
[14/04/2020 11:13:15] - |D| - [275294] - C:\ProgramData\AVG
[14/04/2020 11:01:22] - |D| - [27497054] - C:\ProgramData\Avira
[14/04/2020 11:13:16] - |D| - [0] - C:\ProgramData\AVS4YOU
[14/04/2020 11:01:31] - |D| - [0] - C:\ProgramData\BDLogging
[14/04/2020 11:01:31] - |D| - [0] - C:\ProgramData\Bitdefender Agent
[14/04/2020 11:09:02] - |D| - [104680] - C:\ProgramData\boost_interprocess
[14/04/2020 11:01:31] - |D| - [89242] - C:\ProgramData\Broadcom
[12/04/2020 17:39:22] - |SHD| - [0] - C:\ProgramData\Bureau
[14/04/2020 11:13:16] - |D| - [0] - C:\ProgramData\BVRP Software
[14/04/2020 11:13:16] - |D| - [0] - C:\ProgramData\cache
[14/04/2020 11:01:32] - |AD| - [0] - C:\ProgramData\CacheWrite
[14/04/2020 11:00:46] - |A| - [813740] - C:\ProgramData\cl.1579418035.bdinstall.v2.bin
[14/04/2020 11:00:46] - |A| - [107624] - C:\ProgramData\cl.1579681818.bdinstall.v2.bin
[14/04/2020 11:00:46] - |A| - [102308] - C:\ProgramData\cl.kit.1579418024.bdinstall.v2.bin
[14/04/2020 11:00:46] - |A| - [406864] - C:\ProgramData\cl.uninstall.1579681754.bdinstall.v2.bin
[14/04/2020 11:01:32] - |D| - [108] - C:\ProgramData\CLSK
[05/03/2013 01:28:53] - |D| - [6901586] - C:\ProgramData\CyberLink
[26/07/2012 09:22:08] - |SHD| - [0] - C:\ProgramData\Desktop
[14/04/2020 11:00:46] - |A| - [63589] - C:\ProgramData\dm.1579441695.bdinstall.bin
[14/04/2020 11:00:47] - |A| - [20355] - C:\ProgramData\dm.1579681806.bdinstall.bin
[14/04/2020 11:00:47] - |A| - [38141] - C:\ProgramData\dm.uninstall.1579681771.bdinstall.bin
[26/07/2012 09:22:08] - |SHD| - [0] - C:\ProgramData\Documents
[14/04/2020 11:13:16] - |D| - [62] - C:\ProgramData\Easy Duplicate Finder
[14/04/2020 11:13:16] - |D| - [0] - C:\ProgramData\EdrawSoft
[14/04/2020 11:13:16] - |D| - [13694] - C:\ProgramData\Emsisoft
[14/04/2020 11:13:16] - |D| - [0] - C:\ProgramData\ESET
[14/04/2020 11:13:16] - |D| - [231920455] - C:\ProgramData\F-Secure
[14/04/2020 11:16:10] - |D| - [49932] - C:\ProgramData\FileOpen
[14/04/2020 11:01:53] - |D| - [0] - C:\ProgramData\Gemma
[14/04/2020 11:16:12] - |D| - [41] - C:\ProgramData\GlarySoft
[14/04/2020 10:35:25] - |D| - [12722] - C:\ProgramData\Google
[14/04/2020 11:16:12] - |D| - [78] - C:\ProgramData\GRETECH
[05/03/2013 01:17:19] - |D| - [126790060] - C:\ProgramData\Hewlett-Packard
[14/04/2020 11:16:12] - |D| - [69997] - C:\ProgramData\HitmanPro
[14/04/2020 11:16:12] - |D| - [98204] - C:\ProgramData\Immunet
[14/04/2020 11:01:53] - |D| - [9751] - C:\ProgramData\Innovative Solutions
[14/04/2020 11:16:13] - |D| - [0] - C:\ProgramData\install_backup
[05/03/2013 01:28:11] - |D| - [199478] - C:\ProgramData\install_clap
[14/04/2020 11:04:55] - |D| - [148821962] - C:\ProgramData\Intel
[14/04/2020 11:16:13] - |D| - [264] - C:\ProgramData\IObit
[14/04/2020 11:16:13] - |D| - [28501] - C:\ProgramData\Kingsoft
[14/04/2020 11:05:34] - |D| - [0] - C:\ProgramData\Lamia
[12/04/2020 18:51:31] - |D| - [76033] - C:\ProgramData\Lavasoft
[14/04/2020 11:16:13] - |D| - [143] - C:\ProgramData\Licenses
[14/04/2020 11:05:34] - |D| - [259] - C:\ProgramData\LogiShrd
[14/04/2020 11:05:35] - |D| - [0] - C:\ProgramData\Logs
[14/04/2020 11:00:43] - |A| - [2064264] - C:\ProgramData\MakeMarkerFile.exe
[14/04/2020 11:00:45] - |A| - [3004] - C:\ProgramData\MakeMarkerFile.xml
[14/04/2020 11:16:13] - |D| - [416921471] - C:\ProgramData\Malwarebytes
[12/04/2020 17:39:22] - |SHD| - [0] - C:\ProgramData\Menu Démarrer
[26/07/2012 07:37:58] - |SD| - [2150300933] - C:\ProgramData\Microsoft
[05/03/2013 01:45:17] - |D| - [0] - C:\ProgramData\Microsoft SkyDrive
[14/04/2020 11:00:47] - |A| - [115] - C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[05/03/2013 01:59:25] - |A| - [141] - C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[12/04/2020 17:39:22] - |SHD| - [0] - C:\ProgramData\Modèles
[14/04/2020 09:52:34] - |D| - [48] - C:\ProgramData\Mozilla
[05/03/2013 01:48:08] - |D| - [355270867] - C:\ProgramData\Norton
[05/03/2013 01:47:28] - |D| - [41585071] - C:\ProgramData\NortonInstaller
[14/04/2020 11:00:47] - |A| - [290] - C:\ProgramData\ntuser.pol
[14/04/2020 11:05:50] - |D| - [1346862943] - C:\ProgramData\Package Cache
[14/04/2020 11:08:29] - |D| - [0] - C:\ProgramData\Packages
[01/08/2012 19:06:12] - |D| - [49312] - C:\ProgramData\PRICache
[14/04/2020 13:05:12] - |D| - [259] - C:\ProgramData\ProductData
[13/04/2020 02:40:15] - |D| - [27114059] - C:\ProgramData\Recovery
[26/07/2012 10:12:59] - |D| - [984] - C:\ProgramData\regid.1991-06.com.microsoft
[14/04/2020 13:05:12] - |D| - [1094] - C:\ProgramData\Registry First Aid
[14/04/2020 13:05:13] - |D| - [660704] - C:\ProgramData\ReviverSoft
[14/04/2020 13:05:15] - |D| - [224043] - C:\ProgramData\RogueKiller
[14/04/2020 11:08:29] - |D| - [661411] - C:\ProgramData\Samsung
[14/04/2020 11:08:32] - |D| - [0] - C:\ProgramData\Shared Space
[14/04/2020 11:08:32] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[26/07/2012 09:22:08] - |SHD| - [0] - C:\ProgramData\Start Menu
[14/04/2020 11:08:32] - |D| - [3665] - C:\ProgramData\StartMenuX
[14/04/2020 11:08:29] - |D| - [0] - C:\ProgramData\SUPPORTDIR
[14/04/2020 11:08:32] - |D| - [8352] - C:\ProgramData\SystemAcCrux
[05/03/2013 01:25:25] - |D| - [1508070] - C:\ProgramData\Temp
[26/07/2012 09:22:08] - |SHD| - [0] - C:\ProgramData\Templates
[14/04/2020 11:08:32] - |D| - [9081] - C:\ProgramData\ToastGenerator
[14/04/2020 11:08:33] - |D| - [10076] - C:\ProgramData\USOPrivate
[14/04/2020 11:08:33] - |D| - [2195456] - C:\ProgramData\USOShared
[14/04/2020 09:53:31] - |D| - [0] - C:\ProgramData\UVK
[14/04/2020 11:00:47] - |A| - [73817] - C:\ProgramData\vpn.1579441738.bdinstall.bin
[14/04/2020 11:00:47] - |A| - [40329] - C:\ProgramData\vpn.uninstall.1579681824.bdinstall.bin
[05/03/2013 01:30:04] - |D| - [3440387570] - C:\ProgramData\WildTangent
[14/04/2020 11:09:03] - |D| - [583734] - C:\ProgramData\{4C13979D-F8C4-41F2-B4D5-07A2A4FB8F6B}
[05/03/2013 01:20:47] - |D| - [46414838] - C:\ProgramData\{AFF99647-6D64-46F2-934A-F12F468037F6}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[26/07/2012 10:13:01] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[12/04/2020 17:39:22] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[26/07/2012 10:12:59] - |RD| - [141680] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[12/04/2020 18:52:40] - |A| - [1059] - C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[26/07/2012 10:12:59] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[26/07/2012 10:12:59] - |RD| - [18212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[26/07/2012 10:12:59] - |RD| - [25611] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/03/2013 01:35:37] - |A| - [1118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
