--------------- QuickDiag | g3n-h@ckm@n | V5_29.10.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 06/05/2023 21:24:52 Updated 29/10/2019 | 06:45 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Brussels, Copenhagen, Madrid, Paris [lfshy (Administrator)] - [DESKTOP-VD01GHL] (S-1-5-21-1064503503-3167082132-3616807767-1001) System: Microsoft Windows 10 Home - - (10.0.19045) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> (2009) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Home|C:\Windows|\Device\Harddisk0\Partition6 Boot : Normal boot PC: CQ2904EF - Hewlett-Packard - IdNumber: 4CH3100VPJ - UUID: 2C238515-5AA2-7984-51F0-370493363EDB Processor : X64 - 1397 Mhz - AMD E1-1200 APU with Radeon(tm) HD Graphics 8.17 - fra - AMI - S/N: 4CH3100VPJ - 8.17 - HPQOEM - 1072009 CoreTemp : ? Celsius ----------| Extended ---------- | SoundDevice High Definition Audio Device - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_103C2AE3&REV_1001\4&2070A159&0&0001 ---------- | Video AMD Radeon HD 7310 Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9809&SUBSYS_2AE3103C&REV_00\3&11583659&0&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 402653184 Inegrated Video Chipset DeviceName: AMD Radeon HD 7310 Graphics - DriverVersion: 8.14.01.6463 - SpecificationVersion: 1025 ---------- | Codecs C:\Windows\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\Windows\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Microsoft Corporation - Status: OK ---------- | Memory RAM = Total (MB) : 3748 | Free (MB) : 591 Pagefile = Total (MB) : 6500 | Free (MB) : 2116 Virtual = Total (MB) : 4194 | Free (MB) : 3919 Physical Memory (MB) -------------------- Total: 3659 Available: 577 Cached: 852 Free: 582 Kernel Memory (MB) ------------------ Paged: 366 Nonpaged: 215 System ------ Handles: 122184 Processes: 156 Threads: 1580 ---------- | SID Users Administrator : [S-1-5-21-1064503503-3167082132-3616807767-500] DefaultAccount : [S-1-5-21-1064503503-3167082132-3616807767-503] defaultuser100000 : [S-1-5-21-1064503503-3167082132-3616807767-1010] Guest : [S-1-5-21-1064503503-3167082132-3616807767-501] lfshy : [S-1-5-21-1064503503-3167082132-3616807767-1001] WDAGUtilityAccount : [S-1-5-21-1064503503-3167082132-3616807767-504] Administrators : [S-1-5-32-544] Device Owners : [S-1-5-32-583] Distributed COM Users : [S-1-5-32-562] Event Log Readers : [S-1-5-32-573] Guests : [S-1-5-32-546] Hyper-V Administrators : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Performance Log Users : [S-1-5-32-559] Performance Monitor Users : [S-1-5-32-558] Remote Management Users : [S-1-5-32-580] System Managed Accounts Group : [S-1-5-32-581] Users : [S-1-5-32-545] AMD FUEL : [S-1-5-21-1064503503-3167082132-3616807767-1002] __vmware__ : [S-1-5-21-1064503503-3167082132-3616807767-1007] ---------- | Drives C:\ -> [Fixed] | [] | Total : 64.23 Go | Free : 1.21 Go -> NTFS [SATA] D:\ -> [Fixed] | [] | Total : 151.02 Go | Free : 0.02 Go -> NTFS [SATA] E:\ -> [Fixed] | [EFISECTOR] | Total : 0 Go | Free : 0 Go -> FAT [SATA] F:\ -> [Fixed] | [Boot] | Total : 0 Go | Free : 0 Go -> NTFS [SATA] G:\ -> [Fixed] | [2 os - vexe sifatal uef] | Total : 39.62 Go | Free : 29.37 Go -> NTFS [SATA] J:\ -> [Fixed] | [] | Total : 0.5 Go | Free : 0.41 Go -> FAT32 [SATA] K:\ -> [Fixed] | [itsa apps os by oblox & bitser] | Total : 49.56 Go | Free : 33.75 Go -> NTFS [SATA] L:\ -> [Fixed] | [s windows cybelink wintob loaris] | Total : 130.1 Go | Free : 103.17 Go -> NTFS [SATA] N:\ -> [Fixed] | [] | Total : 0 Go | Free : 0 Go -> FAT [SATA] O:\ -> [Fixed] | [] | Total : 0.5 Go | Free : 0.41 Go -> FAT32 [SATA] P:\ -> [Removable] | [] | Total : 29.97 Go | Free : 0.36 Go -> FAT32 [USB] S:\ -> [CDROM] | [PANA-UDF] | Total : 4.27 Go | Free : 0 Go -> UDF [SATA] U:\ -> [Removable] | [AVIRA MULTI] | Total : 24.28 Go | Free : 9.8 Go -> FAT32 [USB] W:\ -> [Removable] | [SAND MEMTES] | Total : 14.26 Go | Free : 2.49 Go -> FAT32 [USB] X:\ -> [Removable] | [AVIRA-LIVE] | Total : 14.63 Go | Free : 13.91 Go -> FAT32 [USB] Y:\ -> [Removable] | [] | Total : 29.27 Go | Free : 13.33 Go -> FAT32 [USB] Drive: 0 Cylinders: 121601 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 1000204886016 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.19041.1566 (© Microsoft Corporation.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer ---------- | Security AV : Avira Security Enabled AS : FW : Avira Security Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 396 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.19041.964) = C:\Windows\System32\smss.exe [08/09/2022 05:06:59] CPU Usage:0 % 516 | [Owner : SYSTEM | Parent : 508() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [08/09/2022 05:06:57] CPU Usage:0 % 628 | [Owner : SYSTEM | Parent : 508() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.19041.2364) = C:\Windows\System32\wininit.exe [22/04/2023 06:52:07] CPU Usage:0 % 824 | [Owner : SYSTEM | Parent : 628(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.19041.2788) = C:\Windows\System32\services.exe [22/04/2023 06:52:18] CPU Usage:0 % 832 | [Owner : SYSTEM | Parent : 628(wininit.exe) | 20.16 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.2130) = C:\Windows\System32\lsass.exe [22/04/2023 06:52:19] CPU Usage:0 % 944 | [Owner : SYSTEM | Parent : 824(services.exe) | 27.37 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 952 | [Owner : UMFD-0 | Parent : 628(wininit.exe) | 3.48 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.2788) = C:\Windows\System32\fontdrvhost.exe [22/04/2023 06:52:23] CPU Usage:0 % 436 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 14.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 424 | [Owner : SYSTEM | Parent : 824(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 820 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 4.76 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1048 | [Owner : SYSTEM | Parent : 824(services.exe) | 8.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1096 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 11.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1140 | [Owner : SYSTEM | Parent : 824(services.exe) | 14.4 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1160 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 5.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1204 | [Owner : SYSTEM | Parent : 824(services.exe) | 5.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1232 | [Owner : SYSTEM | Parent : 824(services.exe) | 18.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1264 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 14.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1376 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 7.52 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1396 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 6.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1416 | [Owner : SYSTEM | Parent : 824(services.exe) | 10.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1464 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 6.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1648 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.19041.1865) = C:\Windows\System32\WUDFHost.exe [08/09/2022 05:07:06] CPU Usage:0 % 1748 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 11.55 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1844 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 9.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2020 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2368 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 3.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2464 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 8.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2472 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 7.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2492 | [Owner : SYSTEM | Parent : 824(services.exe) | 69.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2500 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 6.12 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2520 | [Owner : SYSTEM | Parent : 824(services.exe) | 5.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2612 | [Owner : SYSTEM | Parent : 824(services.exe) | 7.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2688 | [Owner : SYSTEM | Parent : 824(services.exe) | 6.96 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2700 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2756 | [Owner : SYSTEM | Parent : 824(services.exe) | 19.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2900 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 12.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2988 | [Owner : SYSTEM | Parent : 824(services.exe) | 16.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3036 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 6.02 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3052 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 8.29 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1716 | [Owner : SYSTEM | Parent : 824(services.exe) | 6.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2068 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 6.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3092 | [Owner : LOCAL SERVICE | Parent : 1716(svchost.exe) | 13.4 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1806) = C:\Windows\System32\dasHost.exe [08/09/2022 05:06:46] CPU Usage:0 % 3152 | [Owner : SYSTEM | Parent : 824(services.exe) | 11.16 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3228 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 7.12 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3312 | [Owner : SYSTEM | Parent : 824(services.exe) | 14.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3380 | [Owner : NETWORK SERVICE | Parent : 1716(svchost.exe) | 4.15 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1806) = C:\Windows\System32\dasHost.exe [08/09/2022 05:06:46] CPU Usage:0 % 3416 | [Owner : SYSTEM | Parent : 824(services.exe) | 12.84 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.19041.2788) = C:\Windows\System32\spoolsv.exe [22/04/2023 06:49:21] CPU Usage:0 % 3464 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 22.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3520 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3664 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 10.16 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3860 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 14.27 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3876 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 22.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3900 | [Owner : SYSTEM | Parent : 824(services.exe) | 8.9 Mo] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.3.472.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [04/06/2014 12:03:04] CPU Usage:0 % 3952 | [Owner : SYSTEM | Parent : 824(services.exe) | 6.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4004 | [Owner : SYSTEM | Parent : 824(services.exe) | 6.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4032 | [Owner : SYSTEM | Parent : 824(services.exe) | 8.87 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3752 | [Owner : SYSTEM | Parent : 824(services.exe) | 8.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3980 | [Owner : SYSTEM | Parent : 824(services.exe) | 5.45 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4104 | [Owner : SYSTEM | Parent : 824(services.exe) | 5.74 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4132 | [Owner : SYSTEM | Parent : 824(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4208 | [Owner : SYSTEM | Parent : 824(services.exe) | 18.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4244 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 5.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 2012 | [Owner : SYSTEM | Parent : 824(services.exe) | 2.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3872 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 15.65 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 5924 | [Owner : SYSTEM | Parent : 824(services.exe) | 21.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3388 | [Owner : SYSTEM | Parent : 824(services.exe) | ?????] - (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe [08/09/2022 05:07:40] CPU Usage:0 % 4628 | [Owner : SYSTEM | Parent : 824(services.exe) | 12.7 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 4364 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1520 | [Owner : SYSTEM | Parent : 824(services.exe) | 20.4 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.19041.2673) = C:\Windows\System32\SearchIndexer.exe [22/04/2023 06:50:53] CPU Usage:0 % 2588 | [Owner : SYSTEM | Parent : 824(services.exe) | 14.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1744 | [Owner : SYSTEM | Parent : 824(services.exe) | 7.14 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 3772 | [Owner : SYSTEM | Parent : 824(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 6164 | [Owner : SYSTEM | Parent : 824(services.exe) | 13.58 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 8028 | [Owner : SYSTEM | Parent : 824(services.exe) | 10.35 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 5816 | [Owner : SYSTEM | Parent : 7412() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [08/09/2022 05:06:57] CPU Usage:0 % 6596 | [Owner : SYSTEM | Parent : 7412() | 10.48 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.19041.2673) = C:\Windows\System32\winlogon.exe [22/04/2023 06:52:24] CPU Usage:0 % 7080 | [Owner : DWM-2 | Parent : 6596(winlogon.exe) | 29.1 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.19041.746) = C:\Windows\System32\dwm.exe [08/09/2022 05:06:55] CPU Usage:0 % 6104 | [Owner : UMFD-2 | Parent : 6596(winlogon.exe) | 6.01 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.2788) = C:\Windows\System32\fontdrvhost.exe [22/04/2023 06:52:23] CPU Usage:0 % 3264 | [Owner : lfshy | Parent : 1416(svchost.exe) | 18.97 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe [08/09/2022 05:06:42] CPU Usage:0 % 7920 | [Owner : lfshy | Parent : 1744(svchost.exe) | 19.45 Mo] - (.Microsoft Corporation - CTF Loader.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 11:09:00] CPU Usage:0 % 4912 | [Owner : lfshy | Parent : 1140(svchost.exe) | 15.88 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe [08/09/2022 05:07:14] CPU Usage:0 % 3168 | [Owner : SYSTEM | Parent : 824(services.exe) | 17.8 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 7712 | [Owner : lfshy | Parent : 944(svchost.exe) | 17.92 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [08/09/2022 05:06:24] CPU Usage:0 % 3160 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 12.82 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 7084 | [Owner : lfshy | Parent : 944(svchost.exe) | 15.51 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19041.1949) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [08/09/2022 05:08:14] CPU Usage:0 % 3120 | [Owner : lfshy | Parent : 944(svchost.exe) | 16.12 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [08/09/2022 05:06:24] CPU Usage:0 % 6992 | [Owner : lfshy | Parent : 944(svchost.exe) | 11.49 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [08/09/2022 05:06:24] CPU Usage:0 % 6536 | [Owner : lfshy | Parent : 1424() | 8.51 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe [07/12/2019 11:08:41] CPU Usage:0 % 5416 | [Owner : SYSTEM | Parent : 824(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe [22/04/2023 06:49:40] CPU Usage:0 % 8652 | [Owner : lfshy | Parent : 1424() | 15.76 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (23.87.424.1) = C:\Users\lfshy\AppData\Local\Microsoft\OneDrive\OneDrive.exe [22/04/2023 01:43:43] CPU Usage:0 % 9076 | [Owner : lfshy | Parent : 1424() | 163.96 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 9104 | [Owner : lfshy | Parent : 9076(msedge.exe) | 6.87 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 8556 | [Owner : lfshy | Parent : 1424() | 14.45 Mo] - (.Microsoft Corporation - Notepad.) - (10.0.19041.1865) = C:\Windows\System32\notepad.exe [08/09/2022 05:08:33] CPU Usage:0 % 8552 | [Owner : lfshy | Parent : 9076(msedge.exe) | 34.25 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 8544 | [Owner : lfshy | Parent : 9076(msedge.exe) | 31.52 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 3884 | [Owner : lfshy | Parent : 9076(msedge.exe) | 18.15 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 9372 | [Owner : lfshy | Parent : 9076(msedge.exe) | 138.91 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 9436 | [Owner : lfshy | Parent : 3344() | 3.94 Mo] - (.Microsoft Corp. - Bing Desktop Application.) - (1.3.472.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [04/06/2014 12:03:04] CPU Usage:0 % 8076 | [Owner : SYSTEM | Parent : 824(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1136 | [Owner : lfshy | Parent : 1140(svchost.exe) | 15.06 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe [08/09/2022 05:07:14] CPU Usage:0 % 8520 | [Owner : lfshy | Parent : 944(svchost.exe) | 10.6 Mo] - (.Microsoft Corporation -.) - (121.9202.4105.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe [08/09/2022 05:08:34] CPU Usage:0 % 9976 | [Owner : SYSTEM | Parent : 824(services.exe) | 12.01 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 6736 | [Owner : lfshy | Parent : 944(svchost.exe) | 9.76 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [08/09/2022 05:06:56] CPU Usage:0 % 8796 | [Owner : lfshy | Parent : 944(svchost.exe) | 32.58 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.2788) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [22/04/2023 06:58:22] CPU Usage:0 % 2392 | [Owner : SYSTEM | Parent : 824(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 5012 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 5.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 10172 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 4.44 Mo] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.19041.1865) = C:\Windows\System32\WUDFHost.exe [08/09/2022 05:07:06] CPU Usage:0 % 9864 | [Owner : lfshy | Parent : 9076(msedge.exe) | 16.75 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 10184 | [Owner : lfshy | Parent : 9076(msedge.exe) | 38.82 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 10152 | [Owner : lfshy | Parent : 9076(msedge.exe) | 4.3 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 11148 | [Owner : SYSTEM | Parent : 824(services.exe) | 0.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 1288 | [Owner : lfshy | Parent : 7888() | 3.05 Mo] - (.Microsoft Corporation - Notepad.) - (10.0.19041.1) = C:\Windows\SysWOW64\notepad.exe [07/12/2019 11:51:54] CPU Usage:0 % 9860 | [Owner : lfshy | Parent : 944(svchost.exe) | 15.3 Mo] - (.Microsoft Corporation - Settings.) - (10.0.19041.2788) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [22/04/2023 06:58:19] CPU Usage:0 % 8992 | [Owner : lfshy | Parent : 944(svchost.exe) | 29.86 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe [08/09/2022 05:06:49] CPU Usage:0 % 4224 | [Owner : lfshy | Parent : 944(svchost.exe) | 4.47 Mo] - (.Microsoft Corporation - User OOBE Broker.) - (10.0.19041.2486) = C:\Windows\System32\oobe\UserOOBEBroker.exe [22/04/2023 06:53:16] CPU Usage:0 % 3620 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 2.97 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 10756 | [Owner : SYSTEM | Parent : 824(services.exe) | 8.63 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 11316 | [Owner : lfshy | Parent : 9076(msedge.exe) | 167.13 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 11696 | [Owner : lfshy | Parent : 9076(msedge.exe) | 16.35 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 10996 | [Owner : lfshy | Parent : 9076(msedge.exe) | 81.64 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 10316 | [Owner : LOCAL SERVICE | Parent : 824(services.exe) | 9.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 9248 | [Owner : lfshy | Parent : 944(svchost.exe) | 19.44 Mo] - (.Microsoft Corporation - Windows Defender application.) - (10.0.19041.2075) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe [22/04/2023 06:51:39] CPU Usage:0 % 7308 | [Owner : lfshy | Parent : 944(svchost.exe) | 7.52 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [22/04/2023 06:49:40] CPU Usage:0 % 10340 | [Owner : lfshy | Parent : 944(svchost.exe) | 6.56 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [22/04/2023 06:49:40] CPU Usage:0 % 3140 | [Owner : lfshy | Parent : 1424() | 140.2 Mo] - (.SOSVirus - AdsFix.) - (9.113.22.1) = C:\Users\lfshy\Desktop\AdsFix.exe [06/05/2023 20:01:19] CPU Usage:0 % 4124 | [Owner : SYSTEM | Parent : 824(services.exe) | 2.42 Mo] - (.Avira Operations GmbH - Avira Optimizer Host.) - (1.3.0.21) = C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [05/05/2023 11:51:17] CPU Usage:0 % 12556 | [Owner : SYSTEM | Parent : 824(services.exe) | 6.45 Mo] - (.VMware, Inc. - VMware NAT Service.) - (17.0.0.34456) = C:\Windows\SysWOW64\vmnat.exe [04/05/2023 11:03:20] CPU Usage:0 % 6348 | [Owner : lfshy | Parent : 824(services.exe) | 17.98 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 12348 | [Owner : lfshy | Parent : 824(services.exe) | 17.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 8600 | [Owner : SYSTEM | Parent : 824(services.exe) | 10.64 Mo] - (.VMware, Inc. - VMware USB Arbitration Service.) - (20.8.0.0) = C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [07/09/2022 09:12:00] CPU Usage:0 % 12844 | [Owner : lfshy | Parent : 824(services.exe) | 32.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 12988 | [Owner : lfshy | Parent : 824(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 12460 | [Owner : lfshy | Parent : 1424() | 40.4 Mo] - (.Microsoft Corporation - Task Manager.) - (10.0.19041.1202) = C:\Windows\System32\Taskmgr.exe [08/09/2022 05:06:52] CPU Usage:0 % 5208 | [Owner : SYSTEM | Parent : 824(services.exe) | ?????] - (.Avira Operations GmbH - Endpoint Protection Service.) - (1.0.2304.710) = C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [06/05/2023 20:44:25] CPU Usage:99 % 10540 | [Owner : SYSTEM | Parent : 824(services.exe) | 94.06 Mo] - (.Avira Operations GmbH - Avira Security.) - (1.1.87.3) = C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [06/05/2023 20:36:48] CPU Usage:0 % 12848 | [Owner : lfshy | Parent : 1140(svchost.exe) | 2.93 Mo] - (.Avira Operations GmbH - Avira Security.) - (1.1.87.3) = C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [06/05/2023 20:36:48] CPU Usage:0 % 2224 | [Owner : lfshy | Parent : 13008() | 137.85 Mo] - (.Avira Operations GmbH - Avira Security.) - (1.1.87.3) = C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe [06/05/2023 20:36:48] CPU Usage:0 % 7196 | [Owner : SYSTEM | Parent : 824(services.exe) | 12.14 Mo] - (.Avira Operations GmbH & Co. KG - VpnService.) - (2.41.1.25731) = C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [30/03/2022 14:22:24] CPU Usage:0 % 13236 | [Owner : NETWORK SERVICE | Parent : 824(services.exe) | 7.15 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 9224 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 10.08 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [08/09/2022 05:07:21] CPU Usage:0 % 11804 | [Owner : lfshy | Parent : 9076(msedge.exe) | 102.7 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 5092 | [Owner : SYSTEM | Parent : 824(services.exe) | 20.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe [08/09/2022 05:06:55] CPU Usage:0 % 6928 | [Owner : lfshy | Parent : 9076(msedge.exe) | 51.5 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 11832 | [Owner : lfshy | Parent : 9076(msedge.exe) | 51.82 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 8080 | [Owner : lfshy | Parent : 9076(msedge.exe) | 49.73 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 12536 | [Owner : lfshy | Parent : 9076(msedge.exe) | 30.49 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 1532 | [Owner : lfshy | Parent : 9076(msedge.exe) | 29.61 Mo] - (.Microsoft Corporation - Microsoft Edge.) - (112.0.1722.68) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [06/08/2021 00:41:46] CPU Usage:0 % 12816 | [Owner : lfshy | Parent : 9076(msedge.exe) | 63.3 Mo] - (.SosVirus - QuickDiag.) - (29.10.19.1) = C:\Users\lfshy\Downloads\quickdiag_V5_29.10.19.1.exe [06/05/2023 21:22:29] CPU Usage:0 % 12832 | [Owner : SYSTEM | Parent : 944(svchost.exe) | 9.51 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [08/09/2022 05:07:07] CPU Usage:0 % 12028 | [Owner : NETWORK SERVICE | Parent : 944(svchost.exe) | 11.42 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [08/09/2022 05:07:21] CPU Usage:0 % ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (..-..) - (0.0.0.0) -- c:\windows\system32\TextShaping.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WSDPROVIDERUTIL.dll (..-..) - (0.0.0.0) -- C:\Windows\system32\EsclProtocol.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- C:\Windows\System32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE OneDrive - ("C:\Users\lfshy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\...\Run]) - User: DESKTOP-VD01GHL\lfshy Advanced SystemCare - ("C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\...\Run]) - User: DESKTOP-VD01GHL\lfshy MicrosoftEdgeAutoLaunch_404EF9D843E439270EDF2032F3B71974 - ("C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\...\Run]) - User: DESKTOP-VD01GHL\lfshy - ( [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\...\Run]) - User: DESKTOP-VD01GHL\lfshy desktop - (desktop.ini [Common Startup]) - User: Public SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public - ( [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\lfshy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Advanced SystemCare"="C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto "MicrosoftEdgeAutoLaunch_404EF9D843E439270EDF2032F3B71974"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 ""= [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=EPSON WF-2760 Series,winspool,Ne03: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 "MenuDropAlignment"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe ""= [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D974D6162E0A48 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun "Avira Security startup helper"="C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe" DelayedStartup ""= [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Setup"="C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe" /startup [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List ASC_PerformanceMonitor ASC_SkipUac_lfshy AviraSystemSpeedupVerify Avira_FallbackUpdater Avira_Security_Maintenance Avira_Security_Service_SCM_Watchdog Avira_Security_Systray Avira_Security_Update Driver Booster Scheduler Driver Booster SkipUAC (lfshy) Driver Booster Update iTop PDF ExpRt iTop PDF Launch SkipUAC (lfshy) iTop PDF SkipUAC (lfshy) iTop PDF Update iTop Private Browser UAC iTop Private Browser Update iTopVPN_Scheduler_lfshy iTopVPN_SkipUAC_lfshy iTopVPN_Update_lfshy MicrosoftEdgeUpdateTaskMachineCore MicrosoftEdgeUpdateTaskMachineUA OneDrive Reporting Task-S-1-5-21-1064503503-3167082132-3616807767-1001 OneDrive Standalone Update Task-S-1-5-21-1064503503-3167082132-3616807767-1001 Software Updater Scheduler Software Updater SkipUAC(lfshy) ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(6) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [22/04/2023 01:26:48] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=832 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "PendingFileRenameOperations"=\??\C:\Users\lfshy\AppData\Local\Temp\_iu14D2N.tmp \??\C:\Windows\system32\drivers\IMFCameraProtect.sys.osdezz \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfEfsFileControl.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpFileFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpRegFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64 \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers \??\c:\program files (x86)\iobit\iobit malware fighter\IMFShellExt.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfEfsFileControl.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpFileFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpRegFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64 \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers \??\c:\program files (x86)\iobit\iobit malware fighter\IMFShellExt.dat \??\c:\program files (x86)\iobit\iobit malware fighter \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfEfsFileControl.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpFileFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64\ImfHpRegFilter.dat \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers\win10_amd64 \??\c:\program files (x86)\iobit\iobit malware fighter\Drivers \??\c:\program files (x86)\iobit\iobit malware fighter\IMFShellExt.dat \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\nsn41E8.tmp\nsProcess.dll \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\nsn41E8.tmp\System.dll \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\nsn41E8.tmp\ \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\ \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\nsn41E8.tmp\nsProcess.dll \??\C:\Users\lfshy\AppData\Local\Temp\.CR.16296\fa6b0269-283f-46d2-92e9-0cd0c7bcbca2\nsistemp\nsn41E8.tmp\ \??\C:\Users\lfshy\AppData\Local\Temp\Epp_13681 \??\C:\ProgramData\Avira\Security\Scheduler\NcpStartupTask-b7f01c58-9b63-4434-8425-1676117e9d49.rebootpending \??\C:\ProgramData\Avira\Security\Scheduler\3103-update-704f4a3a-40ee-49ef-9b25-94a4f470ba17.rebootpending \??\C:\Windows\TEMP\DELB321.tmp \??\C:\Windows\TEMP\DEL8044.tmp [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=69250a50-8173-4db3-bd87-520e349 "GlassSessionId"=2 ---------- | .LNK with Arguments C:\Program Files (x86)\Galaxy S6\Pre_Scan_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK C:\Users\lfshy\Desktop\Pre_Scan_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK D:\placard des anti-tfm X con\rapports anti-twister twister\AdsFix_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK D:\Users\UEFM LFS Hyper UEFM\Desktop\Pre_Scan_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK U:\Pre_Scan_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK W:\Pre_Scan_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=150000 "LeftOverlapChars"=3 "MenuShowDelay"=0 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\lfshy\Desktop\Untitled.png [25/04/2023 03:39:10] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100916F000080040000A0020000255ECBBE1677D90143003A005C00550073006500720073005C006C0066007300680079005C004400650073006B0074006F0070005C0055006E007400690074006C00650064002E0070006E00670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "HungAppTimeout"=2000 "WaitToKillAppTimeout"=2000 "AutoEndTasks"=1 [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0xD02BCB147523103D9B5D5E18865C8959040F00006024B221EA3A6910A2DC08002B30309D85160000BD0E0C47735D584D9CEDE91E22E232822F1A0000793E3DD1440F453DB15FBCFD8A8B4C7E450C00000114020000000000C000000000000046CF0F0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=4 "GlobalAssocChangedCounter"=48 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "DesktopProcess"=1 "link"=0x00000000 [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=0 "ListviewShadow"=1 "TaskbarAnimations"=0 "ShowCortanaButton"=0 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0x375F536400000000 "OnboardUnpinCortana"=1 "Start_TrackProgs"=0 "ShowSyncProviderNotifications"=0 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "shell"=explorer.exe [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "Max Cached Icons"=2000 "GlobalAssocChangedCounter"=6 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "shell"=explorer.exe [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=0 "NoActiveDesktopChanges"=0 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=19 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19045 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x23E86B5701000300050015006F960000C79C0000C79C0000D200000003000A00500BD4D93C730F005369030066240000F61900006D0A00000000000000000000000000003CA602003E060000C50000006DCDDB4B5080D9016F96000000000000010000006F960000654A0000000000000000000000000000 "DP"=0xD200E8000A0003000500000023E86B57000000000000000017BD99334F80D90117BD99334F80D901000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100C2F900808B0280309B02A430A3CA0080103AC410103AC41001490000B63C2240B73E22406C650000A0004108A4224118EAEB0080C2104D45EABA4D656C9C0080490A443A5B8A443ABBE70000211A002A211A013E74760080A0D12008A1D1204E3E09010004188F1A0618AF1A041001C01122900A912A900A5A3D00800500600207016802 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "ShellAppRuntime"=ShellAppRuntime.exe "scremoveoption"=0 "DisableCAD"=1 "LastLogOffEndTimePerfCounter"=11829205909 "ShutdownFlags"=8230 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-1064503503-3167082132-3616807767-1001 "LastUsedUsername"=defaultuser100000 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "userinit"=C:\Windows\SYSWOW64\userinit.exe, "AutoRestartShell"=1 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\iTop Private Browser\Shell\open\Command] ""=C:\\Program Files\\iTop Private Browser\\iTopBrowser.exe [05/05/2023 12:48:52] [HKLM\Software\Clients\StartMenuInternet\iTop Private Browser\InstallInfo] "ReinstallCommand"= [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Internet Explorer\iexplore.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\iTop Private Browser\Shell\open\Command] ""=C:\\Program Files\\iTop Private Browser\\iTopBrowser.exe [05/05/2023 12:48:52] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\iTop Private Browser\InstallInfo] "ReinstallCommand"= [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\lfshy\Downloads\esetonlinescanner.exe"=0x5341435001000000000000000700000028000000D813E900AF33E90001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\lfshy\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe"=0x5341435001000000000000000700000028000000D8B14B019DAD4C0101000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\lfshy\AppData\Local\Microsoft\OneDrive\23.087.0424.0001\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000B03D0B00A3BA0B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23032.186.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe"=0x5341435001000000000000000700000028000000984705002E98050001000000000000000000000A7320000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000263A0100000000000100000001000000 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x5341435001000000000000000700000028000000A02B3F00CCB13F0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000050000000000000000000000000000000000000000000000000000000D5AFF3040000000007000000010000000000000000000010000000000000000000000000000000004D370000000000000800000000000000 "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"=0x53414350010000000000000007000000280000004062A50046C3A50001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000901E0100000000000200000002000000 "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe"=0x5341435001000000000000000700000028000000808E0200D5FE020001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000210A0000000000000200000002000000 "C:\ProgramData\IObit\ASCDownloader\ASC16\iTopSetup.exe"=0x5341435001000000000000000700000028000000907A8F013EB28F0101000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000360A4106000000000100000001000000 "C:\Users\lfshy\Downloads\x-download-youtube-video5-fr.exe"=0x5341435001000000000000000700000028000000684A50023F8950020100000000000000000000067102000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000003CE63106000000000100000001000000 "C:\Program Files (x86)\AOMEI Partition Assistant\PartAssist.exe"=0x5341435001000000000000000700000028000000F8A1EE00B0DFEE0001000000000000000000000A7122000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000CB4E0706000000000100000001000000 "C:\Users\lfshy\Downloads\ListParts64.exe"=0x5341435001000000000000000700000028000000009E0E0036A10E000100000000000000000003060001000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000C60DF405000000000100000001000000 "C:\Users\lfshy\Downloads\avira_en_aps10_4074922715_v93nhtyvifbjq5fbbx17_wdp.exe"=0x5341435001000000000000000700000028000000F86B63003655640001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000A99CC300000000000100000001000000 "C:\Program Files (x86)\IObit\Software Updater\SUFeature.exe"=0x5341435001000000000000000700000028000000081C0200F63F020001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000D91D0000000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\7e8efc9b235275784253163e9c31c7a0.exe"=0x5341435001000000000000000700000028000000F0C706038999070301000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000E970A105000000000100000001000000 "C:\Users\lfshy\Downloads\bing-desktop_1-3-472-0_fr_413612.exe"=0x5341435001000000000000000700000028000000D8489F00D57D9F000100000000000000000001057100000050BB64EDDDACD501000000000000000002000000280000000000000080010000000000000000000000000000000000002BE10600000000000100000001000000 "C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"=0x5341435001000000000000000700000028000000A8DA0C00B78C0D0001000000000000000000000A7522000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000414B0000000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\5d26da0b568bd19b752fb437756b74df.exe"=0x534143500100000000000000070000002800000038307F074BE57F070100000000000000000001060001000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000008061100000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\b11ba43ed7504afcfaa35334e2500b2f.exe"=0x5341435001000000000000000700000028000000C03E2A0178D12A010100000000000000000001060001000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000FEC50700000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\1d8b53e094b2a7080c752897b3bc7490.exe"=0x5341435001000000000000000700000028000000607B1101FF03120101000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000007A3B4D05000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\fb339a916abf92dfa40f63cd5d086770.exe"=0x534143500100000000000000070000002800000098C66603C14A670301000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000063BF0B00000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\ccf007b449034a23fe87e68fcbedff63.exe"=0x53414350010000000000000007000000280000007043EA015307EB0101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000063400700000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\c5b64e237bc377f31a9f5d46de3c4bf3.exe"=0x534143500100000000000000070000002800000058698B01EA5A8C0101000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000B8BC9400000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\049412babcdd5570e131f78922ed9163.exe"=0x5341435001000000000000000700000028000000687B8104A758820401000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000056320100000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\fd05b1bfa90307b8a73b51cb78f750d2.exe"=0x5341435001000000000000000700000028000000C83EBF047AE5BF0401000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000012D3A00000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\3fac46f01ad3a7a869c7941143e68b8e.exe"=0x5341435001000000000000000700000028000000881BAB0884E0AB0801000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000525A0400000000000100000001000000 "C:\ProgramData\IObit\Software Updater\Download\72bec966f9b6dbba5fcec7af8dfdfb1a.exe"=0x5341435001000000000000000700000028000000F05E4F007C48500001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000001C50100000000000100000001000000 "C:\Program Files\iTop Private Browser\AUpdate.exe"=0x534143500100000000000000070000002800000088031C0019C91C0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003D370000000000000100000001000000 "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe"=0x5341435001000000000000000700000028000000D0100200B0A8020001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000800200000028000000000000000000008000000000000000000000000000000000122C0000000000000100000001000000 "C:\Users\lfshy\Downloads\yusetup.exe"=0x5341435001000000000000000700000028000000C01A6800479E68000100000000000000000001060001000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000AA826A00000000000100000001000000 "C:\Users\lfshy\Downloads\FSS.exe"=0x534143500100000000000000070000002800000000A40E00E7770F0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000005DFB6500000000000100000001000000 "C:\Users\lfshy\Downloads\sony-ericsson-pc-suite_1-6-0_fr_312200.exe"=0x53414350010000000000000007000000280000004C10E103000000000100000000000000000000067102000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000073DA2400000000000100000001000000 "C:\Users\lfshy\Downloads\rfasetup.exe"=0x534143500100000000000000070000002800000020A58C0079DC8C0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000AB191F00000000000100000001000000 "C:\Users\lfshy\Desktop\AdsFix.exe"=0x5341435001000000000000000700000028000000F0305B00BD6B5B0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\lfshy\Desktop\avira_en_aps10_4074922715_v93nhtyvifbjq5fbbx17_wdp.exe"=0x5341435001000000000000000700000028000000F86B63003655640001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.AdministrativeRightsProvider.exe"=0x5341435001000000000000000700000028000000F83303004507040001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000005070000000000000400000004000000 "C:\Users\lfshy\Downloads\quickdiag_V5_29.10.19.1.exe"=0x534143500100000000000000070000002800000098315100F351510001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=133265848109219310 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "ProductType"=2 "InstallTime"=0x65840DB49474D901 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\ "ManagedDefenderProductType"=0 "ProductStatus"=0 "OOBEInstallTime"=0xF8500096A974D901 "HybridModeEnabled"=0 "VerifiedAndReputableTrustModeEnabled"=0 "DisableAntiSpyware"=1 "DisableAntiVirus"=1 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2303.8-0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] : vSockets STREAM [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016] : vSockets STREAM [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] : vSockets STREAM [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016] : vSockets STREAM ---------- | Hosts ---------- | Ping Pinging google.com [2a00:1450:4007:818::200e] with 32 bytes of data: Reply from 2a00:1450:4007:818::200e: time=28ms Reply from 2a00:1450:4007:818::200e: time=29ms Reply from 2a00:1450:4007:818::200e: time=29ms Reply from 2a00:1450:4007:818::200e: time=29ms Ping statistics for 2a00:1450:4007:818::200e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 28ms, Maximum = 29ms, Average = 28ms ---------- | @ [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=l3docur "Isolation"=PMIL [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2048 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0xF3C4D1999574D901 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "ProxyEnable"=0 "MigrateProxy"=1 "LockDatabase"=133265935785203101 "SecureProtocolsUpdated"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm "smarthome"=http://zum.com/atb "smartzum"=http://zum.com/atb "zum"=http://zum.com/atb "antiphishing"=res://ALToolBand_4260.dll/ANTIPS_BLOCK.HTML [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [08/09/2022 05:07:04] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{38FBE93D-4CA1-4414-AF6A-94920C5BD8DA}"=ALToolBar [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | ElevationPolicy [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}] - (C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\BHO) - ie_to_edge_stub.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002DF01-0000-0000-C000-000000000046}] - (C:\Program Files (x86)\Internet Explorer) - iexplore.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22D70D49-C625-40d1-A908-C43329BA62BC}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbsvc64.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48C11427-07F1-47bc-8616-17936112FE33}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - AtbHelper.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D256DB0-6C34-4EC1-9704-02182D6503A6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{547B17E3-A8A9-418f-BAA3-E5D54882079E}] - (C:\Program Files (x86)\ESTsoft\Common) - ALSTSCollector.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9D8DF4D-4213-4962-AF8F-527A16AE1134}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbview.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB87852F-C120-4385-8D06-89A9A1646F99}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbsns.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB992A65-2330-4896-9D52-915E3ECBF795}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC31FEAF-C209-433b-BEF0-ED81A967DFFE}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbdmgr.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADB2A595-12C6-4c73-8BB5-82C875579FF0}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - atbonline.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}] - (C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\BHO) - ie_to_edge_stub.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}] - (C:\Program Files\Internet Explorer) - iexplore.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F560CF4F-D773-456a-8DD4-BA4E1A2EA31C}] - (C:\Program Files (x86)\ESTsoft\ALToolBar) - InetCleaner.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings ---------- | Ext\Stats [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1A79F9-78D1-4186-9F60-EE0B63DF042A}] : : C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_4260.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\BHO\ie_to_edge_bho.dll [04/05/2023 08:55:54] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\BHO\ie_to_edge_bho.dll [04/05/2023 08:55:54] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F1A79F9-78D1-4186-9F60-EE0B63DF042A}] -> (ALToolbarBho) : C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_4260.dll [02/06/2022 05:52:08] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}] -> (IObit Surfing Protection) : C:\PROGRA~2\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll ---------- | Chrome [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk] ---------- | Opera ---------- | Firefox ---------- | DNS [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f5010313-40e7-4e85-a355-4ac2753b2177}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f5010313-40e7-4e85-a355-4ac2753b2177}] "NameServer"=8.26.56.26,8.20.247.20 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f5010313-40e7-4e85-a355-4ac2753b2177}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f5010313-40e7-4e85-a355-4ac2753b2177}] "NameServer"=8.26.56.26,8.20.247.20 ---------- | ActiveX [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> U [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8F5D9E08-71EC-370E-BA96-36E6EF916DF2}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}] - (Microsoft Edge) - -> "C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{990CB269-A600-38D0-B7D1-FBD392495F13}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vmware.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -t "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vmware.