[05/03/2013 01:37:48] - |A| - [1502] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Universal Music Group.lnk
[26/07/2012 10:13:01] - |ASH| - [1064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[25/07/2012 22:21:52] - |RAS| - [787] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[14/04/2020 11:35:51] - |A| - [890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk
[05/03/2013 01:30:09] - |RD| - [14985] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[05/03/2013 01:23:32] - |RD| - [13379] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[25/07/2012 22:32:35] - |RAS| - [2312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[12/04/2020 18:55:35] - |D| - [2481] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[26/07/2012 10:12:59] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[12/04/2020 18:42:21] - |A| - [2229] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
[05/03/2013 01:27:05] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
[12/04/2020 18:47:30] - |D| - [2161] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
[12/04/2020 18:48:57] - |D| - [2053] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker
[05/03/2013 01:46:34] - |A| - [1308] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[05/03/2013 01:28:52] - |RD| - [10353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[13/04/2020 16:47:40] - |RD| - [2604] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
[05/03/2013 01:46:30] - |A| - [1377] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[05/03/2013 01:29:57] - |RD| - [7612] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[05/03/2013 01:25:55] - |RD| - [4633] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[12/04/2020 18:13:03] - |RD| - [2292] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[14/04/2020 10:36:56] - |D| - [852] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[26/07/2012 10:12:59] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[26/07/2012 10:12:59] - |RD| - [7540] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[12/04/2020 18:47:27] - |D| - [2412] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Software Updater
[12/04/2020 18:47:28] - |A| - [1215] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systweak Software Updater.lnk
[26/07/2012 11:45:49] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[25/07/2012 22:13:01] - |RAS| - [2028] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
[12/04/2020 18:52:41] - |D| - [4277] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[26/07/2012 10:13:01] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[05/03/2013 01:20:22] - |D| - [2249244] - C:\Program Files (x86)\AMD APP
[05/03/2013 01:19:36] - |D| - [61769375] - C:\Program Files (x86)\ATI Technologies
[05/03/2013 01:35:50] - |D| - [631116] - C:\Program Files (x86)\Bonjour
[26/07/2012 07:37:58] - |D| - [155155529] - C:\Program Files (x86)\Common Files
[05/03/2013 01:37:47] - |D| - [2681352] - C:\Program Files (x86)\Connected Music powered by Universal Music Group
[05/03/2013 01:28:38] - |D| - [1006144052] - C:\Program Files (x86)\CyberLink
[26/07/2012 10:13:01] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[14/04/2020 10:33:05] - |D| - [32748706] - C:\Program Files (x86)\Google
[05/03/2013 01:14:24] - |D| - [205086087] - C:\Program Files (x86)\Hewlett-Packard
[05/03/2013 01:30:13] - |D| - [819684332] - C:\Program Files (x86)\HP Games
[05/03/2013 01:35:37] - |D| - [703526] - C:\Program Files (x86)\HPConnectedMusic
[05/03/2013 01:18:18] - |HD| - [125015756] - C:\Program Files (x86)\InstallShield Installation Information
[26/07/2012 10:12:59] - |D| - [4846154] - C:\Program Files (x86)\Internet Explorer
[12/04/2020 18:53:47] - |D| - [33274060] - C:\Program Files (x86)\Lavasoft
[12/04/2020 18:39:36] - |D| - [639364291] - C:\Program Files (x86)\Microsoft
[05/03/2013 01:27:04] - |D| - [6380526] - C:\Program Files (x86)\Microsoft Office
[05/03/2013 01:45:48] - |D| - [5563840] - C:\Program Files (x86)\Microsoft SkyDrive
[05/03/2013 01:46:24] - |D| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[26/07/2012 10:12:59] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[14/04/2020 11:35:49] - |D| - [336821] - C:\Program Files (x86)\Mozilla Maintenance Service
[01/08/2012 19:08:42] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[05/03/2013 01:48:08] - |D| - [1943947089] - C:\Program Files (x86)\Norton Internet Security
[05/03/2013 01:47:28] - |D| - [100467251] - C:\Program Files (x86)\NortonInstaller
[05/03/2013 01:30:04] - |RD| - [1614137] - C:\Program Files (x86)\Online Services
[14/04/2020 09:50:42] - |D| - [18175869] - C:\Program Files (x86)\PC Cleaner
[05/03/2013 01:18:18] - |D| - [48454551] - C:\Program Files (x86)\Realtek
[01/08/2012 19:08:43] - |D| - [38302977] - C:\Program Files (x86)\Reference Assemblies
[14/04/2020 10:32:49] - |D| - [6556752] - C:\Program Files (x86)\Segurazo
[14/04/2020 09:47:13] - |D| - [6084309] - C:\Program Files (x86)\Smart Privacy Cleaner
[05/03/2013 01:49:07] - |D| - [2562624] - C:\Program Files (x86)\SymSilent
[12/04/2020 18:47:20] - |D| - [13187380] - C:\Program Files (x86)\Systweak Software Updater
[05/03/2013 01:18:18] - |HD| - [0] - C:\Program Files (x86)\Temp
[14/04/2020 09:50:45] - |D| - [76596964] - C:\Program Files (x86)\UnHackMe
[05/03/2013 01:34:48] - |D| - [462216] - C:\Program Files (x86)\WildGames
[05/03/2013 01:30:05] - |D| - [16468366] - C:\Program Files (x86)\WildTangent Games
[26/07/2012 10:12:59] - |D| - [912384] - C:\Program Files (x86)\Windows Defender
[05/03/2013 01:46:07] - |D| - [90972365] - C:\Program Files (x86)\Windows Live
[26/07/2012 10:12:59] - |D| - [5731328] - C:\Program Files (x86)\Windows Mail
[26/07/2012 10:12:59] - |D| - [3663899] - C:\Program Files (x86)\Windows Media Player
[26/07/2012 10:12:59] - |D| - [219648] - C:\Program Files (x86)\Windows Multimedia Platform
[26/07/2012 10:12:59] - |D| - [7594554] - C:\Program Files (x86)\Windows NT
[26/07/2012 10:12:59] - |D| - [5479880] - C:\Program Files (x86)\Windows Photo Viewer
[26/07/2012 10:12:59] - |D| - [219648] - C:\Program Files (x86)\Windows Portable Devices
[26/07/2012 10:12:59] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[14/04/2020 09:50:45] - |D| - [8263240] - C:\Program Files (x86)\WinThruster