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -t "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3} Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: InstallServiceUserBroker - AppID: {0450178e-e3ee-46d8-9130-c0b84f169f53} Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96} Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A} Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: MainController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: MpUx Agent Host - AppID: {1111A26D-EF95-4A45-9F55-21E52ADF9887} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80} Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0} Name: Elevated - AppID: {13B6B196-AD7B-4C7F-9BDC-B1CB2EE86552} Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B} Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC} Name: PerAppRuntimeBroker - AppID: {15c20b67-12e7-4bb6-92bb-7aff07997402} Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A} Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A} Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC} Name: PerceptionSimulation - AppID: {1B162A5B-B67A-4468-9613-C3F9765B353B} Name: DebugTargetAdapters Class - AppID: {1b7778f3-fe54-443c-8729-1e78b0715299} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} Name: Experimentation Broker - AppID: {2568BFC5-CDBE-4585-B8AE-C403A2A5B84A} Name: Update Notification Component Com Handler - AppID: {25d6d937-1fa3-4a22-8875-8680943b3f29} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69} Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37} Name: Windows Security Health Service - AppID: {2EB6D15C-5239-41CF-82FB-353D20B816CF} Name: WaaSMedicSvc - AppID: {2ED83BAA-B2FD-43B1-99BF-E6149C622692} Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C} Name: ImmersiveShellBrokers - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD} Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606} Name: ie_to_edge_bho - AppID: {31575964-95F7-414B-85E4-0E9A93699E13} Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97} Name: UiaManagerCrossMachineProxyAppId - AppID: {31b965c2-d4a3-4d8e-ac40-a76d466cd0b7} Name: Delivery Optimization User - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F} Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90} Name: TrayAppIdentityResolver - AppID: {35BC523D-8BE9-496E-8257-026E8B4750FC} Name: CoreDpuWapSvr - AppID: {36234D6F-D9B8-404B-91C9-736BD2EE3040} Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d} Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB} Name: Security Health Agent Activate As Activator Host - AppID: {37096FBE-2F09-4FF6-8507-C6E4E1179893} Name: AppServiceContainerBroker - AppID: {37399c92-dc3f-4b55-ae5b-811ee82398ad} Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C} Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2} Name: MiracastTestRemoteCommandSender - AppID: {39214908-5362-44b4-97f4-1aa724d3e0da} Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E} Name: NaturalAuthentication - AppID: {412E0F20-6C5B-43EC-879F-DA444A416EAC} Name: Core Shell Broker Provider - AppID: {41928E27-7275-491C-A5A1-4FDC791BF609} Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85} Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C} Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E} Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849} Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB} Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: Security Health Agent Interactive User Host for WDSP only - AppID: {4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: Telephony Service UI Toast - AppID: {52B65EB7-907C-4D83-A535-283BE9104DE4} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E} Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b} Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212} Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Docking.VirtualInput Create Object Server - AppID: {5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26} Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6} Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309} Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1} Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF} Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: CoreShellHost - AppID: {64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: Recommended Troubleshooting Service - AppID: {6de5dc63-3c0c-4dda-9220-1028a37298ba} Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: SEMgrSvc - AppID: {6F4B8D94-91FE-4665-B1E7-A34AE3F299F6} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: MyPrivilegedObject32 - AppID: {6FBD442F-BAB8-470E-969A-F7073BC08E88} Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23} Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: WebPlatStorageBrokerServer - AppID: {7966b4d8-4fdc-4126-a10b-39a3209ad251} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: Security Health Agent Interactive User Host - AppID: {7E55A26D-EF95-4A45-9F55-21E52ADF9887} Name: Battery Notification Manager - AppID: {7EAD5C10-8B3F-11E6-AE22-56B6B6499611} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B} Name: UsoCoreWorker Class - AppID: {831EF03D-BAF2-46AD-81B6-6AA5C9E30317} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54} Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24} Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D} Name: AshampoZipObject64 - AppID: {8D8AC425-BE03-45A1-8A0E-EB478DB9308A} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2} Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139} Name: Wwan Service Toast Notification - AppID: {941C53C2-D2D7-4C74-84EA-28F8F6438D4B} Name: UiaManager - AppID: {94a38670-983b-459c-87c8-bb6ad617fd74} Name: PenIMC4v2 - AppID: {953E4863-7AD1-4DAE-B2BD-108F1D57967B} Name: WebPlatformStorageServer - AppID: {973d20d7-562d-44b9-b70b-5a0f49ccdf3f} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: Bluetooth User Service - AppID: {9980CAAB-B154-408C-B5FD-29A701E40825} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe} Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3} Name: Xhr2OOP - AppID: {a3a81ee7-be13-4dd8-89f7-26aba705d81d} Name: Virtual Factory for Windows Defender Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: Core Shell Service Provider - AppID: {A67168DB-418E-4087-B63E-852E822BB1ED} Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121} Name: ServiceModule - AppID: {A6B716CB-028B-404D-B72C-50E153DD68DA} Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: Core Shell LPAC Broker Provider - AppID: {A7E84C44-F0C0-44F9-A4F2-68B5EA50B200} Name: Delivery Optimization Managment - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} Name: Core Shell COM Server Registrar - AppID: {AA8F1F23-D819-4E95-9B36-7FD68D5218F9} Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C} Name: QuietHours App ID - AppID: {AB7BDC53-0BB5-44F5-9E25-C444313D4686} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: PaymentsSvc - AppID: {AC05815A-A8D5-434B-B9A8-2FFD162F2B7D} Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325} Name: Microsoft Volumetric Audio Compositor - AppID: {AD829705-CCA8-44D4-88E0-331E48336059} Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d} Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871} Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1} Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA} Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1} Name: WpcMonSvc - AppID: {B34F88D1-F26B-42D5-8DD5-A442303A05D7} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755} Name: Bluetooth AVCTP Service - AppID: {B98C6EB5-6AA7-471E-B5C5-D04FD677DB3B} Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145} Name: LxpSvc - AppID: {BCE82FB7-43F4-4827-A503-69E561667293} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41} Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b} Name: VailAudioProxy.exe - AppID: {BEEE3226-ECC5-464E-981B-BC123674C8DE} Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D} Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880} Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF} Name: Universal Print Management Service - AppID: {C08E4363-9771-4955-A002-09932AE4874B} Name: Spectrum - AppID: {C0E1CE99-C981-44A2-AC4C-41036FAC6593} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412} Name: RetailCoreSystemAgent Service - AppID: {C2EA2356-994C-45AF-BDAE-10796F73BC47} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3} Name: Input Switch Toast Handler - AppID: {C5DFE802-CE61-11E8-A8D5-F2801F1B9FD1} Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5} Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F} Name: JumpViewExecuteHelper - AppID: {c82192ee-6cb5-4bc0-9ef0-fb818773790a} Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: GraphicsPerfSvc - AppID: {cd93979b-c14e-4c29-87a4-75e4f9fa5e0a} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: BingDesktopUpdater - AppID: {CE41EBCF-17C0-4307-971E-03FEBCBB7D39} Name: ServiceModule - AppID: {CECDDD22-2E72-4832-9606-A9B0E5E344B2} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: MoUsoCoreWorker Class - AppID: {D726464B-98F1-4627-86CD-4A082A1E5307} Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6} Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61} Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F} Name: OneSetttings Broker - AppID: {E055B85B-22BD-4E15-A34D-46C58AB320AD} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: WinRTNet MUA hostserver AppID - AppID: {E4422CBC-05DF-4AF1-A84E-A5638479CDE7} Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: ContainerHostActivation - AppID: {e53cd6ee-5c5c-4701-9ff2-c204bfed819d} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A} Name: Exchange Active Sync Policy Manager Broker - AppID: {E9DD849F-B3CF-4614-94BB-CB2696BD34FB} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: Feature Usage Listener - AppID: {EAB99738-0ADF-4A53-856C-DE58AFDE7682} Name: SuspendablePerAppRuntimeBroker - AppID: {eadbb044-2aed-4aba-bab5-1f8ae07a4a0c} Name: Convert VHD - AppID: {eae61b75-98d8-4af9-94e6-84b1c6f77c8a} Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: MixedRealityCapture - AppID: {EE3C7093-A852-49BA-8AC8-7DFBEC469F72} Name: CloudExperienceHostAppManager - AppID: {EEABBBC4-12D0-48F4-A9C5-9AB471806C29} Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: ActivatableApplicationRegistrar - AppID: {f59bbec1-0907-4464-b04d-1da329585370} Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: Account Manager Service - AppID: {f7f34f79-6791-4d4e-9f15-9eaecd50bd78} Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-3-3215430884-1339816292-89257616-1145831019" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1111A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1111A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1111A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1111A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522" Win32_DCOMApplication.AppID="{1538524A-8AC3-4C33-BF0C-C2F9CE51DD50}" - Win32_SID.SID="S-1-5-84-0-0-0-0-0" Win32_DCOMApplication.AppID="{15c653f2-77f1-4cac-9644-656982d12f12}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{15c653f2-77f1-4cac-9644-656982d12f12}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{15c653f2-77f1-4cac-9644-656982d12f12}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{15c653f2-77f1-4cac-9644-656982d12f12}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{1B162A5B-B67A-4468-9613-C3F9765B353B}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522" Win32_DCOMApplication.AppID="{1B162A5B-B67A-4468-9613-C3F9765B353B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1B162A5B-B67A-4468-9613-C3F9765B353B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1B162A5B-B67A-4468-9613-C3F9765B353B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2A81FE91-95D7-487E-BBF8-B03308E54207}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{2A81FE91-95D7-487E-BBF8-B03308E54207}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422" Win32_DCOMApplication.AppID="{2A81FE91-95D7-487E-BBF8-B03308E54207}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2A81FE91-95D7-487E-BBF8-B03308E54207}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2A81FE91-95D7-487E-BBF8-B03308E54207}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{2ED83BAA-B2FD-43B1-99BF-E6149C622692}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{2ED83BAA-B2FD-43B1-99BF-E6149C622692}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2ED83BAA-B2FD-43B1-99BF-E6149C622692}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2ED83BAA-B2FD-43B1-99BF-E6149C622692}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{354ff91b-5e49-4bdc-a8e6-1cb6c6877182}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{354ff91b-5e49-4bdc-a8e6-1cb6c6877182}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{354ff91b-5e49-4bdc-a8e6-1cb6c6877182}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{354ff91b-5e49-4bdc-a8e6-1cb6c6877182}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{36234D6F-D9B8-404B-91C9-736BD2EE3040}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{37096FBE-2F09-4FF6-8507-C6E4E1179893}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{38E441FB-3D16-422F-8750-B2DACEC5CEFC}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{39214908-5362-44b4-97f4-1aa724d3e0da}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{39214908-5362-44b4-97f4-1aa724d3e0da}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{39214908-5362-44b4-97f4-1aa724d3e0da}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{39214908-5362-44b4-97f4-1aa724d3e0da}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-1" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-2" Win32_DCOMApplication.AppID="{3eb3c877-1f16-487c-9050-104dbcd66683}" - Win32_SID.SID="S-1-15-3-3" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{412E0F20-6C5B-43EC-879F-DA444A416EAC}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340" Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{4963f89b-261e-4ffa-ac2e-71a7d5a17071}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{4FE95D37-3459-4ECC-AC3E-F7ABBE4E8AED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{52B65EB7-907C-4D83-A535-283BE9104DE4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{52B65EB7-907C-4D83-A535-283BE9104DE4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{52B65EB7-907C-4D83-A535-283BE9104DE4}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-15-2-460998419-1048838040-1306765847-3036341007-2963401754-1630001092-3310782549" Win32_DCOMApplication.AppID="{5A4ED3BD-2F40-44B4-93DA-2B5ECC197B26}" - Win32_SID.SID="S-1-15-3-1024-2152139330-3124897132-671935159-3762809077-3273429135-2233686478-1435376800-2420532691" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{64bb4bed-73f6-4d74-a048-035b4f63ec98}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991" Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{64D4882D-CB4E-4ea2-95B5-CD77F8ED8AB2}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{6F4B8D94-91FE-4665-B1E7-A34AE3F299F6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{6FBD442F-BAB8-470E-969A-F7073BC08E88}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6FBD442F-BAB8-470E-969A-F7073BC08E88}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{7578dea3-a321-4d03-8b60-fc6749ae7385}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7966b4d8-4fdc-4126-a10b-39a3209ad251}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7E55A26D-EF95-4A45-9F55-21E52ADF9887}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7EAD5C10-8B3F-11E6-AE22-56B6B6499611}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{831EF03D-BAF2-46AD-81B6-6AA5C9E30317}" - Win32_SID.SID="S-1-5-80-223807737-1693445485-119162242-1977420160-1403034029" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{87df41c9-cb91-4709-849c-f8f3c7058b50}" - Win32_SID.SID="S-1-15-3-1024-79080987-3398622760-2608912076-1085899501-4039864605-4024366022-736258278-368603348" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-80-4155767994-3874329934-3800885181-2130851812-726865888" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D02CEE1-70BC-449A-B873-70AC08B2676A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D02CEE1-70BC-449A-B873-70AC08B2676A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{8D8AC425-BE03-45A1-8A0E-EB478DB9308A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8D8AC425-BE03-45A1-8A0E-EB478DB9308A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{941C53C2-D2D7-4C74-84EA-28F8F6438D4B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{941C53C2-D2D7-4C74-84EA-28F8F6438D4B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{941C53C2-D2D7-4C74-84EA-28F8F6438D4B}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{973d20d7-562d-44b9-b70b-5a0f49ccdf3f}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{9980CAAB-B154-408C-B5FD-29A701E40825}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9980CAAB-B154-408C-B5FD-29A701E40825}" - Win32_SID.SID="S-1-5-80-2586557155-168560303-1373426920-983201488-1499765686" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{9D73451F-6BFC-47C7-95FB-46598431BC19}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a3a81ee7-be13-4dd8-89f7-26aba705d81d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-3-1024-3623855041-1826999956-3747069818-3525260223-3747374510-1746272624-950601168-56556331" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-2165721414-884371012-2773947476-2437641138-4209659587-972658821-4033014341-190168586" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-2152139330-3124897132-671935159-3762809077-3273429135-2233686478-1435376800-2420532691" Win32_DCOMApplication.AppID="{A67168DB-418E-4087-B63E-852E822BB1ED}" - Win32_SID.SID="S-1-15-3-1024-3167453650-624722384-889205278-321484983-714554697-3592933102-807660695-1632717421" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AC05815A-A8D5-434B-B9A8-2FFD162F2B7D}" - Win32_SID.SID="S-1-15-3-1024-2922296261-1647482768-2017091146-3858667068-4135663662-2931985894-1627820925-818366431" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AD829705-CCA8-44D4-88E0-331E48336059}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AD829705-CCA8-44D4-88E0-331E48336059}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{AD829705-CCA8-44D4-88E0-331E48336059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-3-1024-79080987-3398622760-2608912076-1085899501-4039864605-4024366022-736258278-368603348" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B98C6EB5-6AA7-471E-B5C5-D04FD677DB3B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B98C6EB5-6AA7-471E-B5C5-D04FD677DB3B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{B98C6EB5-6AA7-471E-B5C5-D04FD677DB3B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{BEEE3226-ECC5-464E-981B-BC123674C8DE}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{BEEE3226-ECC5-464E-981B-BC123674C8DE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BEEE3226-ECC5-464E-981B-BC123674C8DE}" - Win32_SID.SID="S-1-5-7" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C08E4363-9771-4955-A002-09932AE4874B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-80-2731152606-4244467407-1946816704-3721569673-479255522" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-5-80-3246321066-2451215914-3422911474-2201726393-166328789" Win32_DCOMApplication.AppID="{C0E1CE99-C981-44A2-AC4C-41036FAC6593}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{C2EA2356-994C-45AF-BDAE-10796F73BC47}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{cd93979b-c14e-4c29-87a4-75e4f9fa5e0a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{D726464B-98F1-4627-86CD-4A082A1E5307}" - Win32_SID.SID="S-1-5-80-223807737-1693445485-119162242-1977420160-1403034029" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E4422CBC-05DF-4AF1-A84E-A5638479CDE7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E45A56CE-399C-45F0-9E6F-BFAACD3C711F}" - Win32_SID.SID="S-1-15-3-1024-1502825166-1963708345-2616377461-2562897074-4192028372-3968301570-1997628692-1435953622" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-7" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EE3C7093-A852-49BA-8AC8-7DFBEC469F72}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EE3C7093-A852-49BA-8AC8-7DFBEC469F72}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-5-7" Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}" - Win32_SID.SID="S-1-15-3-1024-1692970155-4054893335-185714091-3362601943-3526593181-1159816984-2199008581-497492991" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-1" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-2" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-3-3" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver browser "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc ConsentUxUserSvc DevicePickerUserSvc "McpManagementServiceGroup"=McpManagementService [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "AarSvcGroup"=AarSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\AppDataLow] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Ashampoo] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\ATI] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Avira] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Chromium] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\ESTsoft] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Google] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\HWiNFO32] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\iTop Easy Desktop] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\iTop Private Browser] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\KsL Software] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Partition Assistant] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Policies] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\RegisteredApplications] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Teleca] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Trolltech] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\URSoft] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\VMware, Inc.] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Wow6432Node] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Xilisoft] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\zum] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\BingDesktop] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Edge] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\EdgeUpdate] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Messaging] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Microsoft Management Console] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Nucleus] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\SkyDrive] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\VMware Player] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\VMware Workstation] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows Defender Security Center] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\RestartManager] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\Ashampoo] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\BullGuard Ltd.] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\iTop PDF] [HKLM\Software\Khronos] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Rocket Division Software] [HKLM\Software\Sentry] [HKLM\Software\VMware, Inc.] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AOMEI] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\CloudManagedUpdate] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CspSchema] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\DeclaredConfiguration] [HKLM\SOFTWARE\Microsoft\DevDiv] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\DiskSnapshot] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Edge] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\Pim] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\SMB1Uninstall] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TMM] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\VisualStudio] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\McpManagementServiceGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\Ashampoo] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\Eset] [HKLM\Software\WOW6432Node\ESTsoft] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\IObit] [HKLM\Software\WOW6432Node\iTop Easy Desktop] [HKLM\Software\WOW6432Node\iTop PDF] [HKLM\Software\WOW6432Node\iTop VPN] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\ThinPrint] [HKLM\Software\WOW6432Node\VMware, Inc.] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\X-AVCSD] [HKLM\Software\WOW6432Node\Xilisoft] [HKLM\Software\WOW6432Node\zum] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AOMEI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AudioCompressionManager] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BingDesktop] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DownloadManager] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\Edge] [HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\InputPersonalization] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\Personalization] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\RFC1156Agent] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\SoftGrid] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\VisualStudio] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | FeatureControl [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "Avira.Spotlight.UI.Application.exe"="1" [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "OneDrive.exe"="11000" "Avira.Spotlight.UI.Application.exe"="11001" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" "UNPUXHost.exe"="11000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_IE_SHELLEXECUTE_CALLS] "*"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="10" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_IE_SHELLEXECUTE_CALLS] "*"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.00000000000000000000000000000000] - [04/05/2023 10:31:42] - |D| - [192847515] - C:\Program Files (x86)\AOMEI Partition Assistant [MD5.00000000000000000000000000000000] - [05/05/2023 13:24:26] - |D| - [47239455] - C:\Program Files (x86)\Ashampoo [MD5.00000000000000000000000000000000] - [05/05/2023 11:30:14] - |D| - [221122144] - C:\Program Files (x86)\Avira [MD5.00000000000000000000000000000000] - [05/05/2023 13:14:51] - |D| - [63349485] - C:\Program Files (x86)\ESTsoft [MD5.00000000000000000000000000000000] - [05/05/2023 08:54:35] - |D| - [13357517924] - C:\Program Files (x86)\Galaxy S6 [MD5.00000000000000000000000000000000] - [04/05/2023 11:22:51] - |D| - [456962757] - C:\Program Files (x86)\IObit [MD5.00000000000000000000000000000000] - [05/05/2023 12:44:07] - |D| - [0] - C:\Program Files (x86)\iTop Screen Recorder [MD5.00000000000000000000000000000000] - [05/05/2023 08:53:47] - |D| - [84190469] - C:\Program Files (x86)\iTop VPN [MD5.00000000000000000000000000000000] - [05/05/2023 08:57:25] - |D| - [258151417] - C:\Program Files (x86)\Je veux vivre jusqu'à 48 ans [MD5.00000000000000000000000000000000] - [05/05/2023 08:56:28] - |D| - [69738039] - C:\Program Files (x86)\Jules Undersea Lodge [MD5.00000000000000000000000000000000] - [05/05/2023 08:58:59] - |D| - [162542535] - C:\Program Files (x86)\me couper les ongles et faire ma toilette moi même toute ma vie [MD5.00000000000000000000000000000000] - [04/05/2023 11:00:28] - |D| - [1098851980] - C:\Program Files (x86)\VMware [MD5.00000000000000000000000000000000] - [05/05/2023 09:13:34] - |D| - [94044217] - C:\Program Files (x86)\Xilisoft [MD5.00000000000000000000000000000000] - [06/05/2023 18:16:55] - |D| - [13400724] - C:\Program Files (x86)\Your Uninstaller! 7 [MD5.1E8049222F5C1F15E9EC15BCB91E9646] - [04/05/2023 10:32:00] - |A| - [2482680] - C:\Windows\ampa.exe [MD5.EA79AE52949222C24614195A39F86A06] - [04/05/2023 10:32:44] - |A| - [1332728] - C:\Windows\ddmmain.exe [MD5.00000000000000000000000000000000] - [04/05/2023 09:19:53] - |D| - [0] - C:\Windows\Minidump [MD5.AE158227F084D636104417DBF1D286EC] - [06/05/2023 15:21:57] - |A| - [70318] - C:\Windows\ntbtlog.txt [MD5.E9C0B1B55DEB76111A2BDC4483FFD719] - [06/05/2023 15:18:34] - |A| - [572] - C:\Windows\PAGa4.dat [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [06/05/2023 21:20:09] - |A| - [276] - C:\Windows\WindowsUpdate.log [MD5.00000000000000000000000000000000] - [06/05/2023 21:07:27] - |SHD| - [0] - C:\Windows\Installer\$PatchCache$ [MD5.F50CA75DB2856F4D6FBDC4985B084C23] - [04/05/2023 10:49:34] - |A| - [596537344] - C:\Windows\Installer\539905.msi [MD5.1B37DA0F9BCDE58769405FCEE037F8FC] - [04/05/2023 10:58:37] - |A| - [20480] - C:\Windows\Installer\SourceHash{0E992720-1330-4AB3-8155-255F79785535} [MD5.75E8B56EC4E1C64B44E578FB99A91C88] - [06/05/2023 21:07:32] - |A| - [20480] - C:\Windows\Installer\SourceHash{37B8F9C7-03FB-3253-8781-2517C99D7C00} [MD5.421589E405EB2FE5CF318D8162CF73EB] - [04/05/2023 10:54:33] - |A| - [20480] - C:\Windows\Installer\SourceHash{38624EB5-356D-4B08-8357-C33D89A5C0C5} [MD5.2C814A1FECDBE771756BFF3178586E2F] - [04/05/2023 10:50:41] - |A| - [20480] - C:\Windows\Installer\SourceHash{46E11E7F-01E1-44D0-BB86-C67342D253DD} [MD5.62198E96465A08BFC3A8F3E4749F6040] - [05/05/2023 11:51:04] - |A| - [20480] - C:\Windows\Installer\SourceHash{7D095455-D971-4D4C-9EFD-9AF6A6584F3A} [MD5.E385F8600EF1F24068013BEF0174F53C] - [04/05/2023 10:54:15] - |A| - [20480] - C:\Windows\Installer\SourceHash{A250E750-DB3F-40C1-8460-8EF77C7582DA} [MD5.A89FC0056609589F710D4164F64CA801] - [06/05/2023 21:08:25] - |A| - [20480] - C:\Windows\Installer\SourceHash{B175520C-86A2-35A7-8619-86DC379688B9} [MD5.6E7B906403E90261F3524DF92F154372] - [04/05/2023 08:44:04] - |A| - [20480] - C:\Windows\Installer\SourceHash{BB052C53-34CB-42DE-AF41-66FDFCEEC868} [MD5.4178F892B1FCD42FA819E92C0805061A] - [06/05/2023 21:08:20] - |A| - [20480] - C:\Windows\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} [MD5.140D5CC0346C194224E3CE827C7C82C0] - [04/05/2023 10:54:29] - |A| - [20480] - C:\Windows\Installer\SourceHash{C96241EA-9900-4FE8-85B3-1E238D509DF6} [MD5.7273511FE7D6B8E2844BFF6EB60A785F] - [06/05/2023 21:07:26] - |A| - [20480] - C:\Windows\Installer\SourceHash{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97} [MD5.2E1B8E8D0E47FF9328757A5E2B5468EF] - [05/05/2023 09:14:18] - |A| - [20480] - C:\Windows\Installer\SourceHash{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} [MD5.00000000000000000000000000000000] - [04/05/2023 11:01:52] - |D| - [24070] - C:\Windows\Installer\{0E992720-1330-4AB3-8155-255F79785535} [MD5.00000000000000000000000000000000] - [05/05/2023 11:53:41] - |D| - [123570] - C:\Windows\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A} [MD5.00000000000000000000000000000000] - [06/05/2023 19:32:52] - |D| - [86171006] - C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161} [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\64 [MD5.D0C50C113FE59C21AD59932E6B9C202F] - [04/05/2023 10:32:01] - |A| - [38320] - C:\Windows\system32\ampa.sys [MD5.DF6465F349C9CBDF3FCEB3F198E8FCB6] - [04/05/2023 10:32:44] - |A| - [35760] - C:\Windows\system32\ddmdrv.sys [MD5.2322AC4F74D5033E8AF0EBD85DFC677B] - [05/05/2023 16:32:56] - |A| - [34304] - C:\Windows\system32\DfSdkBt.exe [MD5.00000000000000000000000000000000] - [04/05/2023 11:02:34] - |DC| - [671111] - C:\Windows\system32\DRVSTORE [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\Help [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\Icons [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\lang [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2023 20:46:30] - |A| - [0] - C:\Windows\system32\rtp.db [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\Sfxs [MD5.00000000000000000000000000000000] - [05/05/2023 13:59:09] - |D| - [0] - C:\Windows\system32\Skins [MD5.7D9F03E7DC7B03F7F3FA671342CD35F7] - [04/05/2023 11:03:19] - |A| - [119792] - C:\Windows\system32\vnetinst.dll [MD5.0897C4CCD576CAC46DFF23C11098FAD4] - [04/05/2023 11:03:02] - |A| - [1320608] - C:\Windows\system32\vnetlib64.dll [MD5.ABE700A6459D2D6FC9774E0277350ECF] - [04/05/2023 11:05:06] - |A| - [31120] - C:\Windows\system32\vsocklib.dll [MD5.2920C5CA201D21FAADACA2E7C64F66B3] - [06/05/2023 20:44:24] - |A| - [190712] - C:\Windows\system32\Drivers\BdNet.sys [MD5.0830A4412E692678666BE008EB289BD5] - [06/05/2023 20:44:25] - |A| - [263000] - C:\Windows\system32\Drivers\BdSentry.sys [MD5.EA0BEF1187B8C4BDAE52D762B97713E1] - [04/05/2023 11:02:34] - |A| - [84480] - C:\Windows\system32\Drivers\hcmon.sys [MD5.AA2931C179549F63B31F722792D5745E] - [05/05/2023 12:59:30] - |A| - [42360] - C:\Windows\system32\Drivers\IMFCameraProtect.sys.osdezz [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/05/2023 08:39:11] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [MD5.3A56E311E9255CAB39F8ACF5F3E6DE04] - [06/05/2023 20:46:39] - |A| - [117080] - C:\Windows\system32\Drivers\netprotection_network_filter.sys [MD5.A7773330374065D93F351E2572409247] - [06/05/2023 20:44:24] - |A| - [28672] - C:\Windows\system32\Drivers\rtp_elam.sys [MD5.143DB2881FD6A9F77B30E05F4C594669] - [06/05/2023 20:44:24] - |A| - [208704] - C:\Windows\system32\Drivers\rtp_filesystem_filter.sys [MD5.C39BD9EF2803E02403FDC39F7E855D06] - [06/05/2023 20:44:24] - |A| - [345408] - C:\Windows\system32\Drivers\rtp_filter.sys [MD5.71B738C76988ADBFB58932C951E7BC2F] - [06/05/2023 20:44:24] - |A| - [194928] - C:\Windows\system32\Drivers\rtp_process_monitor.sys [MD5.FCFF82933DDCAE1B07EA1C7196C63247] - [06/05/2023 20:44:24] - |A| - [41840] - C:\Windows\system32\Drivers\rtp_traverse.sys [MD5.CBF51205BCD29E15EBDC566CD550412F] - [05/05/2023 08:40:05] - |A| - [167440] - C:\Windows\system32\Drivers\ssudbus2.sys [MD5.1C5FD22FF5D42A4F2CA92F958EF00E6A] - [05/05/2023 08:49:29] - |A| - [174112] - C:\Windows\system32\Drivers\ssudmdm.sys [MD5.20A25BC75A024A85C976139494AD6627] - [04/05/2023 11:04:46] - |A| - [60344] - C:\Windows\system32\Drivers\vmkbd.sys [MD5.67E0EC5F275CC3A13833671ADEA446FC] - [04/05/2023 11:03:19] - |A| - [44544] - C:\Windows\system32\Drivers\vmnetuserif.sys [MD5.94908DCE6DBAB7AD5B73B579CBA01C52] - [04/05/2023 11:04:50] - |A| - [99768] - C:\Windows\system32\Drivers\vmx86.sys [MD5.64BA085BB02E9ECF3B21F0377199289F] - [04/05/2023 11:05:06] - |A| - [88976] - C:\Windows\system32\Drivers\vsock.sys [MD5.D0C50C113FE59C21AD59932E6B9C202F] - [04/05/2023 10:34:18] - |A| - [38320] - C:\Windows\syswow64\ampa.sys [MD5.DA5B296D710B63E1C5B9D17128C7C7EA] - [04/05/2023 11:01:58] - |A| - [813634] - C:\Windows\syswow64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - [06/05/2023 20:48:34] - |D| - [8192] - C:\Windows\syswow64\statReporter [MD5.6EE023F00CD791995A88EC3FAC5C7DEE] - [04/05/2023 11:03:20] - |A| - [428184] - C:\Windows\syswow64\vmnat.exe [MD5.AC4003E530A811EC438B3F5CAA06077B] - [04/05/2023 11:03:30] - |A| - [384304] - C:\Windows\syswow64\vmnetdhcp.exe [MD5.F7D359D175826BF28056AE1CBE1A02D9] - [04/05/2023 11:05:06] - |A| - [26512] - C:\Windows\syswow64\vsocklib.dll ---------- | Drives D: [19/01/2023 13:34:38] - |A| - (.-.) - [2154] - (0.0.0.0) - D:\COMODO Internet Security Premium.lnk [19/01/2023 13:34:38] - |A| - (.-.) - [2138] - (0.0.0.0) - D:\Comodo Secure Shopping.lnk [19/01/2023 13:36:01] - |A| - (.-.) - [1262] - (0.0.0.0) - D:\IObit Malware Fighter.lnk [19/01/2023 13:36:01] - |A| - (.-.) - [1421] - (0.0.0.0) - D:\IObit Software Updater.lnk [19/01/2023 13:36:01] - |A| - (.-.) - [1091] - (0.0.0.0) - D:\iTop VPN.lnk [19/01/2023 13:29:40] - |A| - (.-.) - [2841] - (0.0.0.0) - D:\Sophos Virus Removal Tool.lnk [19/01/2023 13:29:44] - |A| - (.-.) - [878] - (0.0.0.0) - D:\ZHPCleaner.lnk [19/01/2023 13:33:23] - |A| - (.-.) - [0] - (0.0.0.0) - D:\Adaware_protect_Installer (1).exe [19/01/2023 13:33:23] - |A| - (.-.) - [13252600] - (0.0.0.0) - D:\Adaware_protect_Installer.exe [04/01/2023 13:50:16] - |A| - (.Copyright (c) Microsoft Corporation. - Windows Assessment and Deployment Kit Windows Preinstallation Environment Add-ons - Windows 10.) - [1359048] - (10.1.19041.1) - D:\adkwinpesetup.exe [19/01/2023 13:33:29] - |A| - (.Copyright(C) 2002-2022 Alcohol Soft Development Team - Alcohol 120% 2.1.1.2201 Setup.) - [12996256] - (4.45.1.2201) - D:\Alcohol120_trial_2.1.1.2201.exe [04/01/2023 18:02:32] - |A| - (.Ashampoo GmbH & Co. KG - Ashampoo UnInstaller 12 Setup .) - [28727032] - (12.0.11.0) - D:\ashampoo_uninstaller_12_12.00.11_sm.exe [19/01/2023 13:34:22] - |A| - (. - AudioRanger Setup .) - [10326504] - (3.4.3.0) - D:\AudioRangerSetup.exe [19/01/2023 13:34:24] - |A| - (.-.) - [6306000] - (0.0.0.0) - D:\avira_en_aps10_4038334424_y1w138e32zxnj2s0t39m_wdp.exe [19/01/2023 13:34:26] - |A| - (.Copyright © 2023 Avira Operations GmbH & Co. KG and its Licensors - Avira Security.) - [6306000] - (1.0.40.2) - D:\avira_fr_sptl1_643296187-1674075398__pavwws.exe [19/01/2023 13:34:38] - |A| - (.Copyright (C) 2010-2014 Andrea Russo - Italy - Clam Sentinel Setup .) - [737886] - (1.22.0.0) - D:\ClamSentinel1.22.exe [09/01/2023 17:15:55] - |A| - (.Carifred.com - Clear Disk Info.) - [955160] - (4.1.0.0) - D:\ClearDiskInfo.exe [19/01/2023 13:34:41] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1161312] - (3.0.0.5208) - D:\CyberLink_ActionDirector_Downloader.exe [19/01/2023 13:34:42] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1176560] - (3.0.0.7710) - D:\CyberLink_Director_Suite_Downloader.exe [04/01/2023 15:02:56] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1174128] - (3.0.0.2816) - D:\CyberLink_Media_Suite_Downloader.exe [01/01/2023 10:27:40] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1089304] - (2.9.1.8012) - D:\CyberLink_Media_Suite_v14.0.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [596448] - (3.0.2.3714) - D:\CyberLink_PerfectCam_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1174200] - (3.0.0.2816) - D:\CyberLink_Power2Go_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1180128] - (3.0.0.8212) - D:\CyberLink_PowerDirector_Business_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1179616] - (3.0.0.8212) - D:\CyberLink_PowerDVD_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1174200] - (3.0.0.2816) - D:\CyberLink_PowerProducer_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1180128] - (3.0.0.8212) - D:\CyberLink_Screen_Recorder_Downloader.exe [19/01/2023 13:34:43] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1176544] - (3.0.0.7710) - D:\CyberLink_YouCam_Downloader.exe [09/01/2023 15:12:26] - |A| - (.(c) 2006-2022 Digital Wave Ltd - Free Studio Setup .) - [105610760] - (6.7.7.1110) - D:\FreeStudio_6.7.7.1110_d.exe [19/01/2023 13:35:51] - |A| - (.(c) 2006-2022 Digital Wave Ltd - Free Studio Setup .) - [105610760] - (6.7.7.1110) - D:\FreeStudio_6.7.7.1110_o.exe [19/01/2023 13:36:02] - |A| - (.© Apple Inc. - iTunes Installer.) - [210495816] - (12.9.4.102) - D:\iTunesSetup.exe [19/01/2023 13:36:17] - |A| - (.Copyright (C) 2013-2017 SosVirus Software - Look_my_hardware.) - [1239464] - (26.4.17.1) - D:\look-my-hardware_2_26.04.17.1.exe [09/01/2023 16:39:08] - |A| - (.Copyright (C) 2017 - 2020 Malwarebytes, Inc. - Malwarebytes Setup.) - [199196264] - (4.3.0.210) - D:\mb4-setup-adwc.adwc100.4.3.0.210.exe [30/12/2022 12:33:49] - |A| - (.Copyright Microsoft Corporation - Microsoft Edge Update Setup.) - [1608000] - (1.3.171.37) - D:\MicrosoftEdgeSetup.exe [14/01/2023 17:44:26] - |A| - (.ResetBrowser - Comment Supprimer ? - ResetBrowser.) - [1622016] - (0.1.1.2) - D:\ResetBrowser-v1.1.exe [04/01/2023 14:50:35] - |A| - (.Copyright © 2022 Systweak Software, All rights reserved - Systweak Antivirus Setup .) - [33558248] - (1.0.1001.2493) - D:\savsetupg_direct-_hp_menu_wp_dl.exe [04/01/2023 14:49:59] - |A| - (.Copyright © 2022 Systweak Software, All rights reserved - Systweak Antivirus Setup .) - [33558248] - (1.0.1001.2493) - D:\savsetupipg_direct-_hp_menu_wp_dl.exe [19/01/2023 13:29:41] - |A| - (.Copyright (c) 2018, Spotify Ltd - SpotifyInstaller.) - [736240] - (1.0.89.313) - D:\spotify_1.0.89.313.exe [04/01/2023 14:52:01] - |A| - (.Copyright © 2022 Systweak Software, All rights reserved - Systweak Software Updater Setup .) - [7396512] - (1.0.0.40303) - D:\ssusetupg_direct-_hp_menu_wp_dl.exe [04/01/2023 14:51:26] - |A| - (.Copyright © 2022 Systweak Software, All rights reserved - Systweak VPN Setup .) - [14044224] - (1.0.0.59) - D:\svpnsetupipg_direct-_hp_menu_wp_dl.exe [09/01/2023 17:11:59] - |A| - (.Copyright 2008-2014, Sysnative - Diagnostic Logfile Collection.) - [175952] - (4.6.0.0) - D:\SysnativeBSODCollectionApp.exe [09/01/2023 16:53:33] - |A| - (.-.) - [1331856] - (0.0.0.0) - D:\Tweaking.com-RepairWindowsUpdates.exe [14/01/2023 19:44:11] - |A| - (.Copyright ©2011 - 2023 - Setup Application.) - [56651952] - (4.13.0.1) - D:\tweaking.com_windows_repair_aio_setup (1).exe [14/01/2023 19:43:50] - |A| - (.Copyright ©2011 - 2023 - Setup Application.) - [56651952] - (4.13.0.1) - D:\tweaking.com_windows_repair_aio_setup.exe [14/01/2023 18:04:05] - |A| - (.Kurt Zimmermann © 2017 - Installer.) - [12438016] - (1.0.0.1) - D:\TweakPower-1.004.exe [04/01/2023 16:14:11] - |A| - (.2008 - 2022 Manuel Hoefs (Zottel) - Windows UltraUXThemePatcher.) - [163390] - (4.4.0.0) - D:\UltraUXThemePatcher_4.4.0.exe [13/12/2022 13:06:25] - |A| - (.Copyright © Alexander Roshal 1993-2022 - WinRAR archiver.) - [3581328] - (6.11.0.0) - D:\winrar-x64-611fr.exe [04/01/2023 18:19:07] - |A| - (.WiseCleaner.com - Wise Program Uninstaller .) - [11011296] - (3.1.1.253) - D:\WPUSetup_3.1.1.253 (1).exe [04/01/2023 18:18:57] - |A| - (.WiseCleaner.com - Wise Program Uninstaller .) - [11011296] - (3.1.1.253) - D:\WPUSetup_3.1.1.253.exe [14/01/2023 20:37:46] - |A| - (.Nicolas Coolman - ZHPCleaner.) - [3306184] - (2023.1.10.2) - D:\ZHPCleaner.exe [14/01/2023 20:39:34] - |A| - (.Nicolas Coolman - ZHPDiag.) - [3311816] - (2023.1.10.2) - D:\ZHPDiag3.exe [14/01/2023 20:30:14] - |A| - (.Nicolas Coolman - ZHPSuite.) - [3510472] - (2023.1.10.2) - D:\ZHPSuite.exe [19/01/2023 13:29:45] - |A| - (.Copyright 2007-2010 Google Inc. - CheckPoint Update Setup.) - [1130984] - (1.3.99.0) - D:\ZoneAlarmNGSetup_ZANG3_PRO.exe E: F: G: [25/03/2023 07:47:24] - |A| - (.-.) - [1057] - (0.0.0.0) - G:\Internet Explorer.lnk [25/03/2023 07:47:24] - |A| - (.-.) - [825] - (0.0.0.0) - G:\Tixati.lnk [25/03/2023 07:47:24] - |A| - (.-.) - [1025] - (0.0.0.0) - G:\Vuze Leap.lnk [06/05/2023 20:03:25] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - G:\AdsFix (1).exe [06/05/2023 20:03:25] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - G:\AdsFix.exe [06/05/2023 20:03:25] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - G:\FSS.exe [06/05/2023 20:03:26] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - G:\rfasetup.exe [06/05/2023 20:03:23] - |A| - (.-.) - [65081420] - (0.0.0.0) - G:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [06/05/2023 20:03:25] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - G:\yusetup.exe J: [06/05/2023 20:03:49] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - J:\FSS.exe [06/05/2023 20:03:49] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - J:\yusetup.exe [06/05/2023 20:03:49] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - J:\AdsFix (1).exe [06/05/2023 20:03:49] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - J:\AdsFix.exe [06/05/2023 20:03:50] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - J:\rfasetup.exe [06/05/2023 20:03:50] - |A| - (.-.) - [65081420] - (0.0.0.0) - J:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe K: [10/11/2022 17:35:49] - |A| - (.-.) - [1215] - (0.0.0.0) - K:\AIDA32.lnk [10/11/2022 17:36:02] - |A| - (.-.) - [2580] - (0.0.0.0) - K:\Avast Secure Browser.lnk [10/11/2022 17:36:03] - |A| - (.-.) - [2879] - (0.0.0.0) - K:\BitTorrent.lnk [10/11/2022 17:21:47] - |A| - (.-.) - [2311] - (0.0.0.0) - K:\Google Chrome.lnk [10/11/2022 17:21:48] - |A| - (.-.) - [1615] - (0.0.0.0) - K:\HD Tune Pro.lnk [10/11/2022 17:21:48] - |A| - (.-.) - [1506] - (0.0.0.0) - K:\Navigateur Opera.lnk [10/11/2022 17:21:50] - |A| - (.-.) - [1491] - (0.0.0.0) - K:\Stellar Phoenix Windows Data Recovery.lnk [10/11/2022 17:21:50] - |A| - (.-.) - [2274] - (0.0.0.0) - K:\SumatraPDF.lnk [10/11/2022 17:21:52] - |A| - (.-.) - [2034] - (0.0.0.0) - K:\uTorrent Web.lnk [06/05/2023 20:04:01] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - K:\AdsFix (1).exe [06/05/2023 20:04:01] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - K:\AdsFix.exe [10/11/2022 17:35:52] - |A| - (.Anvisoft Company - Anvi Folder Locker Installation.) - [14631312] - (1.2.1370.0) - K:\anvi-folder-locker-1-2-1370-0-en-win.exe [09/02/2023 12:19:42] - |A| - (.-.) - [0] - (0.0.0.0) - K:\ashampoo_internet_accelerator_3_3.30_sm.exe [09/02/2023 12:20:03] - |A| - (.Copyright (C) 2010-2014 Andrea Russo - Italy - Clam Sentinel Setup .) - [737886] - (1.22.0.0) - K:\ClamSentinel1.22.exe [09/02/2023 12:20:08] - |A| - (. - ClamWin Free Antivirus Setup .) - [236832861] - (0.0.0.0) - K:\clamwin-0.103.2.1-setup.exe [06/05/2023 20:04:01] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - K:\FSS.exe [10/11/2022 19:31:59] - |A| - (.Bernat - Java Runtime Environment 64 bit Portable.) - [53256489] - (0.0.0.0) - K:\Java_Portable_8.0.351.10_64-bit.exe [09/02/2023 12:20:40] - |A| - (.Copyright (c)2021-2023 KeepStreams Software Inc. - KeepStreams.) - [8072800] - (1.0.0.0) - K:\keepstreams_online_1162.exe [10/11/2022 19:32:05] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [6025208] - (22.0.1.0) - K:\PortableApps.com_Platform_Setup_22.0.1.paf.exe [09/02/2023 12:23:05] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [6062008] - (24.0.0.0) - K:\PortableApps.com_Platform_Setup_24.0.paf.exe [06/05/2023 20:04:01] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - K:\rfasetup.exe [06/05/2023 20:04:01] - |A| - (.-.) - [65081420] - (0.0.0.0) - K:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [09/02/2023 12:18:56] - |A| - (.Copyright ©2011 - 2023 - Setup Application.) - [56651952] - (4.13.0.1) - K:\tweaking.com_windows_repair_aio_setup.exe [09/02/2023 12:18:58] - |A| - (.Copyright © Alexander Roshal 1993-2021 - WinRAR archiver.) - [3333552] - (6.1.0.0) - K:\winrar-x64-601.exe [06/05/2023 20:04:01] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - K:\yusetup.exe L: [06/05/2023 20:04:10] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - L:\AdsFix (1).exe [06/05/2023 20:04:10] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - L:\AdsFix.exe [13/02/2023 11:09:58] - |A| - (.-.) - [1035970816] - (0.0.0.0) - L:\CyberLinkDirectorSuite7.0_Trial_DRS180831-01_TR180913-025.exe [06/05/2023 20:04:10] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - L:\FSS.exe [10/11/2022 19:36:51] - |A| - (.Bernat - Java Runtime Environment 64 bit Portable.) - [53256489] - (0.0.0.0) - L:\Java_Portable_8.0.351.10_64-bit.exe [10/11/2022 19:36:57] - |A| - (.PortableApps.com - PortableApps.com Platform.) - [6025208] - (22.0.1.0) - L:\PortableApps.com_Platform_Setup_22.0.1.paf.exe [06/05/2023 20:04:10] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - L:\rfasetup.exe [06/05/2023 20:04:10] - |A| - (.-.) - [65081420] - (0.0.0.0) - L:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [10/11/2022 19:36:50] - |A| - (.©2020 BitTorrent, Inc. All Rights Reserved - µTorrent® Classic .) - [1763848] - (3.5.0.0) - L:\uTorrent.exe [06/05/2023 20:04:10] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - L:\yusetup.exe N: O: [06/05/2023 20:04:31] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - O:\FSS.exe [06/05/2023 20:04:31] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - O:\yusetup.exe [06/05/2023 20:04:31] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - O:\AdsFix (1).exe [06/05/2023 20:04:31] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - O:\AdsFix.exe [06/05/2023 20:04:31] - |A| - (.-.) - [65081420] - (0.0.0.0) - O:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [06/05/2023 20:04:31] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - O:\rfasetup.exe P: [26/01/2023 17:20:48] - |A| - (.-.) - [450] - (0.0.0.0) - P:\Poursuivez l'installation de CorelDRAW Graphics Suite.lnk [23/02/2023 03:15:30] - |A| - (.-.) - [0] - (0.0.0.0) - P:\GiveawayClub_Magix_Music_Maker.exe [21/02/2023 09:05:26] - |A| - (.-.) - [0] - (0.0.0.0) - P:\ad-aware&comodo_bundle2019_setup_sib.exe [25/02/2023 00:04:42] - |A| - (.-.) - [0] - (0.0.0.0) - P:\Adaware_protect_Installer (1).exe [21/02/2023 09:05:34] - |A| - (.-.) - [0] - (0.0.0.0) - P:\apower-manager.exe [21/02/2023 09:05:38] - |A| - (.-.) - [0] - (0.0.0.0) - P:\ApplicationManager_v1318_rv200683(1.3)_STD_APM190117-01.exe [21/02/2023 09:05:40] - |A| - (.-.) - [0] - (0.0.0.0) - P:\ashampoo_snap_10_10.0.8_sm.exe [21/02/2023 09:05:40] - |A| - (.-.) - [0] - (0.0.0.0) - P:\ashampoo_snap_9_9.0.6_sm.exe [06/05/2023 20:05:01] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - P:\FSS.exe [06/05/2023 20:05:01] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - P:\yusetup.exe [06/05/2023 20:05:02] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - P:\AdsFix (1).exe [06/05/2023 20:05:02] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - P:\AdsFix.exe [06/05/2023 20:05:00] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - P:\rfasetup.exe [06/05/2023 20:05:00] - |A| - (.-.) - [65081420] - (0.0.0.0) - P:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [30/04/2019 05:21:20] - |A| - (.-.) - [712] - (0.0.0.0) - P:\ZentimoSettings.ini [23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - P:\pmp_usb (2).ini [23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - P:\pmp_usb (3).ini [23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - P:\pmp_usb.ini U: [06/05/2023 20:32:00] - |A| - (.-.) - [1380] - (0.0.0.0) - U:\Android.lnk [06/05/2023 20:32:01] - |A| - (.-.) - [2311] - (0.0.0.0) - U:\balenaEtcher.lnk [06/05/2023 20:32:01] - |A| - (.-.) - [1391] - (0.0.0.0) - U:\Download.lnk [06/05/2023 20:32:01] - |A| - (.-.) - [1928] - (0.0.0.0) - U:\I a sifafache incrusterem uef en widen53.lnk [06/05/2023 20:33:27] - |A| - (.-.) - [1061] - (0.0.0.0) - U:\Internet Explorer.lnk [06/05/2023 20:33:29] - |A| - (.-.) - [1380] - (0.0.0.0) - U:\Mobizen.lnk [06/05/2023 20:33:30] - |A| - (.-.) - [1360] - (0.0.0.0) - U:\Nisse.lnk [06/05/2023 20:33:31] - |A| - (.-.) - [1227] - (0.0.0.0) - U:\Pre_Scan_Donate.lnk [06/05/2023 20:33:31] - |A| - (.-.) - [1571] - (0.0.0.0) - U:\Pre_Scan_Restore.lnk [06/05/2023 20:33:57] - |A| - (.-.) - [1451] - (0.0.0.0) - U:\Voice Recorder.lnk [06/05/2023 20:33:58] - |A| - (.-.) - [1868] - (0.0.0.0) - U:\Voix 001.lnk [06/05/2023 20:33:59] - |A| - (.-.) - [1155] - (0.0.0.0) - U:\Your Unin-staller!.lnk [20/01/2023 17:29:22] - |A| - (.-.) - [2504624] - (0.0.0.0) - U:\wubi.exe [06/05/2023 20:05:18] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - U:\FSS.exe [06/05/2023 20:05:18] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - U:\yusetup.exe [06/05/2023 20:05:19] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - U:\AdsFix (1).exe [06/05/2023 20:05:19] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - U:\AdsFix.exe [06/05/2023 20:05:18] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - U:\rfasetup.exe [06/05/2023 20:05:18] - |A| - (.