---------- | \Program Files

[05/03/2013 01:19:37] - |D| - [27488048] - \Program Files\ATI
[12/04/2020 18:54:47] - |D| - [356554979] - \Program Files\Avast Software
[05/03/2013 01:35:50] - |D| - [613967] - \Program Files\Bonjour
[26/07/2012 07:37:58] - |D| - [68772346] - \Program Files\Common Files
[14/04/2020 10:31:05] - |D| - [52780349] - \Program Files\DAEMON Tools Lite
[26/07/2012 10:13:11] - |ASH| - [174] - \Program Files\desktop.ini
[12/04/2020 17:39:22] - |SHD| - [0] - \Program Files\Fichiers communs
[14/04/2020 10:36:26] - |D| - [251208] - \Program Files\Google
[05/03/2013 01:14:23] - |D| - [3855844] - \Program Files\Hewlett-Packard
[26/07/2012 10:12:59] - |D| - [6684563] - \Program Files\Internet Explorer
[12/04/2020 18:45:53] - |D| - [76941531] - \Program Files\MiniTool Partition Wizard 12
[12/04/2020 18:46:28] - |D| - [112799481] - \Program Files\MiniTool ShadowMaker
[01/08/2012 19:08:13] - |D| - [25757] - \Program Files\MSBuild
[05/03/2013 01:43:57] - |RD| - [600796] - \Program Files\Online Services
[05/03/2013 01:09:52] - |D| - [31620520] - \Program Files\Realtek
[01/08/2012 19:08:13] - |D| - [36650665] - \Program Files\Reference Assemblies
[14/04/2020 09:47:00] - |D| - [22790724] - \Program Files\RFA 11
[05/03/2013 01:49:04] - |D| - [0] - \Program Files\Symantec
[26/07/2012 09:22:18] - |HD| - [0] - \Program Files\Uninstall Information
[26/07/2012 10:12:59] - |D| - [6170528] - \Program Files\Windows Defender
[26/07/2012 11:45:49] - |D| - [8949880] - \Program Files\Windows Journal
[26/07/2012 10:12:59] - |D| - [6188032] - \Program Files\Windows Mail
[26/07/2012 10:12:59] - |D| - [5638207] - \Program Files\Windows Media Player
[26/07/2012 10:12:59] - |D| - [277504] - \Program Files\Windows Multimedia Platform
[26/07/2012 10:12:59] - |D| - [7960634] - \Program Files\Windows NT
[26/07/2012 10:12:59] - |D| - [6429128] - \Program Files\Windows Photo Viewer
[26/07/2012 10:12:59] - |D| - [277504] - \Program Files\Windows Portable Devices
[26/07/2012 10:12:59] - |SHD| - [0] - \Program Files\Windows Sidebar
[26/07/2012 10:12:59] - |HD| - [1083388779] - \Program Files\WindowsApps
[12/04/2020 18:52:30] - |D| - [7397969] - \Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[05/03/2013 01:37:28] - |D| - [94320] - C:\Program Files (x86)\Common Files\CyberLink
[05/03/2013 01:18:12] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield
[26/07/2012 10:12:59] - |D| - [16758025] - C:\Program Files (x86)\Common Files\Microsoft Shared
[26/07/2012 10:12:59] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[12/04/2020 18:33:48] - |D| - [671120] - C:\Program Files (x86)\Common Files\Symantec Shared
[26/07/2012 10:12:59] - |D| - [9863051] - C:\Program Files (x86)\Common Files\System
[05/03/2013 01:45:06] - |D| - [125659747] - C:\Program Files (x86)\Common Files\Windows Live