-.) - [65081420] - (0.0.0.0) - U:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [06/05/2023 20:33:31] - |A| - (.Copyright (C) 2013-2019 SosVirus Software - Pre_Scan.) - [3082136] - (18.10.19.1) - U:\pre-scan_V9_18.10.19.1.exe [06/05/2023 20:34:00] - |A| - (.© IObit. - Advanced SystemCare .) - [41819664] - (16.0.0.55) - U:\advanced-systemcare-setup16-beta.exe [06/05/2023 20:34:11] - |A| - (.Ashampoo GmbH & Co. KG - Ashampoo Snap 15 Setup .) - [147400632] - (15.0.5.0) - U:\ashampoo_snap_15_15.0.5_sm.exe [06/05/2023 20:34:29] - |A| - (.Copyright © 2023 Avira Operations GmbH and its Licensors - Avira Security.) - [6515704] - (1.0.42.2) - U:\avira_en_aps10_4074922715_v93nhtyvifbjq5fbbx17_wdp.exe [06/05/2023 20:34:30] - |A| - (.© Microsoft Corporation. - Win32 Cabinet Self-Extractor .) - [10438872] - (6.0.2800.1168) - U:\bing-desktop_1-3-472-0_fr_413612.exe [06/05/2023 20:34:31] - |A| - (.Copyright (c) ESET, spol. s r.o. 1992-2022. - ESET Online Scanner.) - [15274968] - (10.23.31.0) - U:\esetonlinescanner.exe [06/05/2023 20:34:33] - |A| - (.© IObit. - IObit Malware Fighter .) - [62272928] - (10.2.0.1023) - U:\iobit_malware_fighter_setup (1).exe [06/05/2023 20:34:39] - |A| - (.© IObit. - IObit Malware Fighter .) - [62272928] - (10.2.0.1023) - U:\iobit_malware_fighter_setup (2).exe [06/05/2023 20:34:45] - |A| - (.© IObit. - IObit Malware Fighter .) - [62272928] - (10.2.0.1023) - U:\iobit_malware_fighter_setup (3).exe [06/05/2023 20:34:52] - |A| - (.© IObit. - IObit Malware Fighter .) - [62272928] - (10.2.0.1023) - U:\iobit_malware_fighter_setup.exe [06/05/2023 20:34:58] - |A| - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) - [957952] - (3.3.12.0) - U:\ListParts64.exe [06/05/2023 20:34:58] - |A| - (. - .) - [50977032] - (9.15.0.0) - U:\PAssist_Std_20230504.4191129.exe [06/05/2023 20:35:03] - |A| - (.Copyright © 1998-2022 VMware, Inc. - VMware installation launcher.) - [637409472] - (17.0.0.34456) - U:\VMware-workstation-full-17.0.0-20800274.exe [06/05/2023 20:36:06] - |A| - (.-.) - [38816360] - (0.0.0.0) - U:\x-download-youtube-video5-fr.exe [20/01/2023 17:25:45] - |A| - (.-.) - [134] - (0.0.0.0) - U:\autorun.inf W: [03/03/2023 08:37:25] - |A| - (.-.) - [1286] - (0.0.0.0) - W:\ESET Online Scanner.lnk [03/03/2023 08:37:25] - |A| - (.-.) - [2518] - (0.0.0.0) - W:\balenaEtcher.lnk [03/03/2023 08:37:26] - |A| - (.-.) - [1223] - (0.0.0.0) - W:\Pre_Scan_Donate.lnk [06/04/2021 14:44:38] - |A| - (.-.) - [1730] - (0.0.0.0) - W:\Météo.lnk [06/04/2021 09:48:30] - |A| - (.-.) - [1602] - (0.0.0.0) - W:\Skype.lnk [03/03/2023 08:37:26] - |A| - (.-.) - [1563] - (0.0.0.0) - W:\Pre_Scan_Restore.lnk [06/04/2021 14:44:38] - |A| - (.-.) - [807] - (0.0.0.0) - W:\Mes Vidéos.lnk [06/04/2021 09:48:30] - |A| - (.-.) - [1516] - (0.0.0.0) - W:\Sécurité Windows.lnk [06/04/2021 14:44:41] - |A| - (.-.) - [1589] - (0.0.0.0) - W:\Pense-bêtes.lnk [06/04/2021 09:48:27] - |A| - (.-.) - [1677] - (0.0.0.0) - W:\Paint 3D.lnk [06/04/2021 09:48:28] - |A| - (.-.) - [1545] - (0.0.0.0) - W:\Photos.lnk [06/04/2021 14:44:42] - |A| - (.-.) - [1621] - (0.0.0.0) - W:\Print 3D.lnk [06/04/2021 14:44:45] - |A| - (.-.) - [1549] - (0.0.0.0) - W:\Votre téléphone.lnk [06/04/2021 14:44:45] - |A| - (.-.) - [1295] - (0.0.0.0) - W:\005[1] - Raccourci.lnk [06/04/2021 14:44:45] - |A| - (.-.) - [1630] - (0.0.0.0) - W:\Alarmes et horloge.lnk [06/04/2021 14:44:45] - |A| - (.-.) - [1605] - (0.0.0.0) - W:\Calculatrice.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1822] - (0.0.0.0) - W:\Calendrier.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1713] - (0.0.0.0) - W:\Caméra.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1509] - (0.0.0.0) - W:\Candy Crush Friends.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1481] - (0.0.0.0) - W:\Candy Crush Saga.lnk [06/04/2021 09:48:39] - |A| - (.-.) - [817] - (0.0.0.0) - W:\Mes Images.lnk [06/04/2021 09:48:39] - |A| - (.-.) - [804] - (0.0.0.0) - W:\Mes Musiques.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1733] - (0.0.0.0) - W:\Capture d'écran et croquis.lnk [06/04/2021 09:48:39] - |A| - (.-.) - [1769] - (0.0.0.0) - W:\Microsoft News les actualités à ne pas manquer.lnk [06/04/2021 09:48:39] - |A| - (.-.) - [1825] - (0.0.0.0) - W:\Microsoft Solitaire Collection.lnk [06/04/2021 14:44:46] - |A| - (.-.) - [1561] - (0.0.0.0) - W:\Cartes.lnk [06/04/2021 14:44:38] - |A| - (.-.) - [1962] - (0.0.0.0) - W:\Éditeur de vidéo.lnk [06/04/2021 14:44:38] - |A| - (.-.) - [1072] - (0.0.0.0) - W:\Mes Favoris.lnk [03/03/2023 08:37:25] - |A| - (.-.) - [1057] - (0.0.0.0) - W:\Internet Explorer.lnk [03/03/2023 08:37:26] - |A| - (.-.) - [879] - (0.0.0.0) - W:\ZHPDiag.lnk [06/05/2023 20:05:52] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - W:\FSS.exe [03/03/2023 08:37:27] - |A| - (.Nicolas Coolman - ZHPDiag.) - [3314888] - (2023.2.27.11) - W:\ZHPDiag3.exe [22/01/2019 06:35:34] - |N| - (.(C) 2015 Smart PC Utilities, Ltd. - PC Startup Master Setup.) - [7784934] - (3.0.238.0) - W:\startupmaster.exe [06/04/2021 14:44:38] - |A| - (.-.) - [522240] - (3.1.21.0) - W:\OTM.exe [26/02/2019 12:19:36] - |A| - (.© BleepingComputer.com. - Terminates malware processes so that you can run your normal security programs..) - [1802704] - (2.9.1.0) - W:\iExplore.exe [20/04/2020 21:07:19] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2281472] - (15.4.2020.0) - W:\FRST64.exe [06/05/2023 20:05:52] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - W:\yusetup.exe [06/05/2023 20:05:55] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - W:\rfasetup.exe [26/02/2019 13:25:48] - |A| - (.UEFM LFS Hyper EFM -.) - [96286087] - (1.0.0.0) - W:\LiveTuner_webcompanion_thememypc_leesoft_windowsxlive_setup_sib.exe [03/03/2019 13:43:57] - |A| - (.-.) - [15533336] - (0.0.0.0) - W:\ApplicationManager_v1126_rv199819(1.2)_STD_APM181015-01.exe [20/04/2020 21:08:18] - |A| - (.Nicolas Coolman - ZHPSuite.) - [3431296] - (2020.4.15.26) - W:\ZHPSuite.exe [20/04/2020 21:08:17] - |A| - (.Nicolas Coolman - ZHPCleaner.) - [3297152] - (2020.4.15.192) - W:\ZHPCleaner.exe [20/04/2020 21:08:18] - |A| - (.Nicolas Coolman - ZHPCleaner.) - [3297152] - (2020.4.15.192) - W:\ZHPCleaner(1).exe [03/03/2023 08:37:27] - |A| - (.-.) - [0] - (0.0.0.0) - W:\pre-scan_V9_18.10.19.1.exe [03/03/2023 08:37:28] - |A| - (.Copyright (C) 2013-2019 SosVirus Software - Analyzes Processes one by one.) - [967576] - (25.11.19.1) - W:\Process_Analyzer.exe [06/05/2023 20:05:53] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - W:\AdsFix (1).exe [06/05/2023 20:05:54] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - W:\AdsFix.exe [06/05/2023 20:05:51] - |A| - (.-.) - [65081420] - (0.0.0.0) - W:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [06/04/2021 14:44:43] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - QuickDiag.) - [4541680] - (7.76.21.1) - W:\QuickDiag.exe [06/04/2021 14:44:44] - |A| - (.Copyright (C) 2013-2019 SosVirus Software - QuickDiag.) - [5321112] - (29.10.19.1) - W:\quickdiag_V5_29.10.19.1.exe [06/04/2021 17:16:39] - |A| - (.© 2020 SysTools Software Private Limited - SysTools PDF Bates Numberer Setup .) - [30996392] - (5.0.0.0) - W:\pdf-bates.exe [06/04/2021 17:16:46] - |A| - (.2005-2019 COMODO. - COMODO Secure Shopping.) - [19756184] - (1.4.50284.159) - W:\css_installer.exe [06/04/2021 17:16:50] - |A| - (.2005-2020 COMODO. - COMODO Internet Security.) - [5712000] - (12.2.2.7098) - W:\cav_installer_138430010_1a.exe [06/04/2021 17:20:12] - |A| - (.-.) - [9658664] - (0.0.0.0) - W:\DriverPack-17-Online.exe [06/04/2021 17:22:18] - |A| - (.Copyright © 2020 iMyFone Technology Co., Ltd. All Rights Reserved - Fixppo for Android.) - [2911160] - (2.2.0.1) - W:\imyfone-fixppo-for-android_setup.exe [06/04/2021 17:22:19] - |A| - (.Copyright©2017 Wondershare. - drfone_setup_full3371.exe.) - [1056496] - (2.1.3.2) - W:\drfone_repair_setup_full3371.exe [06/04/2021 17:22:31] - |A| - (.Copyright (C) 2021 Tenorshare Co., Ltd. - ReiBoot for Android.) - [1504480] - (2.4.0.15) - W:\reiboot-for-android.exe [06/04/2021 17:22:50] - |A| - (.Goversoft LLC 2010 - PrivaZer setup.) - [28582504] - (4.0.21.0) - W:\PrivaZer_free.exe [06/04/2021 17:22:55] - |A| - (.© Gerald Combs and many others - Wireshark installer for 64-bit Windows.) - [61473376] - (3.4.4.0) - W:\Wireshark-win64-3.4.4.exe [03/03/2019 14:41:19] - |H| - (.-.) - [16] - (0.0.0.0) - W:\AUTORUN.INF [06/04/2021 14:44:41] - |ASH| - (.-.) - [814] - (0.0.0.0) - W:\desktop.ini X: [06/05/2023 20:06:08] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - X:\FSS.exe [06/05/2023 20:06:08] - |A| - (.Copyright © 1998-2012 URSoft, Inc. - Your Uninstaller! 7 Setup .) - [6822592] - (7.5.2014.3) - X:\yusetup.exe [06/05/2023 20:06:08] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - X:\AdsFix (1).exe [06/05/2023 20:06:09] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - X:\AdsFix.exe [06/05/2023 20:06:07] - |A| - (.-.) - [65081420] - (0.0.0.0) - X:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe [06/05/2023 20:06:40] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - X:\rfasetup.exe Y: [12/02/2020 16:50:32] - |A| - (.2020 Rare Ideas, LLC - Start PortableApps.com.) - [1449024] - (16.1.0.0) - Y:\Start.exe ---------- | C: [07/12/2019 11:14:52] - |SHD| - [387] - C:\$Recycle.Bin [22/04/2023 06:04:45] - |D| - [0] - C:\$WinREAgent [04/05/2023 13:17:55] - |D| - [886832] - C:\AdsFix [MD5.9F193CA04004B904C7B3A0A5A0479557] - [06/05/2023 20:10:27] - |A| - (.-.) - [12849] - (0.0.0.0) - C:\AdsFix.txt [22/04/2023 01:37:56] - |D| - [0] - C:\AMD [MD5.0F343B0931126A20F133D67C2B018A3B] - [06/05/2023 15:18:02] - |H| - (.-.) - [1024] - (0.0.0.0) - C:\AMTAG.BIN [21/04/2023 23:12:29] - |SD| - [0] - C:\Documents and Settings [MD5.5414A98A00D831C98A7B90479C47BE0E] - [21/04/2023 23:02:34] - |AS| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log [MD5.BCD8A3C362B76607B966FB1BFDE1D062] - [21/04/2023 23:02:34] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/04/2023 23:11:34] - |ASH| - (.-.) - [1535000576] - (0.0.0.0) - C:\hiberfil.sys [07/12/2019 11:14:52] - |D| - [0] - C:\PerfLogs [04/05/2023 13:07:11] - |D| - [166806703] - C:\Pre_Scan [MD5.AA74EE47181B9BC12D14DE45B470007E] - [04/05/2023 14:22:40] - |RA| - (.-.) - [22931] - (0.0.0.0) - C:\Pre_Scan_04_05_2023_14_22_39.txt [07/12/2019 11:14:52] - |RD| - [4686280690] - C:\Program Files [07/12/2019 11:14:52] - |RD| - [18861980229] - C:\Program Files (x86) [07/12/2019 11:14:52] - |HD| - [2377906350] - C:\ProgramData [06/05/2023 21:24:26] - |D| - [68685] - C:\QuickDiag [MD5.B1A42C6AF198BC76E45E18A7FBB0C221] - [06/05/2023 21:24:52] - |A| - (.-.) - [355954] - (0.0.0.0) - C:\QuickDiag.txt [21/04/2023 23:09:48] - |SHD| - [491786516] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/04/2023 23:02:34] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [21/04/2023 23:02:30] - |SHD| - [0] - C:\System Volume Information [07/12/2019 11:03:44] - |RD| - [19130193735] - C:\Users [07/12/2019 11:03:44] - |D| - [18624558972] - C:\Windows ---------- | C:\Windows [07/12/2019 11:50:41] - |D| - [802] - C:\Windows\addins [MD5.1E8049222F5C1F15E9EC15BCB91E9646] - [04/05/2023 10:32:00] - |A| - (.-.) - [2482680] - (0.0.0.0) - C:\Windows\ampa.exe [07/12/2019 11:14:52] - |D| - [15942965] - C:\Windows\appcompat [07/12/2019 11:14:52] - |D| - [9887644] - C:\Windows\apppatch [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\AppReadiness [07/12/2019 11:14:52] - |RD| - [519227976] - C:\Windows\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/04/2023 01:37:49] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin [07/12/2019 11:14:52] - |D| - [785153] - C:\Windows\bcastdvr [MD5.820B97429E4153A743708B376807EE69] - [08/09/2022 05:06:08] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [81408] - (10.0.19041.1237) - C:\Windows\bfsvc.exe [07/12/2019 11:14:52] - |D| - [40973080] - C:\Windows\Boot [MD5.0C175DC7571F5CE3E097DDD82A39CEB5] - [21/04/2023 23:04:00] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [07/12/2019 11:14:52] - |D| - [2450472] - C:\Windows\Branding [07/12/2019 11:03:44] - |D| - [0] - C:\Windows\CbsTemp [07/12/2019 11:14:52] - |D| - [38959674] - C:\Windows\Containers [MD5.C6C52AF48A75DCC59644DC894D2F524E] - [07/12/2019 11:53:03] - |A| - (.-.) - [29857] - (0.0.0.0) - C:\Windows\Core.xml [07/12/2019 11:14:52] - |D| - [11501377] - C:\Windows\Cursors [MD5.EA79AE52949222C24614195A39F86A06] - [04/05/2023 10:32:44] - |A| - (.-.) - [1332728] - (0.0.0.0) - C:\Windows\ddmmain.exe [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\debug [07/12/2019 11:14:52] - |D| - [4249955] - C:\Windows\diagnostics [07/12/2019 11:14:52] - |D| - [1702804] - C:\Windows\DiagTrack [07/12/2019 11:49:23] - |D| - [0] - C:\Windows\DigitalLocker [07/12/2019 11:14:52] - |SD| - [65] - C:\Windows\Downloaded Program Files [07/12/2019 11:14:52] - |D| - [75360] - C:\Windows\ELAMBKUP [07/12/2019 11:49:23] - |D| - [99328] - C:\Windows\en-US [MD5.218CC21CE4564521ED0C85A525EEF54E] - [22/04/2023 06:49:34] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [5249688] - (10.0.19041.2846) - C:\Windows\explorer.exe [07/12/2019 11:14:52] - |RSD| - [361072396] - C:\Windows\Fonts [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\GameBarPresenceWriter [07/12/2019 11:14:52] - |D| - [67411301] - C:\Windows\Globalization [07/12/2019 11:14:52] - |D| - [1305124] - C:\Windows\Help [MD5.57D8806C58D69B6A1B6A0298520E67C3] - [22/04/2023 06:54:57] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1075712] - (10.0.19041.2075) - C:\Windows\HelpPane.exe [MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.19041.1) - C:\Windows\hh.exe [07/12/2019 11:14:52] - |D| - [30327] - C:\Windows\IdentityCRL [07/12/2019 11:14:52] - |D| - [28821958] - C:\Windows\IME [07/12/2019 11:14:52] - |RD| - [8281682] - C:\Windows\ImmersiveControlPanel [07/12/2019 11:13:02] - |D| - [49556646] - C:\Windows\INF [07/12/2019 11:14:52] - |D| - [38193580] - C:\Windows\InputMethod [07/12/2019 11:14:52] - |SHD| - [777748118] - C:\Windows\Installer [07/12/2019 11:14:52] - |D| - [109650] - C:\Windows\L2Schemas [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\LanguageOverlayCache [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\LiveKernelReports [07/12/2019 11:14:52] - |D| - [3437070] - C:\Windows\Logs [07/12/2019 11:14:52] - |RSD| - [20063519] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 11:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [07/12/2019 11:14:52] - |RD| - [567489726] - C:\Windows\Microsoft.NET [07/12/2019 11:14:52] - |D| - [3323] - C:\Windows\Migration [04/05/2023 09:19:53] - |D| - [0] - C:\Windows\Minidump [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\ModemLogs [MD5.27F71B12CB585541885A31BE22F61C83] - [08/09/2022 05:08:33] - |A| - (.© Microsoft Corporation. - Notepad.) - [201216] - (10.0.19041.1865) - C:\Windows\notepad.exe [MD5.AE158227F084D636104417DBF1D286EC] - [06/05/2023 15:21:57] - |A| - (.-.) - [70318] - (0.0.0.0) - C:\Windows\ntbtlog.txt [07/12/2019 11:51:34] - |D| - [219754] - C:\Windows\OCR [07/12/2019 11:14:52] - |RD| - [65] - C:\Windows\Offline Web Pages [MD5.E9C0B1B55DEB76111A2BDC4483FFD719] - [06/05/2023 15:18:34] - |A| - (.-.) - [572] - (0.0.0.0) - C:\Windows\PAGa4.dat [22/04/2023 09:01:01] - |D| - [21452] - C:\Windows\Panther [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\Performance [07/12/2019 11:14:52] - |D| - [1121835] - C:\Windows\PLA [07/12/2019 11:14:52] - |D| - [2774321] - C:\Windows\PolicyDefinitions [21/04/2023 23:02:28] - |D| - [12065921] - C:\Windows\Prefetch [07/12/2019 11:14:52] - |RD| - [1903609] - C:\Windows\PrintDialog [07/12/2019 11:14:52] - |D| - [6168803] - C:\Windows\Provisioning [MD5.999A30979F6195BF562068639FFC4426] - [08/09/2022 05:07:50] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [370176] - (10.0.19041.746) - C:\Windows\regedit.exe [07/12/2019 11:14:52] - |D| - [22588] - C:\Windows\Registration [07/12/2019 11:14:52] - |D| - [2958736] - C:\Windows\rescache [07/12/2019 11:14:52] - |D| - [3471899] - C:\Windows\Resources [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\SchCache [07/12/2019 11:14:52] - |D| - [126782] - C:\Windows\schemas [07/12/2019 11:14:52] - |D| - [5316608] - C:\Windows\security [21/04/2023 23:02:52] - |D| - [89122056] - C:\Windows\ServiceProfiles [07/12/2019 11:14:52] - |D| - [4096] - C:\Windows\ServiceState [07/12/2019 11:03:44] - |D| - [962467883] - C:\Windows\servicing [07/12/2019 11:18:25] - |D| - [42] - C:\Windows\Setup [07/12/2019 11:14:52] - |D| - [5526528] - C:\Windows\ShellComponents [07/12/2019 11:14:52] - |D| - [19039744] - C:\Windows\ShellExperiences [07/12/2019 11:14:52] - |D| - [3757408] - C:\Windows\SKB [22/04/2023 01:13:47] - |D| - [21449395] - C:\Windows\SoftwareDistribution [07/12/2019 11:14:52] - |D| - [107844594] - C:\Windows\Speech [07/12/2019 11:14:52] - |D| - [68488400] - C:\Windows\Speech_OneCore [MD5.A368F0C80110BABF2D78728D3E2FF4AF] - [22/04/2023 06:49:21] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [163840] - (10.0.19041.2788) - C:\Windows\splwow64.exe [07/12/2019 11:14:52] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [07/12/2019 11:14:54] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [07/12/2019 11:03:44] - |D| - [3941052259] - C:\Windows\System32 [07/12/2019 11:14:52] - |D| - [159022921] - C:\Windows\SystemApps [07/12/2019 11:14:52] - |D| - [167398849] - C:\Windows\SystemResources [08/09/2022 05:13:02] - |D| - [0] - C:\Windows\SystemTemp [07/12/2019 11:14:52] - |D| - [1199735954] - C:\Windows\SysWOW64 [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\TAPI [07/12/2019 11:14:52] - |D| - [6] - C:\Windows\Tasks [07/12/2019 11:14:52] - |D| - [33791738] - C:\Windows\Temp [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\tracing [07/12/2019 11:14:52] - |D| - [7680] - C:\Windows\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 11:10:00] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\Windows\twain_32.dll [07/12/2019 11:14:52] - |D| - [12420] - C:\Windows\Vss [07/12/2019 11:14:52] - |D| - [33198] - C:\Windows\WaaS [07/12/2019 11:14:52] - |D| - [16568315] - C:\Windows\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [07/12/2019 11:14:54] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 11:09:09] - |RA| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [06/05/2023 21:20:09] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 11:10:00] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [11776] - (10.0.19041.1) - C:\Windows\winhlp32.exe [07/12/2019 11:03:44] - |D| - [9212065888] - C:\Windows\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 11:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 11:52:00] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [28/08/2015 20:06:24] - C:\Windows\Installer\f0b42.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/11/2014 10:49:56] - C:\Windows\Installer\f0b52.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:16] - C:\Windows\Installer\f0b62.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:22] - C:\Windows\Installer\f0b72.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:30] - C:\Windows\Installer\f0b82.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:36] - C:\Windows\Installer\f0b92.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:44] - C:\Windows\Installer\f0ba2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:52] - C:\Windows\Installer\f0bb2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:00] - C:\Windows\Installer\f0bc2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:06] - C:\Windows\Installer\f0bd2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:16] - C:\Windows\Installer\f0be2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:22] - C:\Windows\Installer\f0bf2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:30] - C:\Windows\Installer\f0c02.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:38] - C:\Windows\Installer\f0c12.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:46] - C:\Windows\Installer\f0c22.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:04:54] - C:\Windows\Installer\f0c32.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:02] - C:\Windows\Installer\f0c42.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:10] - C:\Windows\Installer\f0c52.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:18] - C:\Windows\Installer\f0c62.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:26] - C:\Windows\Installer\f0c72.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:34] - C:\Windows\Installer\f0c82.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:42] - C:\Windows\Installer\f0c92.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:50] - C:\Windows\Installer\f0ca2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:05:58] - C:\Windows\Installer\f0cb2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:06] - C:\Windows\Installer\f0cc2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:06:40] - C:\Windows\Installer\f0cd2.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:07:30] - C:\Windows\Installer\f0ce2.msi : (AMD Fuel - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/08/2015 20:03:12] - C:\Windows\Installer\f0cf2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/04/2023 01:39:58] - [88102] - C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:41] - [88102] - C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:33] - [88102] - C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:17] - [10134] - C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:21] - [88102] - C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:30] - [88102] - C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:34] - [88102] - C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:48] - [88102] - C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:36] - [88102] - C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:31] - [88102] - C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:55] - [88102] - C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:14] - [88102] - C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:26] - [88102] - C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:57] - [88102] - C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:38] - [88102] - C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:54] - [88102] - C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:50] - [88102] - C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:44] - [88102] - C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:52] - [88102] - C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe () - () [22/04/2023 01:40:13] - [88102] - C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:47] - [88102] - C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:40] - [88102] - C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:23] - [88102] - C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:43] - [88102] - C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe () - () [06/05/2023 19:32:52] - [62462617] - C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\PCSuite.exe () - () [06/05/2023 19:32:53] - [21788741] - C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\PCSuitex64.exe (Copyright (C) 2006 Macrovision Corporation ) - (Setup Launcher ) [06/05/2023 19:32:52] - [585728] - C:\Windows\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe (Copyright © 2007 Sony Ericsson Mobile Communications AB.) - () [22/04/2023 01:40:02] - [4846] - C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:46] - [88102] - C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:28] - [88102] - C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe () - () [22/04/2023 01:39:25] - [88102] - C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe () - () ---------- | %System%\*.in* [07/12/2019 11:09:39] - [3329] - C:\Windows\System32\ieuinit.inf [22/04/2023 01:21:21] - [799886] - C:\Windows\System32\PerfStringBackup.INI [07/12/2019 11:09:05] - [60124] - C:\Windows\System32\tcpmon.ini [07/12/2019 11:08:46] - [2404] - C:\Windows\System32\WimBootCompress.ini [07/12/2019 11:10:00] - [3329] - C:\Windows\Syswow64\ieuinit.inf [04/05/2023 11:01:58] - [813634] - C:\Windows\Syswow64\PerfStringBackup.INI [07/12/2019 11:09:22] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.E360A6D3029B5B1DEE1C02990C72ED7C] - |A| - [06/05/2023 21:07:17] - (.-.) - [10.12 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_amd64_20230506210717.log [MD5.B11623F659207A936A48032C6A62312B] - |A| - [06/05/2023 21:07:23] - (.-.) - [346.96 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_amd64_20230506210717_0_vcRuntimeMinimum_x64.log [MD5.2F34EF738CD73D38D2FA95AA4EC2155E] - |A| - [06/05/2023 21:07:31] - (.-.) - [439.48 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_amd64_20230506210717_1_vcRuntimeAdditional_x64.log [MD5.9E1A83EF583D85DAB53FFF81861F0D14] - |A| - [06/05/2023 21:07:40] - (.-.) - [4.31 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_amd64_20230506210740.log [MD5.C597B732382D5857E790E3E71159C14F] - |A| - [06/05/2023 21:08:15] - (.-.) - [10.03 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_x86_20230506210815.log [MD5.6F9B7ABDC4811E4404215204C4260C31] - |A| - [06/05/2023 21:08:19] - (.-.) - [351.43 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_x86_20230506210815_0_vcRuntimeMinimum_x86.log [MD5.C19FBB9449AB5E4128E575A34F58BDAC] - |A| - [06/05/2023 21:08:23] - (.-.) - [459.3 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_x86_20230506210815_1_vcRuntimeAdditional_x86.log [MD5.FBADC9AB98C777F37B8D6361660758D8] - |A| - [06/05/2023 21:08:32] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_vcredist_x86_20230506210832.log [MD5.00000000000000000000000000000000] - |D| - [06/05/2023 20:46:42] - [30406.98 Ko] - C:\Windows\Temp\sentry_temp [MD5.00000000000000000000000000000000] - |D| - [04/05/2023 11:05:32] - [35.43 Ko] - C:\Windows\Temp\vmware-SYSTEM [MD5.006BF8B0789503768090CCA18873D44E] - |A| - [06/05/2023 21:56:09] - (.-.) - [4.77 Ko] - (0.0.0.0) - C:\Windows\Temp\wsc_agent_9E1C8D64_E25A_431A_9C7D_FA4605A88234.log [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:23] - [0 Ko] - C:\Windows\System32\0409 [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\64 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 11:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\Windows\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 11:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 11:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 11:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 11:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\Windows\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 11:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 11:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@WLOGO_48x48.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 11:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\Windows\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2786.8 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.A49C26AA0CADD994DE158F51CB7EEFBC] - |A| - [08/09/2022 05:06:07] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\Windows\System32\am-et [MD5.4B10D8998C824DD84AD597F9E058F6F0] - |A| - [30/07/2015 21:58:04] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\Windows\System32\amde31a.dat [MD5.C7628FE6341B7919D2F62DB9057DB4FC] - |A| - [21/10/2015 02:14:42] - (.-.) - [208.48 Ko] - (0.0.0.0) - C:\Windows\System32\amdgfxinfo64.dll [MD5.AF1928F5E15921A29877C2E18626F80E] - |A| - [21/10/2015 02:14:42] - (.-.) - [139.98 Ko] - (0.0.0.0) - C:\Windows\System32\amdhdl64.dll [MD5.DDEB20626133878B0CE79CCE29B031B9] - |A| - [23/07/2015 11:52:32] - (.-.) - [814.26 Ko] - (0.0.0.0) - C:\Windows\System32\amdicdxx.dat [MD5.82CAB4EAF1E1CBA85AE5DEBB4C068EE2] - |A| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [616.48 Ko] - (1.0.3.8) - C:\Windows\System32\amdlvr64.dll [MD5.C366C5A2EE8F1F586691E4511AB56040] - |A| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6529.48 Ko] - (9.1.10.83) - C:\Windows\System32\amdmantle64.dll [MD5.3960C946E67311C9831550AEDC649C3A] - |A| - [21/10/2015 02:14:54] - (.-.) - [460.27 Ko] - (0.0.0.0) - C:\Windows\System32\amdmiracast.dll [MD5.4CA9A0DF33972919623BBFF8FBD1A501] - |A| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [57.98 Ko] - (1.6.0.0) - C:\Windows\System32\amdmmcl6.dll [MD5.7BA9A6BBF176D945D7B201865897E158] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26898.98 Ko] - (0.8.0.0) - C:\Windows\System32\amdocl12cl64.dll [MD5.AFF92249DA8E62FF8C6D2B89977D3245] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46673.98 Ko] - (10.0.1800.11) - C:\Windows\System32\amdocl64.dll [MD5.8305AA2FEBE5CAD45AB8D208C17DA930] - |A| - [21/10/2015 02:14:44] - (.-.) - [1168 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_as64.exe [MD5.187EB6A72565FAAF01AAE0CDD63DE56F] - |A| - [21/10/2015 02:14:44] - (.-.) - [1045.5 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_ld64.exe [MD5.2B79CD2445F85D54959702583ECBCC04] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll [MD5.D0C50C113FE59C21AD59932E6B9C202F] - |A| - [04/05/2023 10:32:01] - (.-.) - [37.42 Ko] - (0.0.0.0) - C:\Windows\System32\ampa.sys [MD5.EFEACAC739C8D9A283F50D61ED03C87E] - |A| - [08/09/2022 05:07:12] - (.-.) - [56 Ko] - (0.0.0.0) - C:\Windows\System32\APMonUI.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2894.22 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279.5 Ko] - C:\Windows\System32\ar-SA [MD5.7605725C6464C7272BF3115901DF5776] - |A| - [08/09/2022 05:07:42] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [665.5 Ko] - (3.5.1.0) - C:\Windows\System32\archiveint.dll [MD5.28DF09388444100467873AC906FD6CB2] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [1226.98 Ko] - (7.15.20.1301) - C:\Windows\System32\atiadlxx.dll [MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb [MD5.CC2470CA903EA355A24F05520D79BDB8] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [366.98 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe [MD5.279066332FA267076E3BEE81C4297F87] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [62.98 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalcl64.dll [MD5.3A0F17C7C8E37DCEAE1DA76B7D761702] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15356.98 Ko] - (6.14.10.1848) - C:\Windows\System32\aticaldd64.dll [MD5.D22A08EE217DE15B6A41AE518B4F4FBE] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [69.48 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalrt64.dll [MD5.BE92AD0155D4A23D0073AF51BE808B29] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1445.13 Ko] - (8.17.10.1404) - C:\Windows\System32\aticfx64.dll [MD5.B565601728AF96EEFCF7E9CDE3CDD2BE] - |A| - [21/10/2015 02:14:46] - (.2002-2012 - Graphics DEM.) - [440.48 Ko] - (4.5.5711.37472) - C:\Windows\System32\atidemgy.dll [MD5.8700278344BED8D4A3A5AC2875359584] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [11804.69 Ko] - (8.17.10.625) - C:\Windows\System32\atidxx64.dll [MD5.69F82C40A189962A65F6D5A02DF8599F] - |A| - [21/10/2015 02:14:46] - (.-.) - [164.98 Ko] - (0.0.0.0) - C:\Windows\System32\atieah64.exe [MD5.B96BD9F5B2B0CD6549EE59FD242A6D56] - |A| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [667.48 Ko] - (6.14.11.1199) - C:\Windows\System32\atieclxx.exe [MD5.521248FA26458669BAAE6AB7DB21F3AC] - |A| - [21/10/2015 02:14:46] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [249.48 Ko] - (6.14.11.1199) - C:\Windows\System32\atiesrxx.exe [MD5.E4F96DFF0501430BF7C6E90841A7282D] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [81.98 Ko] - (8.14.1.6463) - C:\Windows\System32\atig6pxx.dll [MD5.86F2AE002AF9222F34937823B98753C2] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [161.48 Ko] - (8.14.1.6463) - C:\Windows\System32\atig6txx.dll [MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\Windows\System32\atiglpxx.dll [MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat [MD5.FE4E7138E51DA7EF01E51F28128A7F53] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [85.94 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll [MD5.C84C24F13663EF5A59C1E598A350C8C3] - |A| - [21/10/2015 02:14:46] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [37.48 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll [MD5.7D9CCB5DD8837D6AC954956A5812112C] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30054.98 Ko] - (6.14.10.13399) - C:\Windows\System32\atio6axx.dll [MD5.0E89795F721B2BC02D0A12C470750DF6] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODCLI Application.) - [58.48 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe [MD5.C7A506822BE45CD42415710979CDAE7F] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 - ATIODE Application.) - [333.48 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe [MD5.3FE40633FC3BC5AE41EACDA0E1BA72FE] - |A| - [21/10/2015 02:14:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [194.98 Ko] - (6.14.11.25) - C:\Windows\System32\atitmm64.dll [MD5.067CED045532C58B46E6527BCE3CB47F] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [127.02 Ko] - (8.14.1.6463) - C:\Windows\System32\atiu9p64.dll [MD5.AC6970C74B7457B291BB2C0035AA7DAE] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [8657.15 Ko] - (9.14.10.1128) - C:\Windows\System32\atiumd64.dll [MD5.486D6985E7B7826DBBEAE12755851027] - |A| - [22/08/2015 01:55:34] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap [MD5.0A9CA09952D768F768D2903F984102DC] - |A| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8771.91 Ko] - (8.14.10.513) - C:\Windows\System32\atiumd6a.dll [MD5.AE81C76C930DD6875E5D9C6BEA2F0966] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [158.43 Ko] - (8.14.1.6463) - C:\Windows\System32\atiuxp64.dll [MD5.EFA5E3D55F1CC185BC690B7D79D015A9] - |A| - [24/07/2015 21:44:06] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat [MD5.B974290EEE645249EE212FF62DD0824A] - |A| - [30/07/2015 22:00:06] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\Windows\System32\ativce03.dat [MD5.5EBC73A78E5903E7CE6F6B25E4A6BE8F] - |A| - [29/05/2015 01:00:42] - (.-.) - [228.93 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat [MD5.C55D2CBC17AAE1FBAC9135E7C31A4D31] - |A| - [29/05/2015 00:58:32] - (.-.) - [227.3 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat [MD5.0770A5AB5218E6D3134A7A7239B9A216] - |A| - [29/05/2015 01:21:32] - (.-.) - [249.81 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat [MD5.A81F68A0D3387A06182EFA3880D3F0BD] - |A| - [29/05/2015 01:17:24] - (.-.) - [245 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat [MD5.7EE8F6853798F7A900DB15F3054A0277] - |A| - [29/05/2015 01:15:12] - (.-.) - [243.25 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat [MD5.11355CAC5334C8999211C09CAAE194EF] - |A| - [29/05/2015 01:10:58] - (.-.) - [315.3 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat [MD5.3544D6AF6E0C9783C2CF6FA9CE42D520] - |A| - [29/05/2015 01:08:18] - (.-.) - [313.67 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi_nd.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 11:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [259.5 Ko] - C:\Windows\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5954.98 Ko] - C:\Windows\System32\Boot [MD5.3149A16CF39B9A49BD9A1EF98A1C527B] - |A| - [08/09/2022 05:06:53] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [186.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [52747.74 Ko] - C:\Windows\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36064.37 Ko] - C:\Windows\System32\catroot2 [MD5.F2D598B11C294EE360FDA0D3E81DA7EC] - |A| - [21/10/2015 02:14:48] - (.-.) - [237.98 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [112.91 Ko] - C:\Windows\System32\CodeIntegrity [MD5.A0E91D21C945781D03EA0BA1C95F821E] - |A| - [21/10/2015 02:14:48] - (.AMD. - CoInstaller DLL.) - [853.98 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_15.20.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [377.5 Ko] - C:\Windows\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [261820.06 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [49.3 Ko] - C:\Windows\System32\Configuration [MD5.D1A8D194DE8E57D12862ECACEF9F37CE] - |A| - [08/09/2022 05:06:45] - (.-.) - [226.84 Ko] - (0.0.0.0) - C:\Windows\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.34 Ko] - C:\Windows\System32\ContainerSettingsProviders [MD5.A41C1754A956E37B5E7D06D5167548E7] - |A| - [08/09/2022 05:06:07] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\Windows\System32\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [318.5 Ko] - C:\Windows\System32\cs-CZ [MD5.05DEDF1936A065612E52C37E40143646] - |A| - [22/04/2023 06:54:54] - (.© Daniel Stenberg, . - The curl executable.) - [553 Ko] - (8.0.1.0) - C:\Windows\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [322 Ko] - C:\Windows\System32\da-DK [MD5.DDEF68EAAE6E3A830E5F181F63C439E9] - |A| - [22/04/2023 06:49:38] - (.-.) - [158.5 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [295.86 Ko] - C:\Windows\System32\DDFs [MD5.DF6465F349C9CBDF3FCEB3F198E8FCB6] - |A| - [04/05/2023 10:32:44] - (.-.) - [34.92 Ko] - (0.0.0.0) - C:\Windows\System32\ddmdrv.sys [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [359 Ko] - C:\Windows\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [08/09/2022 05:06:07] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 11:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 11:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\Windows\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 11:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 11:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\Windows\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 11:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 11:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml [MD5.2322AC4F74D5033E8AF0EBD85DFC677B] - |A| - [05/05/2023 16:32:56] - (.Copyright (C) 2005-2009, mst software GmbH. - mst Defrag SDK Boot.) - [33.5 Ko] - (3.6.0.6165) - C:\Windows\System32\DfSdkBt.exe [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [886 Ko] - C:\Windows\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 11:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9919.7 Ko] - C:\Windows\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png [MD5.F1E7EA12F03FE2A19E64C2A5E38B1C89] - |A| - [22/04/2023 06:54:46] - (.-.) - [11.98 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuthTxt.wim [MD5.00000000000000000000000000000000] - |DC| - [04/05/2023 11:02:34] - [655.38 Ko] - C:\Windows\System32\DRVSTORE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [152 Ko] - C:\Windows\System32\dsc [MD5.9F3FA96F301CBE828AA9E98F13506F4A] - |A| - [08/09/2022 05:06:55] - (.-.) - [2201.5 Ko] - (0.0.0.0) - C:\Windows\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 11:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 11:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 11:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [362 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:23] - [3369 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [244.5 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [42594.19 Ko] - C:\Windows\System32\en-US [MD5.1D0A840D731A2C1F2E1FB5B8596B4C34] - |A| - [08/09/2022 05:06:51] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\Windows\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [343 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271 Ko] - C:\Windows\System32\es-MX [MD5.EB3A99D13728A247AFC1F00945957920] - |A| - [08/09/2022 05:07:44] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\Windows\System32\EsclProtocol.dll [MD5.275449781C0D992E92F7B1D6F1E458D2] - |A| - [08/09/2022 05:07:42] - (.-.) - [264.5 Ko] - (0.0.0.0) - C:\Windows\System32\EsclScan.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [238.5 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [16699.64 Ko] - C:\Windows\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 11:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [08/09/2022 05:06:18] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7.11 Ko] - C:\Windows\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [326.5 Ko] - C:\Windows\System32\fi-FI [MD5.D840B37F374E70104CFC3A30960943B4] - |A| - [21/04/2023 23:02:35] - (.-.) - [251.86 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279.5 Ko] - C:\Windows\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [355 Ko] - C:\Windows\System32\fr-FR [MD5.3371BBFD18246C2588FE22EB2365E863] - |A| - [22/04/2023 06:55:29] - (.-.) - [672 Ko] - (0.0.0.0) - C:\Windows\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:50:41] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 11:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [256.5 Ko] - C:\Windows\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png [MD5.6D2BA2902199292D57806E3C53C587BF] - |A| - [08/09/2022 05:06:40] - (.-.) - [299.5 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\Help [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [251 Ko] - C:\Windows\System32\hr-HR [MD5.77071BF934BEF16D5F02E31624258A91] - |A| - [21/10/2015 02:14:48] - (.-.) - [108.98 Ko] - (0.0.0.0) - C:\Windows\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [325 Ko] - C:\Windows\System32\hu-HU [MD5.871CA2345825E86D1D2D2A2E9E475D4F] - |A| - [08/09/2022 05:07:54] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:52:44] - [149.55 Ko] - C:\Windows\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\Icons [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.947D07FA32ABB13DB520016769EB901B] - |A| - [08/09/2022 05:06:43] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\Windows\System32\icu.dll [MD5.A7B574704574F326B92DCEA872F1E9E1] - |A| - [08/09/2022 05:06:43] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\Windows\System32\icuin.dll [MD5.4A85A9DEA3D47D95CEF5525586756EA6] - |A| - [08/09/2022 05:06:43] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\Windows\System32\icuuc.dll [MD5.388BE35F952EC7F057CDD79E8EDF9A18] - |A| - [08/09/2022 05:06:06] - (.-.) - [193 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26853.51 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6943 Ko] - C:\Windows\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [346 Ko] - C:\Windows\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [261.84 Ko] - C:\Windows\System32\ja-jp [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\Windows\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [234.5 Ko] - C:\Windows\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\lang [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 11:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 11:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin [MD5.14BE6A1C21780D85AD3F1D09283C56DA] - |A| - [08/09/2022 05:08:34] - (.-.) - [1647.5 Ko] - (3.0.2.0) - C:\Windows\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [454.91 Ko] - C:\Windows\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [22/04/2023 05:53:44] - [256 Ko] - C:\Windows\System32\Logs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [247 Ko] - C:\Windows\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [248 Ko] - C:\Windows\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:51:42] - [32.68 Ko] - C:\Windows\System32\MailContactsCalendarSync [MD5.D3F4E00C322EDA78873848BE75ACC8A4] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [132.98 Ko] - (9.1.10.83) - C:\Windows\System32\mantle64.dll [MD5.EA33454E28EE1F3CA432DA87203DA24F] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [100.98 Ko] - (9.1.10.83) - C:\Windows\System32\mantleaxl64.dll [MD5.4BFD587C99FE34EEA0E74622C798B3BE] - |A| - [08/09/2022 05:07:17] - (.-.) - [1137 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 11:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |SD| - [21/04/2023 23:02:48] - [1.91 Ko] - C:\Windows\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5651.99 Ko] - C:\Windows\System32\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45394.08 Ko] - C:\Windows\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [22/04/2023 05:41:59] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4148.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.64 Ko] - C:\Windows\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 11:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\Windows\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [315 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 11:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.EC111331A526768ED31FAA49CC7D03A2] - |A| - [22/04/2023 06:55:30] - (.-.) - [71.5 Ko] - (0.0.0.0) - C:\Windows\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [339.5 Ko] - C:\Windows\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\Windows\System32\Nui [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [07/12/2019 11:52:44] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15118.9 Ko] - C:\Windows\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:50:33] - [3625 Ko] - C:\Windows\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [3.81 Ko] - C:\Windows\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 11:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1723.52 Ko] - C:\Windows\System32\PerceptionSimulation [MD5.2E998A3EC30B47AC99DEE312C2D3D935] - |A| - [07/12/2019 11:17:25] - (.-.) - [123.66 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 11:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.4E6654E4DEAFF7C73FB4B6B511E83EFE] - |A| - [07/12/2019 11:17:25] - (.-.) - [662.01 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.139D16264B06C96C5F52471512CFB793] - |A| - [22/04/2023 01:21:21] - (.-.) - [781.14 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 11:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [339.5 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [455.5 Ko] - C:\Windows\System32\PointOfService [MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 11:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\Windows\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:23] - [548.39 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.AF80656F82093397635886D014FD2C1C] - |A| - [08/09/2022 05:07:12] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\Windows\System32\printticketvalidation.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 11:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [332.5 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [335.5 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\RasToast [MD5.7852D37790807E55BD71A65183E0F1ED] - |A| - [08/09/2022 05:07:50] - (.-.) - [2315.5 Ko] - (1.0.2104.14003) - C:\Windows\System32\rdpnano.dll [MD5.42577ED1BA5199ADD53E1186EC4E28A4] - |A| - [08/09/2022 05:06:07] - (.-.) - [72.5 Ko] - (0.0.0.0) - C:\Windows\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.08 Ko] - C:\Windows\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png [MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 11:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\Windows\System32\ResBParser.dll [MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 11:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList [MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageListLowCost [MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList [MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.07 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [262.5 Ko] - C:\Windows\System32\ro-RO [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/05/2023 20:46:30] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\rtp.db [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [330 Ko] - C:\Windows\System32\ru-RU [MD5.8A41F2CF4A6AC5A57A82F8A3E62CD8D3] - |A| - [22/04/2023 06:52:09] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 11:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [13.46 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 11:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.744543DBBA5C491AE27CF179293DF046] - |A| - [08/09/2022 05:06:14] - (.-.) - [625.5 Ko] - (0.0.0.0) - C:\Windows\System32\SettingSyncDownloadHelper.dll [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\Sfxs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78.59 Ko] - C:\Windows\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1845 Ko] - C:\Windows\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.7 Ko] - C:\Windows\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [255 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [05/05/2023 13:59:09] - [0 Ko] - C:\Windows\System32\Skins [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [252.5 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [21/04/2023 23:02:52] - [6996.5 Ko] - C:\Windows\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:23] - [45.92 Ko] - C:\Windows\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 11:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [15681.02 Ko] - C:\Windows\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png [MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 11:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7602.34 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [13642.73 Ko] - C:\Windows\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [42959.77 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6596.59 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [254.5 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 11:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9304 Ko] - C:\Windows\System32\sru [MD5.862E9C75593E9BB1A90961975276F7FE] - |A| - [08/09/2022 05:06:07] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [321 Ko] - C:\Windows\System32\sv-SE [MD5.26D2D82E2DD08761EAACF5BB5099D65B] - |A| - [08/09/2022 05:06:48] - (.