---------- | \Program Files\Common files

[05/03/2013 01:09:47] - |D| - [654848] - \Program Files\Common files\ATI Technologies
[26/07/2012 10:12:59] - |D| - [56603863] - \Program Files\Common files\microsoft shared
[26/07/2012 10:12:59] - |D| - [2702] - \Program Files\Common files\Services
[05/03/2013 01:49:04] - |D| - [384266] - \Program Files\Common files\Symantec Shared
[26/07/2012 10:12:59] - |D| - [11126667] - \Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [26/07/2012 09:22:10] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.0A9917623AAD7E8BD617619AEF6D10EC] - [14/04/2020 10:33:44] - |A| - [3376] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.BAFAD3884E9118EA6770D6A973C08769] - [14/04/2020 10:33:48] - |A| - [3504] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [05/03/2013 01:24:20] - |D| - [20628] - C:\Windows\System32\Tasks\Hewlett-Packard
[MD5.00000000000000000000000000000000] - [26/07/2012 10:12:59] - |D| - [360276] - C:\Windows\System32\Tasks\Microsoft
[MD5.6B2E105AB8C086652A6E851610EC805C] - [12/04/2020 18:39:58] - |A| - [3406] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore         :   C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[MD5.64FA8A2DDCE7DDF029E8BEE210405E86] - [12/04/2020 18:40:00] - |A| - [3534] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA         :   C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
[MD5.EC80841AB11966908FA061C766C3B485] - [12/04/2020 18:47:44] - |A| - [3224] - C:\Windows\System32\Tasks\MiniToolPartitionWizard         :   C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
[MD5.00000000000000000000000000000000] - [14/04/2020 11:35:54] - |D| - [3498] - C:\Windows\System32\Tasks\Mozilla
[MD5.00000000000000000000000000000000] - [14/04/2020 08:55:21] - |D| - [6786] - C:\Windows\System32\Tasks\Norton Internet Security
[MD5.D8F3A86E56221D5CCC2609B653D729DA] - [05/03/2013 01:49:04] - |A| - [3236] - C:\Windows\System32\Tasks\Norton WSC Integration         :   "C:\Program Files (x86)\Norton Internet Security\Engine\22.19.9.63\WSCStub.exe"
[MD5.DD997EB46F6E64FABC0BF0BE7E477F23] - [12/04/2020 18:53:18] - |A| - [3454] - C:\Windows\System32\Tasks\Notifier         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.5EB9F59F87D6A16B01693D3FFD02FBF0] - [12/04/2020 18:53:26] - |A| - [3406] - C:\Windows\System32\Tasks\Notifier_startup         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.A9FBA5265B52A9141A44F46C4E70CF2E] - [12/04/2020 18:21:29] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1001         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.4C2D7FB04666C059C8FBFD4AA483AE89] - [14/04/2020 09:27:58] - |A| - [3594] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1004         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.F0159EB29B6AFDB753A82A8DFB0A70A3] - [14/04/2020 11:49:12] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1005         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.62E426BEE4B72D3D72BB0CD3AF036724] - [14/04/2020 12:04:28] - |A| - [3594] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2775032808-3154049738-94599714-1007         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.153B2C07812DDC5770C969D1008BE141] - [13/04/2020 16:23:34] - |A| - [3374] - C:\Windows\System32\Tasks\Systweak Software UpdaterNotifier         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.2181508EA7F3255EE50DB0991807D515] - [13/04/2020 16:23:33] - |A| - [3278] - C:\Windows\System32\Tasks\Systweak Software UpdaterNotifier_startup         :   C:\Program Files (x86)\Systweak Software Updater\SSUNotifier.exe
[MD5.00000000000000000000000000000000] - [12/04/2020 18:14:15] - |D| - [18072] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [26/07/2012 10:12:59] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E7985E1D-C36F-4787-80A8-6350D07E9266}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{30A328EA-A9F1-4991-A8A7-ECFAC2870676}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{C5B62B61-5218-4C9B-9939-8B1B7619E45B}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{4B07539D-4D04-4B2F-BAE4-D88610C648B4}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{FF187569-0167-4E8A-A092-08023B231A5B}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service|
"{5FCA5AF1-8CB5-40DC-9489-93BACEE128DB}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
"{618138FE-8DB2-4E09-8215-2C87E6D8169A}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive|
"{BD01E8EF-D2BE-44EF-978D-ABFA0F8CF8E5}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE|
"{D6E833CF-0421-4571-9A10-383436754E3C}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|
"{671AE137-3655-4619-8CBD-1BD81200AD57}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|
"{D7DB2FE4-1355-4CDB-90C8-00958F8703E7}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Getting Started with Windows 8|Desc=Getting Started with Windows 8|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=Getting Started with Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{F13AFF58-C8F3-40DE-84AC-0E2EDC649243}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{396F74DB-FB40-437B-B0C6-603ABC70EE1D}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{7ABC9EA3-BD71-4F5D-B64E-1604FA947E32}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|
"{F1749025-BD55-4B45-B11D-FC85CD7650CA}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{CD778A7F-D3A0-45B9-8BD8-08133765846F}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{BDFA8750-4AF3-4CA4-AA3A-EE815F84F68E}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{CCBBB1E6-2B88-4C2B-BBD1-455610D73B41}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Norton Studio|Desc=Norton Studio|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1001|AppPkgId=S-1-15-2-3342756179-808701018-336801113-2653072947-1322651050-3274280541-3025550173|EmbedCtxt=Norton Studio|Platform=2:6:2|Platform2=GTEQ|
"{C3F51DFA-5077-4498-8BA8-4DD13E2B6DB5}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\MiniTool ShadowMaker\AgentService.exe|Name=AgentService.exe|
"{64C1A00D-505C-4A26-8C67-D5209FC0180D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\MiniTool ShadowMaker\AgentService.exe|Name=AgentService.exe|
"{330889C2-1670-435A-AC63-F956357630FF}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge|
"{7F85A145-961A-467B-8392-B5CBD1446F07}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Getting Started with Windows 8|Desc=Getting Started with Windows 8|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=Getting Started with Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{886EEA51-73AA-45CF-BBC5-19BC20086363}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{A3CDD9E0-8ADF-4570-AB8F-6F8CA87A589D}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{A59E949E-BAFF-408D-A8FA-62D022AEC3A0}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|
"{7015F27E-E286-4AD7-A70C-706DB589B818}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{96A15077-2429-4A29-9056-24BA292158F0}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{07C514FE-8E2A-4F22-A6F9-90DB55FDD140}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{B6F13B83-4227-43E6-9224-C54D5A078B58}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Norton Studio|Desc=Norton Studio|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1004|AppPkgId=S-1-15-2-3342756179-808701018-336801113-2653072947-1322651050-3274280541-3025550173|EmbedCtxt=Norton Studio|Platform=2:6:2|Platform2=GTEQ|
"{23BBDEAC-7A4D-49C6-A58D-13563FE44533}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=H:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe|Name=Ultra Virus Killer|
"{2AE86107-9DC3-4E85-8C0D-B6EA5345AF7F}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=H:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe|Name=Ultra Virus Killer|
"{2B09852A-4612-4E0E-9F60-DF19EC66EDC3}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=H:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe|Name=Ultra Virus Killer (TCP-OUT)|
"{60063017-7B35-4BD9-8A07-AAF5D5B6EF68}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\Applications Installées\Firefox Nightly\firefox.exe|Name=Firefox Nightly (D:\Applications Installées\Firefox Nightly)|
"{B2B2C35C-7A53-4AF1-81EC-41B5509A2854}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\Applications Installées\Firefox Nightly\firefox.exe|Name=Firefox Nightly (D:\Applications Installées\Firefox Nightly)|
"{E48EC429-E719-4881-AF4E-356BCE1E0181}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\MiniTool ShadowMaker\AgentService.exe|Name=AgentService.exe|
"{1BA89A9B-FDBA-4D36-B407-64A95CAE47F7}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\MiniTool ShadowMaker\AgentService.exe|Name=AgentService.exe|
"{5BCB44DA-FF27-4E42-A339-ADBE348F1810}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Getting Started with Windows 8|Desc=Getting Started with Windows 8|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=Getting Started with Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{81607AAE-C7D2-47F1-BC55-64B3BC6DE636}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{B94DE274-0918-4BAE-8497-A67F5E306663}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{FF8D1F48-BABF-4FBE-9DFF-74B2630A98BB}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|
"{FF659725-D97F-441E-9F96-4C90FE60D25D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{43DE8BFE-9AE2-4037-BC76-34E63503FD49}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{1178613C-1252-4F34-B64F-C09964374CED}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1EBE2750-77A7-4EA3-932E-83BF7944EA0B}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Norton Studio|Desc=Norton Studio|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1005|AppPkgId=S-1-15-2-3342756179-808701018-336801113-2653072947-1322651050-3274280541-3025550173|EmbedCtxt=Norton Studio|Platform=2:6:2|Platform2=GTEQ|
"{25978C85-C11B-4467-87EF-40FD45F1422D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=53000|Name=HPConnectedRemoteService.exe|
"{21B0DDCE-A560-4599-8ABA-87A3D1C7C8BD}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Name=HPConnectedRemoteService.exe|
"{C2854B8F-27E7-47EC-B606-73AF67EC8DAC}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=52000|Name=HPConnectedRemoteUser.exe|
"{EA223E23-0651-4B7F-9F78-54FB93EE104A}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Getting Started with Windows 8|Desc=Getting Started with Windows 8|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=Getting Started with Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{9D78C64C-3E1E-44EA-8786-6C4F8464075A}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{37F38232-EBF4-4C00-A0D8-D6358887A5EC}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{C65DFCA5-1FAE-4871-A3BD-C963D2E1E472}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|
"{C8DDE42D-3051-4EFC-86A8-AEDB7F98A69D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{50145777-411E-4AC5-B0CA-B33DAAF9A929}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{361D603F-8C1A-4A06-8457-A3DCB586E057}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{0E60EEEF-FE74-4F01-BE66-3954858F3CB1}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Norton Studio|Desc=Norton Studio|LUOwn=S-1-5-21-2775032808-3154049738-94599714-1007|AppPkgId=S-1-15-2-3342756179-808701018-336801113-2653072947-1322651050-3274280541-3025550173|EmbedCtxt=Norton Studio|Platform=2:6:2|Platform2=GTEQ|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{54505F9E-EE66-4F1D-A63B-B853A1759385}] : (SymNetS) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{56EBD688-B772-4181-9610-8633FCEE988D}] : (SymIRON) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7E0006EA-81A8-4780-B0C8-474E2DBF4D63}] : (IDSVia64) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997b5d8d-c442-4f2e-baf3-9c8e671e9e21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bc103702-dd72-406f-9b28-95c868337b59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{F3B48D0C-52F3-4969-95F5-3F80F029CBFA}] : (SymEvnt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[13/04/2020 16:51:05] - (7.3.2.2) - (Symantec Corporation - Symantec Extended File Attributes) - C:\Windows\System32\drivers\NGCx64\1613090.03F\SYMEFASI64.SYS
[12/04/2020 18:49:39] - (0.0.0.0) - ( -) - C:\Windows\system32\pwdrvio.sys
[13/04/2020 16:50:27] - (17.2.2.11) - (Symantec Corporation - Common Client Settings Driver) - C:\Windows\System32\drivers\NGCx64\1613090.03F\ccSetx64.sys
[05/03/2013 01:37:30] - (1.0.0.621) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
[30/07/2012 13:00:23] - (2.1.0.7) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\Windows\system32\DRIVERS\L1C63x64.sys
[26/07/2012 10:13:07] - (4.3.86.0) - (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - Macrovision SECURITY Driver) - C:\Windows\System32\Drivers\secdrv.SYS
[13/04/2020 16:51:01] - (15.7.9.15) - (Symantec Corporation - Symantec AutoProtect) - C:\Windows\System32\drivers\NGCx64\1613090.03F\SRTSPX64.SYS
[13/04/2020 16:51:00] - (17.0.2.2) - (Symantec Corporation - Network Security Driver) - C:\Windows\System32\drivers\NGCx64\1613090.03F\symnets.sys
[05/03/2013 01:49:04] - (14.0.7.71) - (Symantec Corporation - Symantec Event Library) - C:\windows\system32\Drivers\SYMEVENT64x86.SYS
[13/04/2020 16:50:37] - (9.1.0.17) - (Symantec Corporation - Iron Driver) - C:\Windows\System32\drivers\NGCx64\1613090.03F\Ironx64.SYS
[13/04/2020 16:50:25] - (12.0.2.10) - (Symantec Corporation - BASH Driver) - C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\Definitions\BASHDefs\20190927.005\BHDrvx64.sys
[14/04/2020 09:30:22] - (17.2.0.341) - (Symantec Corporation - IDS Core Driver) - C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\Definitions\IPSDefs\20200413.061\IDSvia64.sys
[13/04/2020 16:51:01] - (15.7.9.15) - (Symantec Corporation - Symantec AutoProtect) - C:\Windows\System32\drivers\NGCx64\1613090.03F\SRTSP64.SYS
[13/04/2020 16:50:59] - (1.5.1.29) - (Symantec Corporation - Symantec Eventing Platform) - C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\SymPlatform\SymEvnt.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: FSFilter Filter Content Screener - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: Early-Launch - DriverEnabled: False - GroupOrder: 74 - Status: OK
Name: _Early-Launch - DriverEnabled: False - GroupOrder: 75 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adp94xx"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpahci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpu320"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="arc"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="ccSet_NGC"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="e1iexpress"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="FxPPM"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Video" - SystemDriver.Name="HyperVideo"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="Video" - SystemDriver.Name="igfx"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iirsp"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="kbdclass"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="kbdhid"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SCSI"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="MegaSR"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="Pointer Class" - SystemDriver.Name="mouclass"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="mouhid"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NDProxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nfrd960"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="Ntfs"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="Base" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SRTSP"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="FSFilter Filter Content Screener" - SystemDriver.Name="SymEFASI"
LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="SymELAM"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="SymIRON"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="base" - SystemDriver.Name="TsUsbFlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UCX01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="usbfilter"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="viaide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wpcfltr"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="WUDFRd"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - adp94xx () -> System32\drivers\adp94xx.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - adpahci () -> System32\drivers\adpahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - adpu320 () -> System32\drivers\adpu320.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arc () -> System32\drivers\arc.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Windows Inbox Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iirsp () -> System32\drivers\iirsp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SCSI () -> System32\drivers\lsi_scsi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MegaSR () -> System32\drivers\MegaSR.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nfrd960 () -> System32\drivers\nfrd960.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pwdrvio (pwdrvio) -> system32\pwdrvio.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\DRIVERS\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - SymEFASI (Symantec Extended File Attributes (SI)) -> System32\drivers\NGCx64\1613090.03F\SYMEFASI64.SYS - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SymELAM (Symantec ELAM Driver) -> System32\drivers\NGCx64\1613090.03F\SymELAM.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Wd (@wd.inf,%WdServiceDisplayName%;Microsoft Watchdog Timer Driver) -> System32\drivers\wd.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ccSet_NGC (NGC Settings Manager) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\ccSetx64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CLVirtualDrive (CLVirtualDrive) -> \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - secdrv (Security Driver) -> (?) - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - AppID (@%systemroot%\system32\appidsvc.dll,-102) -> \SystemRoot\system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) -> \SystemRoot\system32\DRIVERS\asyncmac.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - BHDrvx64 (BHDrvx64) -> \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\Definitions\BASHDefs\20190927.005\BHDrvx64.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BTHMODEM (@bthspp.inf,%BthSerial.DisplayName%;Bluetooth Serial Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CompositeBus (@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\drivers\CompositeBus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - cpuz143 (cpuz143) -> \??\C:\Users\NATHAL~1\AppData\Local\Temp\cpuz143\cpuz143_x64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\drivers\drmkaud.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - e1iexpress (@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I) -> \SystemRoot\system32\DRIVERS\e1i63x64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - eeCtrl (Symantec Eraser Control driver) -> \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - EraserUtilRebootDrv (EraserUtilRebootDrv) -> \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - FxPPM (@cpu.inf,%FxPPM.SvcDesc%;Power Framework Processor Driver) -> \SystemRoot\System32\drivers\fxppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service) -> \SystemRoot\system32\drivers\HdAudio.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HyperVideo () -> \SystemRoot\system32\DRIVERS\HyperVideo.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - IDSVia64 (IDSVia64) -> \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\Definitions\IPSDefs\20200413.061\IDSvia64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - igfx () -> \SystemRoot\system32\DRIVERS\igdkmd64.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> \SystemRoot\system32\drivers\RTKVHD64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\system32\DRIVERS\kdnic.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - L1C (@oem4.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\system32\DRIVERS\L1C63x64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Service Pilote de fonction de classe Moniteur Microsoft) -> \SystemRoot\system32\DRIVERS\monitor.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\FirewallAPI.dll,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> \SystemRoot\system32\DRIVERS\bridge.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;GPIO Buttons Driver) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\drivers\MSKSSRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsLldp (@C:\Windows\system32\DRIVERS\mslldp.sys,-200) -> \SystemRoot\system32\DRIVERS\mslldp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\drivers\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\drivers\MSPQM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\drivers\MSTEE.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> \SystemRoot\system32\DRIVERS\ndiscap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> \SystemRoot\system32\DRIVERS\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> \SystemRoot\system32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Ndisuio (@ndisuio.inf,%NDISUIO_Desc%;NDIS Usermode I/O Protocol) -> \SystemRoot\system32\DRIVERS\ndisuio.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - NDISWANLEGACY (@%systemroot%\system32\rascfg.dll,-32014) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NDProxy (NDIS Proxy) -> (?) - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - Ntfs () -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) -> \SystemRoot\system32\DRIVERS\raspptp.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - pwdspio (pwdspio) -> \??\C:\Windows\system32\pwdspio.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\system32\DRIVERS\AgileVpn.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) -> \SystemRoot\system32\DRIVERS\rasl2tp.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> \SystemRoot\system32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\system32\DRIVERS\rassstp.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RDPWD (RDP Winstation Driver) -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - SRTSP (Symantec Real Time Storage Protection x64) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\SRTSP64.SYS - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - SRTSPX (Symantec Real Time Storage Protection (PEL) x64) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\SRTSPX64.SYS - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - SymEvent () -> \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - SymEvnt (Symantec Eventing Platform) -> \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.19.9.63\SymPlatform\SymEvnt.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - SymIRON (Symantec Iron Driver) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\Ironx64.SYS - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - SymNetS (Symantec Network Security WFP Driver) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\symnets.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - TCPIP6 (@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver) -> \SystemRoot\system32\DRIVERS\tcpip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\system32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbFlt () -> system32\drivers\tsusbflt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Pilote de carte miniport Microsoft Tunnel) -> \SystemRoot\system32\DRIVERS\tunnel.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UCX01000 (USB Controller Extension) -> \SystemRoot\System32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbfilter (@oem2.inf,%UsbFilter.SVCDESC%;AMD USB Filter Driver) -> \SystemRoot\System32\drivers\usbfilter.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Wanarp (@%systemroot%\system32\rascfg.dll,-32011) -> \SystemRoot\system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WIMMount (WIMMount) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wpcfltr (Family Safety Filter Driver) -> system32\DRIVERS\wpcfltr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wpCtrlDrv_NGC (Symantec Webcam Control functional driver) -> \SystemRoot\System32\drivers\NGCx64\1613090.03F\wpCtrlDrv.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WUDFRd (@hidbthle.inf,%WudfRdDisplayName%;Windows Driver Foundation - User-mode Driver Framework Reflector) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True
R4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: True
R4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: True
S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Sevinst] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0FA995CC-C849-4755-B14B-5404CC75DC24}] : (Energy Star.-.Hewlett-Packard) -> MsiExec.exe /I{0FA995CC-C849-4755-B14B-5404CC75DC24}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}] : (AMD APP SDK Runtime.-.Advanced Micro Devices Inc.) -> MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}] : (AMD Catalyst Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{5F769CF4-5263-4C7B-AEB2-C06A73AE4428} REBOOT=ReallySuppress
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}] : (HP Postscript Converter.-.Hewlett-Packard) -> MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}] : (HP Registration Service.-.Hewlett-Packard) -> MsiExec.exe /X{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1] : (MiniTool ShadowMaker Free Edition.-.MiniTool) -> "C:\Program Files\MiniTool ShadowMaker\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Systweak Software Updater_is1] : (Systweak Software Updater.-.Systweak Software) -> "C:\Program Files (x86)\Systweak Software Updater\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}] : (HP Customer Experience Enhancements.-.Hewlett-Packard) -> MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E2526C8-51A8-F6EB-8289-6787E880CE27}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5AD25D5C-C813-146B-4FB0-76561F7875B7}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5B4886EE-5A95-C257-A68F-2DCADE47A273}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F5ACD0C-A454-32A7-E206-EE89B1510128}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{67087BB4-19B4-C169-3E52-2BED796D8AB3}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}] : (Hewlett-Packard ACLM.NET v1.2.0.0.-.Hewlett-Packard Company) -> MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7474548C-E456-4818-8ED0-4A1F00EF77A1}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{7474548C-E456-4818-8ED0-4A1F00EF77A1}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{839D1577-5415-6C89-6642-515DFFE6432F}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A666A6E7-3A51-E289-559B-BF3486036ABF}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABA39912-380C-0EF3-C820-868115EB1DAC}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC7A441A-353F-75F6-6ABA-3BF98161B530}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}] : (HP Support Information.-.Hewlett-Packard) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B6480ED1-448E-813B-4FE0-BED811D1C01F}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BDBF9803-B57C-AB2A-8830-CBED34703840}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E8406BA9-5D47-4A62-08C3-759EA677229A}] : (AMD VISION Engine Control Center.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F193812F-83C0-3CED-1EDE-BE2525267303}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F243A34B-AB7F-4065-B770-B85B767C247C}] : (HP Connected Remote.-.Hewlett-Packard) -> MsiExec.exe /X{F243A34B-AB7F-4065-B770-B85B767C247C}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F754BC24-2C04-F76E-C403-0175F0954560}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC62C740-2339-618C-467B-36CE6D409E5F}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 

---------- | Ports 


---------- | Microsoft Specifications


---------- | CLSID (Whitelist)

[HKCR\CLSID\{06E6F1FF-D93A-49D9-99D1-24B2897DAD55}] - (.(c) 2010 CyberLink Corp. - CyberLink Tzan Filter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\VideoFilter\CLTzan.ax   [16/07/2012 12:29:46]
[HKCR\CLSID\{09D32393-10DA-4eca-91AA-AD11C69DB966}] - (.-.) - C:\Program Files (x86)\Norton Internet Security\Engine64\20.0.0.136\McStatus.dll   
[HKCR\CLSID\{0A9BD4EB-DED5-4DF0-BAF6-2CEA23F57261}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll   [08/08/2012 12:12:30]
[HKCR\CLSID\{10AD8B9D-222E-44D1-881B-0EA79E1B2D6E}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Ticker.ax   [08/08/2012 12:12:18]
[HKCR\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{2125D337-095D-6C83-3769-67D5D8236F4C}] - (.-.) - C:\Windows\system32\pnuxbipifm.dll   
[HKCR\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{2FE8F810-B2A5-11d0-A787-0000F803ABFC}] - (.-.) - C:\Windows\system32\dplayx.dll   
[HKCR\CLSID\{34c219bd-85c1-4338-95e8-788a36901dc2}] - (.-.) - %windir%\System32\wpdwcn.dll   
[HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}] - (.CyberLink developed Filter. - CyberLink Matroska Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLMKVSplter.ax   [16/07/2012 12:29:44]
[HKCR\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{417BAB8B-9D22-4A88-9DA0-98C4AB6745D5}] - (.-.) - %windir%\System32\wpdwcn.dll   
[HKCR\CLSID\{4516EC43-8F20-11D0-9B6D-0000C0781BC3}] - (.-.) - C:\Windows\system32\d3dxof.dll   
[HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}] - (.CyberLink Corp. 2001 - CyberLink MPEG Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\CLSplter.ax   [16/07/2012 12:29:44]
[HKCR\CLSID\{4A6E162C-6F51-4956-86D0-A72729178B9B}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll   [08/08/2012 12:12:30]
[HKCR\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{52C550C6-067F-4BC8-98B2-0F0E91C10261}] - (.-.) - %windir%\system32\inetsrv\w3ctrlps.dll   
[HKCR\CLSID\{5DE7918B-BFD7-4C1E-B4E0-B16D0A3EA76B}] - (.-.) - C:\Windows\SysWOW64\AuthHostProxy.dll   
[HKCR\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}] - (.-.) - C:\Windows\system32\audiodev.dll   
[HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] - (.-.) - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL   
[HKCR\CLSID\{79BA9E00-B6EE-11D1-86BE-00C04FBF8FEF}] - (.-.) - C:\Windows\System32\dmband.dll   
[HKCR\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{854F4628-CE51-42C4-80E9-80DAE27FAAAE}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll   [08/08/2012 12:12:30]
[HKCR\CLSID\{9E665ED7-958C-410C-9C56-05DA783E7933}] - (.-.) - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Graphics-Previews-Common\MMACEFilters.dll   [08/08/2012 12:12:30]
[HKCR\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}] - (.(c) 2010 CyberLink Corp. - CyberLink Tzan Filter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\VideoFilter\CLTzan.ax   [16/07/2012 12:29:46]
[HKCR\CLSID\{C64501F6-E6E6-451f-A150-25D0839BC510}] - (.-.) - C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll   [26/07/2012 01:30:44]
[HKCR\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{CE8A3669-40C7-4F4E-9B9B-AA3DD10DAC10}] - (.-.) - C:\Program Files (x86)\Google\Update\1.3.21.169\psmachine.dll   
[HKCR\CLSID\{D1EB6D20-8923-11d0-9D97-00A0C90A43CB}] - (.-.) - C:\Windows\system32\dplayx.dll   
[HKCR\CLSID\{D2AC2894-B39B-11D1-8704-00600893B1BD}] - (.-.) - C:\Windows\System32\dmband.dll   
[HKCR\CLSID\{D3075F87-A7BD-4231-9F6A-60C5E07374A7}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{DAA92564-78C8-40A3-96D2-9115A76B8F29}] - (.-.) - %windir%\System32\wpdwcn.dll   
[HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}] - (.CyberLink Corp. 2004 - CyberLink MPEG-4 Splitter.) - c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\clm4splt.ax   [16/07/2012 12:29:44]
[HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - \Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{e8cc4cbf-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - \Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{EBF2320A-2502-11D3-8BD1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{FABD6EA5-AE10-4E7A-B83B-5F07ACC84214}] - (.-.) - %windir%\System32\wpdwcn.dll   

---------- | Installer

[HKCR\Installer\Products\047C26CF9332C81664B763ECD604E9F5] : CCC Help Portuguese -> c:\windows\Installer\{FC62C740-2339-618C-467B-36CE6D409E5F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0694AF70830BBE9498B1F95939A05A44] : HP Customer Experience Enhancements -> C:\windows\Installer\{07FA4960-B038-49EB-891B-9F95930AA544}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0B8F248F2496039428F145E379B6C266] : MSVCRT110_amd64
[HKCR\Installer\Products\0DDFD8EF345A38A47B9A4C113118495D] : Galerie de photos
[HKCR\Installer\Products\0E5F85E2FE5BC448B581C4128F00AC6D] : ccc-utility64 -> c:\windows\Installer\{2E58F5E0-B5EF-844C-5B18-4C21F800CAD6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0] : Google Toolbar for Internet Explorer
[HKCR\Installer\Products\19CF135DE4F67A949B215182D9506B8F] : Photo Common
[HKCR\Installer\Products\1DE0846BE844B318F40EEB8D111D0CF1] : CCC Help French -> c:\windows\Installer\{B6480ED1-448E-813B-4FE0-BED811D1C01F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\21993ABAC0833FE08C02681851BED1CA] : Catalyst Control Center InstallProxy -> c:\windows\Installer\{ABA39912-380C-0EF3-C820-868115EB1DAC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico
[HKCR\Installer\Products\2FCC6D4EFAA0C9B4D95E98E3CDB9B4AA] : HP Registration Service -> c:\windows\Installer\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3089FBDBC75BA2BA8803BCDE43078304] : Catalyst Control Center Graphics Previews Common -> c:\windows\Installer\{BDBF9803-B57C-AB2A-8830-CBED34703840}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\32F7D401414AD6EE13E50AC77BA5EDEE] : CCC Help English -> c:\windows\Installer\{104D7F23-A414-EE6D-315E-A07CB75ADEEE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : Media Suite -> c:\windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42CB457F40C2E67F4C3010570F595406] : CCC Help Chinese Standard -> c:\windows\Installer\{F754BC24-2C04-F76E-C403-0175F0954560}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\476F72FFE1282AB489B5DD5F932CDC30] : HP Support Assistant -> C:\windows\Installer\{FF27F674-821E-4BA2-985B-DDF539C2CD03}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4B4FA6E101901284BC028FDFA70AC9BC] : CCC Help Russian -> c:\windows\Installer\{1E6AF4B4-0910-4821-CB20-F8FD7AA09CCB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4BB780764B91961CE325B2DE97D6A83B] : CCC Help Swedish -> c:\windows\Installer\{67087BB4-19B4-C169-3E52-2BED796D8AB3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4F74DB53B91CF474AACC8E0CEB8341A8] : Photo Common
[HKCR\Installer\Products\4FC967F53625B7C4EA2B0CA637EA4482] : AMD Catalyst Install Manager -> c:\windows\Installer\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6D6E41E65713A1E49B43AC5B8A3676DC] : HP Postscript Converter
[HKCR\Installer\Products\6FB31B48FA7FE891E077CD4A20B7D991] : CCC Help Japanese -> c:\windows\Installer\{84B13BF6-F7AF-198E-0E77-DCA4027B9D19}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\701043F6AA9F6C745BC43C1AF91155F3] : Hewlett-Packard ACLM.NET v1.2.0.0 -> C:\windows\Installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7751D938514598C6662415D5FF6E34F2] : CCC Help Czech -> c:\windows\Installer\{839D1577-5415-6C89-6642-515DFFE6432F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
[HKCR\Installer\Products\7CF988168379A934693B71FA89B1DDFE] : Movie Maker
[HKCR\Installer\Products\7E6A666A15A3982E55B9FB436830A6FB] : CCC Help Turkish -> c:\windows\Installer\{A666A6E7-3A51-E289-559B-BF3486036ABF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\81685BD51207056CEEA885DCF1AA599F] : CCC Help Thai -> c:\windows\Installer\{5DB58618-7021-C650-EE8A-58CD1FAA95F9}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8C1B7B2BB8C7C674EBC24079135C9529] : HP Support Information
[HKCR\Installer\Products\8C6252E28A15BE6F289876788E08EC72] : Catalyst Control Center Localization All -> c:\windows\Installer\{2E2526C8-51A8-F6EB-8289-6787E880CE27}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110
[HKCR\Installer\Products\8F55E2B98AB554A46928CA6B2FCCD05A] : Photo Gallery
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\9AB6048E74D526A4803C57E96A7722A9] : AMD VISION Engine Control Center -> c:\windows\Installer\{E8406BA9-5D47-4A62-08C3-759EA677229A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9BB40EA6554ADE618560CDBF1B54506D] : CCC Help Dutch -> c:\windows\Installer\{6AE04BB9-A455-16ED-5806-DCFBB14505D6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9BEBFD6755E96CC89BA9C9FECA75A3F1] : CCC Help Spanish -> c:\windows\Installer\{76DFBEB9-9E55-8CC6-B99A-9CEFAC573A1F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A144A7CAF3536F57A6ABB39F18165B03] : CCC Help Greek -> c:\windows\Installer\{AC7A441A-353F-75F6-6ABA-3BF98161B530}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
[HKCR\Installer\Products\B43A342FF7BA56047B078BB567C742C7] : HP Connected Remote -> c:\windows\Installer\{F243A34B-AB7F-4065-B770-B85B767C247C}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\BA0A2B44E214C8F40B851D8EEACCFD5F] : PowerRecover -> c:\windows\Installer\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BFCE53DD59C5B893ACAF5B8E8831363C] : CCC Help Italian -> c:\windows\Installer\{DD35ECFB-5C95-398B-CAFA-B5E8881363C3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C0DCA5F5454A7A232E60EE981B151082] : CCC Help Danish -> c:\windows\Installer\{5F5ACD0C-A454-32A7-E206-EE89B1510128}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C5D52DA5318CB641F40B6765F187577B] : CCC Help Hungarian -> c:\windows\Installer\{5AD25D5C-C813-146B-4FB0-76561F7875B7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C8454747654E8184E80DA4F100FE771A] : Catalyst Control Center - Branding -> c:\windows\Installer\{7474548C-E456-4818-8ED0-4A1F00EF77A1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> c:\windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\CC599AF0948C55741BB44540CC57CD42] : Energy Star -> c:\windows\Installer\{0FA995CC-C849-4755-B14B-5404CC75DC24}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\CD71EB902D9582DF73D1CD0EEA67EC57] : CCC Help Korean -> c:\windows\Installer\{09BE17DC-59D2-FD28-371D-DCE0AE76CE75}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D276F30548C6A844F8F8B43CA58C4314] : AMD APP SDK Runtime -> c:\windows\Installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E] : Power2Go -> c:\windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D85C4CB1627DB271ADC2BB6EEAD5BE67] : CCC Help Finnish -> c:\windows\Installer\{1BC4C58D-D726-172B-DA2C-BBE6AE5DEB76}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> c:\windows\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E3B8D0C40F363774385F5C7B97B5F08B] : Photo Gallery
[HKCR\Installer\Products\E45CB17D6E4A60E468C6DFE61EE61A78] : Movie Maker
[HKCR\Installer\Products\EB3FC7A1A4D0FD33FD9D284478273656] : CCC Help German -> c:\windows\Installer\{1A7CF3BE-0D4A-33DF-DFD9-824487726365}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EE6884B559A5752C6AF8D2ACED742A37] : CCC Help Norwegian -> c:\windows\Installer\{5B4886EE-5A95-C257-A68F-2DCADE47A273}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F218391F0C38DEC3E1EDEB5252623730] : CCC Help Chinese Traditional -> c:\windows\Installer\{F193812F-83C0-3CED-1EDE-BE2525267303}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F5ED6BFBAEB9BBF15348C28736C95EA9] : CCC Help Polish -> c:\windows\Installer\{BFB6DE5F-9BEA-1FBB-3584-2C78639CE59A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F64E64890E70FDB489A53EBF8A1C8577] : Movie Maker

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : Impossible to extract !!!!!

---------- | 20 LastEventLog

Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance   en raison de l’erreur suivante : L’opération a réussi.   0x0.
------------

Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur.

Contexte : Application , Catalogue SystemIndex

------------

Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur.

------------

taskhostex (2904) Une tentative d'ouverture du fichier "C:\Users\kevin josiane sandra\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020) : "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8).
------------

Échec de la procédure d’ouverture pour le service « .NETFramework » dans la DLL « C:\Windows\system32\mscoree.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
------------

Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance   en raison de l’erreur suivante : L’opération a réussi.   0x0.
------------

Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur.

Contexte : Application , Catalogue SystemIndex

------------

Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur.

------------

Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance   en raison de l’erreur suivante : L’opération a réussi.   0x0.
------------

Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur.

Contexte : Application , Catalogue SystemIndex

------------

Nom de l’application défaillante WSCStub.exe, version : 20.0.0.136, horodatage : 0x500fafb3
Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16384, horodatage : 0x5010ac2f
Code d’exception : 0xc06d007e
Décalage d’erreur : 0x00014b32
ID du processus défaillant : 0x4a0
Heure de début de l’application défaillante : 0x01d61228cf867ccc
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\KERNELBASE.dll
ID de rapport : 107db0ef-7e1c-11ea-be70-4c72b9f956a2
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante WFPUnins.exe, version : 13.0.0.76, horodatage : 0x4fdb671f
Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16384, horodatage : 0x5010ac2f
Code d’exception : 0xc06d007e
Décalage d’erreur : 0x00014b32
ID du processus défaillant : 0x2f8
Heure de début de l’application défaillante : 0x01d61228d004a62b
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WFPUnins.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\KERNELBASE.dll
ID de rapport : 0dbab691-7e1c-11ea-be70-4c72b9f956a2
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur.

------------

Nom de l’application défaillante InstCA.exe, version : 20.0.0.136, horodatage : 0x500fb259
Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16384, horodatage : 0x5010ac2f
Code d’exception : 0xc06d007e
Décalage d’erreur : 0x00014b32
ID du processus défaillant : 0x360
Heure de début de l’application défaillante : 0x01d61228ccf7e0b1
Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\InstCA.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\KERNELBASE.dll
ID de rapport : 0b03a2cf-7e1c-11ea-be70-4c72b9f956a2
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance   en raison de l’erreur suivante : L’opération a réussi.   0x0.
------------

Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur.

Contexte : Application , Catalogue SystemIndex

------------

Impossible d’initialiser le contrôle des performances pour le service rassembleur, car les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs de performances. Redémarrez l’ordinateur.

------------

Impossible d’obtenir les informations de registre des compteurs de performances pour WSearchIdxPi pour l’instance   en raison de l’erreur suivante : L’opération a réussi.   0x0.
------------

Impossible d’initialiser le contrôle des performances pour l’objet rassembleur. Les compteurs ne sont pas chargés ou l’objet mémoire partagée ne peut pas être ouvert. Cela affecte seulement la disponibilité des compteurs. Redémarrez l’ordinateur.

Contexte : Application , Catalogue SystemIndex

------------


----------( EOF)---------- - 7345 | 13:38:42