-.) - [1265.67 Ko] - (0.0.0.0) - C:\Windows\System32\SvBannerBackground.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1417.08 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [937.78 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8.16 Ko] - C:\Windows\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10.73 Ko] - C:\Windows\System32\ta-lk [MD5.3596DC15B6F6CBBB6EC8B143CBD57F24] - |A| - [08/09/2022 05:07:42] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [53.5 Ko] - (3.5.1.0) - C:\Windows\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [695.87 Ko] - C:\Windows\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 11:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.748F97029828F3B36D729475A77E0611] - |A| - [22/04/2023 06:50:56] - (.-.) - [2207.5 Ko] - (0.0.0.0) - C:\Windows\System32\TextInputMethodFormatter.dll [MD5.4C528AE5D512E3901BACAA5D75240381] - |A| - [08/09/2022 05:06:39] - (.-.) - [689.98 Ko] - (0.0.0.0) - C:\Windows\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [240.5 Ko] - C:\Windows\System32\th-TH [MD5.CF7677327BE3C6395B9F3333CC0F1C15] - |A| - [08/09/2022 05:06:18] - (.-.) - [1.34 Ko] - (0.0.0.0) - C:\Windows\System32\ThirdPartyNoticesBySHS.txt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\Windows\System32\ti-et [MD5.81407DA0DDFC4EFF1744E626C9FDB718] - |A| - [22/04/2023 06:49:32] - (.-.) - [267.5 Ko] - (0.0.0.0) - C:\Windows\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [309 Ko] - C:\Windows\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 11:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 11:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [249.5 Ko] - C:\Windows\System32\uk-UA [MD5.8CDD866E0707A71952FBA8BE899B7512] - |A| - [08/09/2022 05:06:10] - (.-.) - [63.04 Ko] - (0.0.0.0) - C:\Windows\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [2209.25 Ko] - C:\Windows\System32\UNP [MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 11:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll [MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 11:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\Windows\System32\usocoreps.dll [MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 11:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\Windows\System32\VhfUm.dll [MD5.A10725A4632FFFEAE250E09ADA553F94] - |A| - [08/09/2022 05:08:11] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\Windows\System32\VirtualMonitorManager.dll [MD5.F4309443B33D60D29CF488D9E0DF1D87] - |A| - [16/11/2022 01:15:14] - (.Copyright © 1998-2021 VMware, Inc. - VMware bridge notify DLL (64-bit).) - [95.22 Ko] - (14.0.0.5) - C:\Windows\System32\vmnetbridge.dll [MD5.7D9F03E7DC7B03F7F3FA671342CD35F7] - |A| - [04/05/2023 11:03:19] - (.Copyright © 1998-2021 VMware, Inc. - VMware network adapter install library.) - [116.98 Ko] - (14.0.0.5) - C:\Windows\System32\vnetinst.dll [MD5.0897C4CCD576CAC46DFF23C11098FAD4] - |A| - [04/05/2023 11:03:02] - (.Copyright © 1998-2022 VMware, Inc. - VMware network install library.) - [1289.66 Ko] - (17.0.0.34456) - C:\Windows\System32\vnetlib64.dll [MD5.ABE700A6459D2D6FC9774E0277350ECF] - |A| - [04/05/2023 11:05:06] - (.Copyright © 1998-2021 VMware, Inc. - VSockets Library.) - [30.39 Ko] - (9.8.19.0) - C:\Windows\System32\vsocklib.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [77738.27 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [20505.38 Ko] - C:\Windows\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 11:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.464BC80FDC4EEE43F9B293E8ECBA0FB9] - |A| - [22/04/2023 06:52:46] - (.-.) - [144.88 Ko] - (0.0.0.0) - C:\Windows\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57685.69 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.3F376202BE6A0EC0C866D97ED2E0F16D] - |A| - [08/09/2022 05:06:43] - (.-.) - [642.05 Ko] - (0.0.0.0) - C:\Windows\System32\WindowManagementAPI.dll [MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 11:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10992.83 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 11:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [106440 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6328.16 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [100.12 Ko] - C:\Windows\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 11:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\Windows\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 11:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 11:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml [MD5.3777A39635D6016118A552D1BAE3F86F] - |A| - [08/09/2022 05:06:46] - (.-.) - [24 Ko] - (0.0.0.0) - C:\Windows\System32\WsdProviderUtil.dll [MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 11:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [234.99 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [204.5 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1864.83 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.E556115BD4E751178310F842E457CA22] - |A| - [08/09/2022 05:07:17] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\agentactivationruntimestarter.exe [MD5.7D4761FD5A02353C9BD70C1F5B15AA4F] - |A| - [21/10/2015 02:14:42] - (.-.) - [193.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll [MD5.F12467373381C72FAE9CA7C08ED6C919] - |A| - [21/10/2015 02:14:42] - (.-.) - [128.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdhdl32.dll [MD5.87882BCCDF63B74B675ECCE6B6609DC2] - |A| - [21/10/2015 02:14:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [511.98 Ko] - (1.0.3.8) - C:\Windows\SysWOW64\amdlvr32.dll [MD5.8F2144D05F41DD27308548B5D9D19101] - |A| - [21/10/2015 02:14:42] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5093.98 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\amdmantle32.dll [MD5.F9F99EA40AF48C716C2E823F2B6FD2D8] - |A| - [21/10/2015 02:14:42] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [46.98 Ko] - (1.6.0.0) - C:\Windows\SysWOW64\amdmmcl.dll [MD5.E30B1D883DC886016C38FDEE6755CCC6] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [38790.48 Ko] - (10.0.1800.11) - C:\Windows\SysWOW64\amdocl.dll [MD5.5F0F6073A243FC8C4C190E3F06D1247E] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21803.98 Ko] - (0.8.0.0) - C:\Windows\SysWOW64\amdocl12cl.dll [MD5.40A2E4C2933EB5DE99C06F00A9E2C589] - |A| - [21/10/2015 02:14:44] - (.-.) - [980.49 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_as32.exe [MD5.985589A3C4BB14ED23A15D9477475F7B] - |A| - [21/10/2015 02:14:42] - (.-.) - [788.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_ld32.exe [MD5.170EA2F4A32130BBF7EABD2D94B235AE] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll [MD5.D0C50C113FE59C21AD59932E6B9C202F] - |A| - [04/05/2023 10:34:18] - (.-.) - [37.42 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ampa.sys [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [97.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.DD0F04B43362A7C7660C1DF405D416F0] - |A| - [08/09/2022 05:07:57] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [563 Ko] - (3.5.1.0) - C:\Windows\SysWOW64\archiveint.dll [MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\Windows\SysWOW64\atiadlxx.dll [MD5.546E937838E7D9FD945D6505529F2209] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008-2014 Advanced Micro Devices, Inc. - ADL.) - [913.48 Ko] - (7.15.20.1301) - C:\Windows\SysWOW64\atiadlxy.dll [MD5.53650482B8E621276DC55E50C9FB2FEE] - |A| - [22/08/2015 01:53:34] - (.-.) - [646.87 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb [MD5.4A8BC73F07C13E602B573BE723BFB360] - |A| - [21/10/2015 02:14:44] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [56.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalcl.dll [MD5.64E261847856C53DE5A3007682707290] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13975.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticaldd.dll [MD5.F1E925DE8ECC7BE99BCC380BBA3F477E] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [59.48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalrt.dll [MD5.DCE2F09D2DF45938DB476B287D6F560B] - |A| - [21/10/2015 02:14:54] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1194.88 Ko] - (8.17.10.1404) - C:\Windows\SysWOW64\aticfx32.dll [MD5.194B36603ED7BB93290F4A3C73B94764] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [9971.7 Ko] - (8.17.10.625) - C:\Windows\SysWOW64\atidxx32.dll [MD5.B84EF06D0D8192F33EE5BC12B2BA3702] - |A| - [21/10/2015 02:14:46] - (.-.) - [148.98 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atieah32.exe [MD5.B728F7B42DA61395F43C86BDDE5196E5] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [146.98 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atigktxx.dll [MD5.0C3156664885AF41100B63853EBCE037] - |A| - [21/10/2015 02:14:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [76.48 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiglpxx.dll [MD5.B344A7D717211B7DF53E369FC58290DF] - |A| - [21/10/2015 02:14:54] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [79.26 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll [MD5.6557A2BB671495C8F7E127FCD23FAF3E] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [24726.98 Ko] - (6.14.10.13399) - C:\Windows\SysWOW64\atioglxx.dll [MD5.E183E40B75E742A6E597A922168C2405] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [109.73 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiu9pag.dll [MD5.E638384DCD47CEA8F0DF2B6BAFB11F57] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [7307.19 Ko] - (9.14.10.1128) - C:\Windows\SysWOW64\atiumdag.dll [MD5.A98DA23A524803615B083CFCED1CE362] - |A| - [22/08/2015 01:50:46] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap [MD5.34438A391DADBD03940AF0760E2932CB] - |A| - [21/10/2015 02:14:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7821.64 Ko] - (8.14.10.513) - C:\Windows\SysWOW64\atiumdva.dll [MD5.C62336798199A3705424A6708445DD11] - |A| - [21/10/2015 02:14:56] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.7 Ko] - (8.14.1.6463) - C:\Windows\SysWOW64\atiuxpag.dll [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [22/08/2015 01:54:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [22/08/2015 01:54:10] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [59.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.5D50B325221D18737AABDCCB7FA69329] - |A| - [22/04/2023 01:40:59] - (.-.) - [60.47 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CCCInstall_202304220140590700.log [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [316.5 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2168.66 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [49.3 Ko] - C:\Windows\SysWOW64\Configuration [MD5.6545DE4EF5217AA2FFC7FFD27725A971] - |A| - [08/09/2022 05:07:17] - (.-.) - [235 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [119 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.DBD30D70FCDAE1FD343DDAD5C55C4E78] - |A| - [22/04/2023 06:56:01] - (.© Daniel Stenberg, . - The curl executable.) - [487 Ko] - (8.0.1.0) - C:\Windows\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [120 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [131.5 Ko] - C:\Windows\SysWOW64\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [188 Ko] - C:\Windows\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7613.18 Ko] - C:\Windows\SysWOW64\Dism [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 11:50:26] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\Windows\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [93 Ko] - C:\Windows\SysWOW64\he-IL [MD5.DF0C9C776F8367E213210FB256AC30EC] - |A| - [08/09/2022 05:07:24] - (.-.) - [230 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.506C5BE8B184615F7F35A85C00A16E76] - |A| - [21/10/2015 02:14:48] - (.-.) - [108.48 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\hsa-thunk.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123.5 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.8226A1A91F01432A0CB10CAABF1B9C6D] - |A| - [08/09/2022 05:07:26] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21636.34 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [125.5 Ko] - C:\Windows\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [89.5 Ko] - C:\Windows\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\Windows\SysWOW64\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [90.5 Ko] - C:\Windows\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [454.91 Ko] - C:\Windows\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\Windows\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\Windows\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:51:42] - [32.68 Ko] - C:\Windows\SysWOW64\MailContactsCalendarSync [MD5.39CE334A6E1CBED62462A0CCCC080A5C] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [119.48 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\mantle32.dll [MD5.890CD0E80FA4CA7728FF49E372D789F2] - |A| - [21/10/2015 02:14:48] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94.48 Ko] - (9.1.10.83) - C:\Windows\SysWOW64\mantleaxl32.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2855.89 Ko] - C:\Windows\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [816.8 Ko] - C:\Windows\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116.5 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 11:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [764.83 Ko] - C:\Windows\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [79.5 Ko] - C:\Windows\SysWOW64\PerceptionSimulation [MD5.DA5B296D710B63E1C5B9D17128C7C7EA] - |A| - [04/05/2023 11:01:58] - (.-.) - [794.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [124.5 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [553.28 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122.5 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123.5 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.82 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [45.92 Ko] - C:\Windows\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4037.38 Ko] - C:\Windows\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8688.64 Ko] - C:\Windows\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1320.65 Ko] - C:\Windows\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\Windows\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\Windows\SysWOW64\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\sru [MD5.BDC53957962AFBEBE6A25EF941C261B3] - |A| - [08/09/2022 05:07:17] - (.-.) - [323 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [06/05/2023 20:48:34] - [8 Ko] - C:\Windows\SysWOW64\statReporter [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [118 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.D7128869A4759CCBDC5D4BC55A40D4CC] - |A| - [08/09/2022 05:07:57] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [43.5 Ko] - (3.5.1.0) - C:\Windows\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.24FFA3463178442181B8523FBAAD7C6C] - |A| - [22/04/2023 06:53:53] - (.-.) - [1302.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TextInputMethodFormatter.dll [MD5.4C58C812BB19C065CB0ED7FC8FBBAC12] - |A| - [08/09/2022 05:07:24] - (.-.) - [597.62 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\Windows\SysWOW64\th-TH [MD5.71256636E25FA2662BB574D6F3D74426] - |A| - [22/04/2023 06:53:37] - (.-.) - [219 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [08/09/2022 05:07:27] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\umpdc.dll [MD5.6EE023F00CD791995A88EC3FAC5C7DEE] - |A| - [04/05/2023 11:03:20] - (.Copyright © 1998-2022 VMware, Inc. - VMware NAT Service.) - [418.15 Ko] - (17.0.0.34456) - C:\Windows\SysWOW64\vmnat.exe [MD5.AC4003E530A811EC438B3F5CAA06077B] - |A| - [04/05/2023 11:03:30] - (.Copyright © 1998-2022 VMware, Inc. - VMware VMnet DHCP service.) - [375.3 Ko] - (17.0.0.34456) - C:\Windows\SysWOW64\vmnetdhcp.exe [MD5.F7D359D175826BF28056AE1CBE1A02D9] - |A| - [04/05/2023 11:05:06] - (.Copyright © 1998-2021 VMware, Inc. - VSockets Library.) - [25.89 Ko] - (9.8.19.0) - C:\Windows\SysWOW64\vsocklib.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15515.46 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.A22B636328327A4EA6F6AB3F48A5B5B1] - |A| - [08/09/2022 05:07:26] - (.-.) - [457.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 11:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9310.62 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6327.94 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:49:24] - [100.12 Ko] - C:\Windows\SysWOW64\winrm [MD5.FECEF7E35453020055761689843F11AC] - |A| - [08/09/2022 05:07:57] - (.-.) - [18.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WsdProviderUtil.dll [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 11:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | [lfshy] [05/05/2023 09:30:19] - |D| - [5828] - C:\Users\lfshy\.cache [22/04/2023 01:29:51] - |RD| - [298] - C:\Users\lfshy\3D Objects [22/04/2023 01:26:48] - |HD| - [1911504499] - C:\Users\lfshy\AppData [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Application Data [22/04/2023 01:29:51] - |RD| - [412] - C:\Users\lfshy\Contacts [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Cookies [22/04/2023 01:26:48] - |RD| - [14830100331] - C:\Users\lfshy\Desktop [22/04/2023 01:26:48] - |RD| - [402] - C:\Users\lfshy\Documents [22/04/2023 01:26:48] - |RD| - [5321394] - C:\Users\lfshy\Downloads [22/04/2023 01:26:48] - |RD| - [690] - C:\Users\lfshy\Favorites [05/05/2023 12:50:52] - |D| - [0] - C:\Users\lfshy\iTop Private Browser [22/04/2023 01:26:48] - |RD| - [1937] - C:\Users\lfshy\Links [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Local Settings [22/04/2023 01:26:48] - |RD| - [504] - C:\Users\lfshy\Music [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\My Documents [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\NetHood [22/04/2023 01:26:48] - |AH| - [1310720] - C:\Users\lfshy\NTUSER.DAT [22/04/2023 01:26:49] - |ASH| - [278528] - C:\Users\lfshy\ntuser.dat.LOG1 [22/04/2023 01:26:49] - |ASH| - [389120] - C:\Users\lfshy\ntuser.dat.LOG2 [22/04/2023 01:26:49] - |ASH| - [65536] - C:\Users\lfshy\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [22/04/2023 01:26:49] - |ASH| - [524288] - C:\Users\lfshy\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [22/04/2023 01:26:49] - |ASH| - [524288] - C:\Users\lfshy\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [22/04/2023 01:26:50] - |SH| - [20] - C:\Users\lfshy\ntuser.ini [22/04/2023 01:43:48] - |RD| - [96] - C:\Users\lfshy\OneDrive [22/04/2023 01:26:48] - |RD| - [589173] - C:\Users\lfshy\Pictures [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\PrintHood [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Recent [22/04/2023 01:26:48] - |RD| - [282] - C:\Users\lfshy\Saved Games [22/04/2023 01:29:52] - |RD| - [1879] - C:\Users\lfshy\Searches [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\SendTo [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Start Menu [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\Templates [22/04/2023 01:26:48] - |RD| - [694] - C:\Users\lfshy\Videos [22/04/2023 01:26:48] - |D| - [1905690361] - C:\Users\lfshy\AppData\Local [22/04/2023 01:26:50] - |D| - [560900] - C:\Users\lfshy\AppData\LocalLow [22/04/2023 01:26:48] - |HD| - [5253238] - C:\Users\lfshy\AppData\Roaming [25/04/2023 03:24:42] - |D| - [8] - C:\Users\lfshy\AppData\Local\AMD [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\AppData\Local\Application Data [25/04/2023 03:22:19] - |D| - [66104] - C:\Users\lfshy\AppData\Local\ATI [05/05/2023 11:53:44] - |D| - [0] - C:\Users\lfshy\AppData\Local\Avira [05/05/2023 14:11:04] - |D| - [0] - C:\Users\lfshy\AppData\Local\balena-etcher-updater [22/04/2023 01:50:20] - |D| - [18571268] - C:\Users\lfshy\AppData\Local\Comms [22/04/2023 01:29:35] - |D| - [1372341] - C:\Users\lfshy\AppData\Local\ConnectedDevicesPlatform [22/04/2023 01:35:02] - |D| - [66500] - C:\Users\lfshy\AppData\Local\D3DSCache [22/04/2023 02:47:58] - |D| - [591636403] - C:\Users\lfshy\AppData\Local\ESET [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\AppData\Local\History [05/05/2023 13:01:03] - |D| - [64974535] - C:\Users\lfshy\AppData\Local\iTop Easy Desktop [05/05/2023 12:51:18] - |D| - [145593538] - C:\Users\lfshy\AppData\Local\iTop Private Browser [22/04/2023 01:26:48] - |D| - [840714733] - C:\Users\lfshy\AppData\Local\Microsoft [22/04/2023 01:29:41] - |D| - [78239643] - C:\Users\lfshy\AppData\Local\Packages [04/05/2023 10:44:47] - |D| - [33265450] - C:\Users\lfshy\AppData\Local\Programs [22/04/2023 01:30:36] - |D| - [0] - C:\Users\lfshy\AppData\Local\Publishers [22/04/2023 01:26:48] - |D| - [131189838] - C:\Users\lfshy\AppData\Local\Temp [22/04/2023 01:26:50] - |SHD| - [0] - C:\Users\lfshy\AppData\Local\Temporary Internet Files [22/04/2023 01:29:46] - |D| - [0] - C:\Users\lfshy\AppData\Local\VirtualStore [04/05/2023 11:22:53] - |D| - [1144] - C:\Users\lfshy\AppData\LocalLow\IObit [22/04/2023 01:29:53] - |SD| - [559756] - C:\Users\lfshy\AppData\LocalLow\Microsoft [22/04/2023 01:29:45] - |D| - [0] - C:\Users\lfshy\AppData\Roaming\Adobe [04/05/2023 10:53:13] - |D| - [0] - C:\Users\lfshy\AppData\Roaming\Ashampoo Snap [25/04/2023 03:22:19] - |D| - [0] - C:\Users\lfshy\AppData\Roaming\ATI [05/05/2023 14:12:31] - |D| - [2359] - C:\Users\lfshy\AppData\Roaming\CareUEyes [05/05/2023 13:01:50] - |D| - [0] - C:\Users\lfshy\AppData\Roaming\instinfo [04/05/2023 11:22:14] - |D| - [1722950] - C:\Users\lfshy\AppData\Roaming\IObit [05/05/2023 13:16:42] - |D| - [28113] - C:\Users\lfshy\AppData\Roaming\iTop PDF [05/05/2023 08:54:19] - |D| - [515177] - C:\Users\lfshy\AppData\Roaming\iTop VPN [22/04/2023 01:26:48] - |SD| - [290409] - C:\Users\lfshy\AppData\Roaming\Microsoft [06/05/2023 18:16:33] - |D| - [3503] - C:\Users\lfshy\AppData\Roaming\URSoft [05/05/2023 09:16:36] - |D| - [2690727] - C:\Users\lfshy\AppData\Roaming\Xilisoft [05/05/2023 13:19:30] - |D| - [0] - C:\Users\lfshy\AppData\Roaming\zum [22/04/2023 01:29:51] - |SH| - [174] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [22/04/2023 01:26:48] - |RD| - [22423] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [22/04/2023 01:26:48] - |RD| - [3888] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [22/04/2023 01:26:48] - |RD| - [1678] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [22/04/2023 01:29:52] - |RD| - [174] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/05/2023 14:11:05] - |A| - [2319] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\balenaEtcher.lnk [22/04/2023 01:26:48] - |SH| - [264] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [22/04/2023 02:48:03] - |A| - [1382] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk [22/04/2023 01:26:48] - |D| - [170] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [22/04/2023 01:26:48] - |A| - [2383] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [22/04/2023 01:29:52] - |RD| - [174] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [22/04/2023 01:26:48] - |RD| - [4913] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [22/04/2023 01:26:48] - |D| - [5078] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [22/04/2023 01:29:52] - |SH| - [174] - C:\Users\lfshy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [22/04/2023 01:29:51] - |RHD| - [82507] - C:\Users\Public\AccountPictures [07/12/2019 11:14:52] - |RHD| - [12126] - C:\Users\Public\Desktop [07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini [07/12/2019 11:14:52] - |RD| - [278] - C:\Users\Public\Documents [07/12/2019 11:14:52] - |RD| - [174] - C:\Users\Public\Downloads [07/12/2019 11:14:52] - |RHD| - [1174] - C:\Users\Public\Libraries [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Music [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Pictures [06/05/2023 20:52:53] - |D| - [0] - C:\Users\Public\Security Sessions [05/05/2023 11:51:06] - |D| - [8564] - C:\Users\Public\Speedup Sessions [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [25/04/2023 02:58:29] - |D| - [0] - C:\ProgramData\AMD [04/05/2023 10:34:04] - |D| - [51] - C:\ProgramData\AomeiBR [04/05/2023 10:34:04] - |D| - [20] - C:\ProgramData\AOMEIPA [21/04/2023 23:12:29] - |SHD| - [0] - C:\ProgramData\Application Data [04/05/2023 10:52:39] - |D| - [420246] - C:\ProgramData\Ashampoo [25/04/2023 03:22:19] - |D| - [186] - C:\ProgramData\ATI [05/05/2023 11:14:28] - |D| - [105648566] - C:\ProgramData\Avira [06/05/2023 15:18:34] - |D| - [24] - C:\ProgramData\boost_interprocess [21/04/2023 23:12:29] - |SHD| - [0] - C:\ProgramData\Desktop [21/04/2023 23:12:29] - |SHD| - [0] - C:\ProgramData\Documents [05/05/2023 13:18:54] - |D| - [899957] - C:\ProgramData\ESTsoft [04/05/2023 11:22:25] - |D| - [1496874852] - C:\ProgramData\IObit [05/05/2023 13:14:20] - |D| - [583] - C:\ProgramData\iTop [05/05/2023 13:19:33] - |D| - [2] - C:\ProgramData\iTop Easy Desktop [05/05/2023 08:55:22] - |D| - [423817] - C:\ProgramData\iTop VPN [07/12/2019 11:14:52] - |SD| - [728395790] - C:\ProgramData\Microsoft [22/04/2023 01:33:11] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [22/04/2023 01:38:51] - |D| - [28594264] - C:\ProgramData\Package Cache [22/04/2023 01:30:08] - |D| - [139264] - C:\ProgramData\Packages [04/05/2023 11:24:45] - |D| - [4374] - C:\ProgramData\ProductData [07/12/2019 11:14:52] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [06/05/2023 19:39:17] - |D| - [908] - C:\ProgramData\Registry First Aid [07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution [08/09/2022 05:13:02] - |D| - [0] - C:\ProgramData\ssh [21/04/2023 23:12:29] - |SHD| - [0] - C:\ProgramData\Start Menu [06/05/2023 18:16:31] - |AD| - [0] - C:\ProgramData\TEMP [21/04/2023 23:12:29] - |SHD| - [0] - C:\ProgramData\Templates [07/12/2019 11:14:52] - |D| - [8134656] - C:\ProgramData\USOPrivate [07/12/2019 11:14:52] - |D| - [6008832] - C:\ProgramData\USOShared [04/05/2023 11:00:28] - |D| - [2443981] - C:\ProgramData\VMware [07/12/2019 11:52:44] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [05/05/2023 09:13:34] - |D| - [8192] - C:\ProgramData\Xilisoft [05/05/2023 08:57:45] - |D| - [654] - C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15} [05/05/2023 12:59:07] - |D| - [138] - C:\ProgramData\{E0224FF9-7AE3-4F9E-991A-2F004F7E3952} [04/05/2023 11:26:07] - |D| - [0] - C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [07/12/2019 11:14:54] - |AS| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [07/12/2019 11:14:52] - |RD| - [113878] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [07/12/2019 11:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [07/12/2019 11:14:52] - |RD| - [14467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [07/12/2019 11:14:52] - |RD| - [22956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [04/05/2023 11:23:37] - |D| - [8147] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare [22/04/2023 01:40:15] - |D| - [4369] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [04/05/2023 10:32:51] - |D| - [2605] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant [04/05/2023 10:52:40] - |D| - [7469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [05/05/2023 11:31:54] - |D| - [1176] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [05/05/2023 11:53:42] - |D| - [1500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop [07/12/2019 11:14:54] - |AS| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [05/05/2023 12:35:20] - |D| - [2884] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 10 [07/12/2019 11:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [05/05/2023 11:33:10] - |D| - [2756] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater [05/05/2023 13:03:34] - |D| - [1889] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Easy Desktop [05/05/2023 13:12:27] - |D| - [1914] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop PDF [05/05/2023 12:50:46] - |D| - [2185] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Private Browser [05/05/2023 08:54:55] - |D| - [2234] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop VPN [07/12/2019 11:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [21/04/2023 23:05:04] - |A| - [2438] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [06/05/2023 19:39:16] - |SD| - [11332] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 11 [07/12/2019 11:14:52] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [07/12/2019 11:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [04/05/2023 11:01:52] - |D| - [4922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [07/12/2019 11:52:06] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [05/05/2023 09:15:55] - |D| - [5703] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft [06/05/2023 18:17:07] - |D| - [3967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7 ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/12/2019 11:14:54] - |AS| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [04/05/2023 10:31:42] - |D| - [192847515] - C:\Program Files (x86)\AOMEI Partition Assistant [05/05/2023 13:24:26] - |D| - [47239455] - C:\Program Files (x86)\Ashampoo [22/04/2023 01:39:14] - |D| - [106367910] - C:\Program Files (x86)\ATI Technologies [05/05/2023 11:30:14] - |D| - [221122144] - C:\Program Files (x86)\Avira [07/12/2019 11:14:52] - |D| - [636494051] - C:\Program Files (x86)\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [05/05/2023 13:14:51] - |D| - [63349485] - C:\Program Files (x86)\ESTsoft [05/05/2023 08:54:35] - |D| - [13357517924] - C:\Program Files (x86)\Galaxy S6 [07/12/2019 11:14:52] - |D| - [1995343] - C:\Program Files (x86)\Internet Explorer [04/05/2023 11:22:51] - |D| - [456962757] - C:\Program Files (x86)\IObit [05/05/2023 12:44:07] - |D| - [0] - C:\Program Files (x86)\iTop Screen Recorder [05/05/2023 08:53:47] - |D| - [84190469] - C:\Program Files (x86)\iTop VPN [05/05/2023 08:57:25] - |D| - [258151417] - C:\Program Files (x86)\Je veux vivre jusqu'à 48 ans [05/05/2023 08:56:28] - |D| - [69738039] - C:\Program Files (x86)\Jules Undersea Lodge [05/05/2023 08:58:59] - |D| - [162542535] - C:\Program Files (x86)\me couper les ongles et faire ma toilette moi même toute ma vie [08/09/2022 05:13:24] - |D| - [1977961580] - C:\Program Files (x86)\Microsoft [07/12/2019 11:14:52] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [04/05/2023 11:00:28] - |D| - [1098851980] - C:\Program Files (x86)\VMware [07/12/2019 11:14:52] - |D| - [1810720] - C:\Program Files (x86)\Windows Defender [07/12/2019 11:14:52] - |D| - [626176] - C:\Program Files (x86)\Windows Mail [07/12/2019 11:52:44] - |D| - [3227546] - C:\Program Files (x86)\Windows Media Player [07/12/2019 11:52:44] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [5940568] - C:\Program Files (x86)\Windows NT [07/12/2019 11:52:44] - |D| - [5255104] - C:\Program Files (x86)\Windows Photo Viewer [07/12/2019 11:52:44] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices [07/12/2019 11:14:52] - |SD| - [0] - C:\Program Files (x86)\Windows Sidebar [07/12/2019 11:14:52] - |D| - [2237997] - C:\Program Files (x86)\WindowsPowerShell [05/05/2023 09:13:34] - |D| - [94044217] - C:\Program Files (x86)\Xilisoft [06/05/2023 18:16:55] - |D| - [13400724] - C:\Program Files (x86)\Your Uninstaller! 7 ---------- | C:\Program Files [22/04/2023 01:37:28] - |D| - [96636696] - C:\Program Files\AMD [04/05/2023 10:51:02] - |D| - [404023053] - C:\Program Files\Ashampoo [22/04/2023 01:40:01] - |D| - [5595872] - C:\Program Files\ATI Technologies [06/05/2023 20:44:06] - |D| - [719454392] - C:\Program Files\Avira [07/12/2019 11:14:52] - |D| - [46448576] - C:\Program Files\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini [07/12/2019 11:14:52] - |D| - [2675810] - C:\Program Files\Internet Explorer [05/05/2023 13:01:03] - |D| - [105432893] - C:\Program Files\iTop Easy Desktop [05/05/2023 13:03:35] - |D| - [469613840] - C:\Program Files\iTop PDF [05/05/2023 12:48:30] - |D| - [314765704] - C:\Program Files\iTop Private Browser [22/04/2023 05:53:43] - |D| - [1942128] - C:\Program Files\Microsoft Update Health Tools [07/12/2019 11:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [21/04/2023 23:04:17] - |HD| - [0] - C:\Program Files\Uninstall Information [07/12/2019 11:14:52] - |D| - [13815760] - C:\Program Files\Windows Defender [07/12/2019 11:14:52] - |D| - [641024] - C:\Program Files\Windows Mail [07/12/2019 11:52:44] - |D| - [4588478] - C:\Program Files\Windows Media Player [07/12/2019 11:52:44] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6285656] - C:\Program Files\Windows NT [07/12/2019 11:52:44] - |D| - [6173128] - C:\Program Files\Windows Photo Viewer [07/12/2019 11:52:44] - |D| - [48528] - C:\Program Files\Windows Portable Devices [07/12/2019 11:14:52] - |D| - [113765] - C:\Program Files\Windows Security [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 11:14:52] - |HD| - [2485446464] - C:\Program Files\WindowsApps [07/12/2019 11:14:52] - |D| - [2530213] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [04/05/2023 11:24:13] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit [07/12/2019 11:14:52] - |D| - [14757042] - C:\Program Files (x86)\Common Files\Microsoft Shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/12/2019 11:14:52] - |D| - [9531787] - C:\Program Files (x86)\Common Files\System [04/05/2023 11:00:53] - |D| - [3827480] - C:\Program Files (x86)\Common Files\ThinPrint [04/05/2023 10:54:38] - |D| - [608375040] - C:\Program Files (x86)\Common Files\VMware ---------- | C:\Program Files\Common files [07/12/2019 11:14:52] - |D| - [35095525] - C:\Program Files\Common files\microsoft shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files\Common files\Services [07/12/2019 11:14:52] - |D| - [10541451] - C:\Program Files\Common files\System [04/05/2023 11:00:29] - |D| - [808898] - C:\Program Files\Common files\VMware ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [21/04/2023 23:03:11] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.BA56DE64314E2E0DA4AC465EC44B8C96] - [04/05/2023 11:24:40] - |A| - [3302] - C:\Windows\System32\Tasks\ASC_PerformanceMonitor : "C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe" [MD5.9FB364458E0CBC8D351A49E70F1CCE5C] - [05/05/2023 11:56:35] - |A| - [3092] - C:\Windows\System32\Tasks\ASC_SkipUac_lfshy : "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" [MD5.00000000000000000000000000000000] - [06/05/2023 21:09:10] - |D| - [17228] - C:\Windows\System32\Tasks\Avira [MD5.49C12A62EE57EF366AFAA1CC6C95132B] - [06/05/2023 20:38:34] - |A| - [3782] - C:\Windows\System32\Tasks\AviraSystemSpeedupVerify : "C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe" [MD5.D0FA53CBF8FBC19ACC2D221862E33192] - [05/05/2023 11:30:22] - |A| - [3704] - C:\Windows\System32\Tasks\Avira_FallbackUpdater : C:\Windows\system32\sc.exe [MD5.BFC1F7C0479925686EE8B266C9C0C147] - [06/05/2023 20:37:19] - |A| - [3888] - C:\Windows\System32\Tasks\Avira_Security_Maintenance : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [MD5.3D427871FE78AE4EF23ED82193E02F93] - [06/05/2023 20:37:17] - |A| - [3428] - C:\Windows\System32\Tasks\Avira_Security_Service_SCM_Watchdog : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [MD5.915FEEF1A653FCB6A28C1B67AF728383] - [06/05/2023 20:37:18] - |A| - [2818] - C:\Windows\System32\Tasks\Avira_Security_Systray : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [MD5.8152AB37DB1E71B1CA8226709A14C9AB] - [05/05/2023 11:32:05] - |A| - [3476] - C:\Windows\System32\Tasks\Avira_Security_Update : C:\Windows\system32\net.exe [MD5.9F07C3E02AE93CD6F010E1C9F5D06BF9] - [05/05/2023 12:37:17] - |A| - [3194] - C:\Windows\System32\Tasks\Driver Booster Scheduler : "C:\Program Files (x86)\IObit\Driver Booster\10.3.0\Scheduler.exe" [MD5.69CCFE48198C28F47891C1A0D52247B7] - [05/05/2023 12:37:16] - |A| - [3306] - C:\Windows\System32\Tasks\Driver Booster SkipUAC (lfshy) : "C:\Program Files (x86)\IObit\Driver Booster\10.3.0\DriverBooster.exe" [MD5.BEDEF8D01F88664D0E67515DDF32BF9F] - [05/05/2023 12:37:20] - |A| - [3180] - C:\Windows\System32\Tasks\Driver Booster Update : "C:\Program Files (x86)\IObit\Driver Booster\10.3.0\AutoUpdate.exe" [MD5.FA6C883767BED38BB93983017119B08A] - [05/05/2023 13:17:04] - |A| - [3252] - C:\Windows\System32\Tasks\iTop PDF ExpRt : "C:\Program Files\iTop PDF\exprgt.exe" [MD5.5990147BB965C7F8421D188D4542E770] - [05/05/2023 13:17:02] - |A| - [3040] - C:\Windows\System32\Tasks\iTop PDF Launch SkipUAC (lfshy) : "C:\Program Files\iTop PDF\Launcher.exe" [MD5.CB9D52C1BF17EC425D30EA9536DEE2A3] - [05/05/2023 13:17:00] - |A| - [3024] - C:\Windows\System32\Tasks\iTop PDF SkipUAC (lfshy) : "C:\Program Files\iTop PDF\iTopPDF.exe" [MD5.8F73FF145D8FCA9B115E70D6C1CE010C] - [05/05/2023 13:16:58] - |A| - [3260] - C:\Windows\System32\Tasks\iTop PDF Update : "C:\Program Files\iTop PDF\AutoUpdate.exe" [MD5.BFBBAE32192BF064C6D079BDD571972B] - [05/05/2023 12:51:18] - |A| - [3414] - C:\Windows\System32\Tasks\iTop Private Browser UAC : "C:\Program Files\iTop Private Browser\ivBInit.exe" [MD5.17A60FCB07D3D783469EADC762BCE62A] - [05/05/2023 12:51:17] - |A| - [3332] - C:\Windows\System32\Tasks\iTop Private Browser Update : "C:\Program Files\iTop Private Browser\AutoUpdate.exe" [MD5.C7718C7C44F3E130D83A3DA146CBAC1B] - [05/05/2023 08:55:46] - |A| - [3426] - C:\Windows\System32\Tasks\iTopVPN_Scheduler_lfshy : "C:\Program Files (x86)\iTop VPN\iTopVPN.exe" [MD5.414879FBFBA18030C4CF9C2FA6ED0083] - [05/05/2023 08:55:46] - |A| - [3400] - C:\Windows\System32\Tasks\iTopVPN_SkipUAC_lfshy : "C:\Program Files (x86)\iTop VPN\iTopVPN.exe" [MD5.F87AFCC467BEC9554F7FE85929A929FD] - [05/05/2023 08:55:47] - |A| - [3536] - C:\Windows\System32\Tasks\iTopVPN_Update_lfshy : "C:\Program Files (x86)\iTop VPN\atud.exe" [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [608128] - C:\Windows\System32\Tasks\Microsoft [MD5.0F38C9140D3F31C347C8216CCBCB0EEF] - [21/04/2023 23:04:28] - |A| - [3566] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.01D2C2C99707E07062F3ABF7CE1AC9EA] - [21/04/2023 23:04:28] - |A| - [3690] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.D155906443AB220EFB357A6384343527] - [22/04/2023 01:45:49] - |A| - [3592] - C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1064503503-3167082132-3616807767-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.0C19CD33D8F9F717C7545A9B4B5CEE07] - [22/04/2023 01:43:48] - |A| - [3380] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1064503503-3167082132-3616807767-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.3BE4FD14758ACEFA9885AA3C930C9477] - [05/05/2023 11:33:47] - |A| - [3184] - C:\Windows\System32\Tasks\Software Updater Scheduler : "C:\Program Files (x86)\IObit\Software Updater\SUInit.exe" [MD5.D24D848AC69B25E4966E339981C2E832] - [05/05/2023 11:33:47] - |A| - [2950] - C:\Windows\System32\Tasks\Software Updater SkipUAC(lfshy) : "C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe" [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{A752D2AE-ED27-42D8-9611-FEED5E075319}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Edge|Desc=Microsoft Edge|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=Microsoft Edge|Platform=2:6:2|Platform2=GTEQ| "{E4FEE469-0499-4219-A5B7-8BFDDB734B68}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Edge|Desc=Microsoft Edge|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=Microsoft Edge|Platform=2:6:2|Platform2=GTEQ| "{A6053336-4398-4908-A6F1-A74BC307E281}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=NcsiUwpApp|Desc=NcsiUwpApp|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-138780814-3997110584-2874353029-2041838810-3659441231-3169655024-3643974355|EmbedCtxt=NcsiUwpApp|Platform=2:6:2|Platform2=GTEQ| "{D257539D-E4AF-46EA-8CB0-BCDA9229F54C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{3DF6D41F-4C46-492C-9481-A4AC70A24A0C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{68C8567A-B10C-444E-8E94-9D255C7EB609}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{3EA1E0C7-C11C-4177-A9EB-DC044B213CB0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ| "{02B80ACF-7FD5-4003-A43A-92AB49301565}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{79575FC1-0FD8-4F3A-B01E-C7060BBA5251}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ| "{E6B2ACC0-28E5-410E-9C70-2F21C0362CEB}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{FB6B2A6C-E0F0-4CB7-8651-A9EDF341D282}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{67E64E68-EA4F-4E2E-8DC0-374E560BA0FE}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{98D94380-0189-4E8A-BAE0-41C362702ED1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Solitaire & Casual Games|Desc=Solitaire & Casual Games|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Solitaire & Casual Games|Platform=2:6:2|Platform2=GTEQ| "{AE90724D-AC94-4116-B315-29878E7DCC35}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Solitaire & Casual Games|Desc=Solitaire & Casual Games|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Solitaire & Casual Games|Platform=2:6:2|Platform2=GTEQ| "{351434D0-32C7-446A-8E19-5108BF23CCB1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ| "{6A27151D-E41D-4EEC-83B0-96F425E3121C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-1064503503-3167082132-3616807767-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{38F961A4-D73F-423D-83C1-53EBE80D49B9}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe|Name=Microsoft Edge (mDNS-In)|Desc=Inbound rule for Microsoft Edge to allow mDNS traffic.|EmbedCtxt=Microsoft Edge| "{C90BDF32-2805-4CCB-B90F-B91E859DCA0E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe|Name=VMware Authd Service|Edge=TRUE| "{FACD662A-4BC3-41EE-A469-F8A51955FB3E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe|Name=VMware Authd Service (private)|Edge=TRUE| "{46014254-6143-4B06-A239-CD1556C2DA69}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\112.0.1722.68\msedgewebview2.exe|Name=Microsoft Edge (mDNS-In)|Desc=Inbound rule for Microsoft Edge to allow mDNS traffic.|EmbedCtxt=Microsoft Edge WebView2 Runtime| "TCP Query User{8294D4F2-7347-42DA-AB0F-DE1D25F461C9}C:\program files\itop private browser\itopbrowser.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\itop private browser\itopbrowser.exe|Name=iTop Private Browser|Desc=iTop Private Browser|Defer=User| "UDP Query User{BCEF9D41-7E47-4B3F-BD0F-C7661EECC6B0}C:\program files\itop private browser\itopbrowser.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\itop private browser\itopbrowser.exe|Name=iTop Private Browser|Desc=iTop Private Browser|Defer=User| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{884b96c3-56ef-11d1-bc8c-00a0c91405dd}] : (vmkbd3) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e004269c-d387-4461-b955-25a64cfe23ce}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [04/05/2023 11:05:06] - (9.8.19.0) - (VMware, Inc. - VMware vSockets Service) - C:\Windows\system32\DRIVERS\vsock.sys [03/07/2022 18:47:16] - (9.8.18.0) - (VMware, Inc. - VMware PCI VMCI Bus Device) - C:\Windows\System32\drivers\vmci.sys [04/05/2023 11:04:46] - (1.6.6.0) - (VMware, Inc. - VMware VMware Input Filter and Injection Driver (64-bit)) - C:\Windows\system32\DRIVERS\vmkbd.sys [22/04/2023 06:51:24] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\CimFS.SYS [// ::] - (0.0.0.0) - ( -) - C:\Windows\system32\drivers\IMFCameraProtect.sys [16/11/2022 01:15:14] - (14.0.0.5) - (VMware, Inc. - VMware virtual network adapter driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetadapter.sys [16/11/2022 01:15:14] - (14.0.0.5) - (VMware, Inc. - VMware virtual network driver (64-bit)) - C:\Windows\system32\DRIVERS\VMNET.SYS [07/12/2019 11:07:53] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\Windows\System32\drivers\L1C63x64.sys [06/05/2023 01:31:30] - (1.0.0.12) - (iTop Inc. - iTop Easy Desktop) - C:\Program Files\iTop Easy Desktop\iTopEDFileFilter.sys [16/11/2022 01:15:14] - (14.0.0.5) - (VMware, Inc. - VMware bridge driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetbridge.sys [04/05/2023 11:03:19] - (14.0.0.5) - (VMware, Inc. - VMware network application interface driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetuserif.sys [04/05/2023 11:04:50] - (16.0.0.23) - (VMware, Inc. - VMware kernel driver) - C:\Windows\system32\DRIVERS\vmx86.sys [04/05/2023 11:02:34] - (8.11.11.0) - (VMware, Inc. - VMware USB monitor) - C:\Windows\system32\DRIVERS\hcmon.sys [// ::] - (0.0.0.0) - ( -) - C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFEFSFileControl.sys [// ::] - (0.0.0.0) - ( -) - C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [// ::] - (0.0.0.0) - ( -) - C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [05/05/2023 11:55:20] - (15.3.0.3) - (IObit - AscFileFilter) - C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys [05/05/2023 11:55:20] - (15.0.0.1) - (IObit - AscRegistryFilter) - C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys [06/05/2023 15:53:58] - (1.0.5.4) - (CPUID - CPUID Driver) - C:\Windows\temp\cpuz154\cpuz154_x64.sys [05/05/2023 11:55:20] - (15.0.0.3) - (IObit - IObit Temperature Monitor) - C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [06/05/2023 20:44:24] - (1.1.2304.323) - (Avira Operations GmbH - Avira Driver for Data Traverse) - C:\Windows\system32\DRIVERS\rtp_traverse.sys [06/05/2023 20:44:24] - (1.1.2304.323) - (Avira Operations GmbH - Avira Driver for Security Enhancement) - C:\Windows\system32\DRIVERS\rtp_process_monitor.sys [06/05/2023 20:44:24] - (1.1.2304.323) - (Avira Operations GmbH - Avira real-time protection filter driver) - C:\Windows\system32\DRIVERS\rtp_filter.sys [06/05/2023 20:44:24] - (1.1.2304.323) - (Avira Operations GmbH - Avira Minifilter Driver) - C:\Windows\system32\DRIVERS\rtp_filesystem_filter.sys [06/05/2023 20:44:25] - (3.0.0.58) - (Avira Operations GmbH - Avira Sentry Driver) - C:\Windows\system32\DRIVERS\BdSentry.sys [06/05/2023 20:44:24] - (2.6.0.50) - (Avira Operations GmbH - Avira Network Filter) - C:\Windows\system32\DRIVERS\BdNet.sys [06/05/2023 20:46:39] - (1.0.2304.372) - (Avira Operations GmbH - Avira NetProtectionSDK WFP Driver.) - C:\Windows\System32\drivers\netprotection_network_filter.sys ---------- | LoadOrderGroup Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK Name: PerceptionGroup - DriverEnabled: True - GroupOrder: 48 - Status: OK Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 49 - Status: OK Name: AudioGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK Name: UIGroup - DriverEnabled: True - GroupOrder: 51 - Status: OK Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 52 - Status: OK Name: PlugPlay - DriverEnabled: True - GroupOrder: 53 - Status: OK Name: Cryptography - DriverEnabled: True - GroupOrder: 54 - Status: OK Name: PNP_TDI - DriverEnabled: True - GroupOrder: 55 - Status: OK Name: NDIS - DriverEnabled: True - GroupOrder: 56 - Status: OK Name: TDI - DriverEnabled: True - GroupOrder: 57 - Status: OK Name: iSCSI - DriverEnabled: True - GroupOrder: 58 - Status: OK Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 63 - Status: OK Name: NetworkProvider - DriverEnabled: True - GroupOrder: 64 - Status: OK Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 65 - Status: OK Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 66 - Status: OK Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 67 - Status: OK Name: Extended Base - DriverEnabled: True - GroupOrder: 68 - Status: OK Name: PCI Configuration - DriverEnabled: True - GroupOrder: 69 - Status: OK Name: MS Transactions - DriverEnabled: True - GroupOrder: 70 - Status: OK Name: Core - DriverEnabled: False - GroupOrder: 71 - Status: OK Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK Name: PNP Filter - DriverEnabled: False - GroupOrder: 73 - Status: OK Name: System - DriverEnabled: False - GroupOrder: 74 - Status: OK Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 75 - Status: OK Name: NetworkService - DriverEnabled: False - GroupOrder: 76 - Status: OK Name: Early-Launch - DriverEnabled: False - GroupOrder: 77 - Status: OK Name: Hyper-V Parsers - DriverEnabled: False - GroupOrder: 78 - Status: OK Name: _Early-Launch - DriverEnabled: False - GroupOrder: 79 - Status: OK Name: LocalService - DriverEnabled: False - GroupOrder: 80 - Status: OK ---------- | LoadOrderGroupServiceDependencies LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs" ---------- | LoadOrderGroupServiceMembers LoadOrderGroup.Name="System Reserved" - Service.Name="AdvancedSystemCareService16" LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc" LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder" LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv" LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure" LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch" LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall" LoadOrderGroup.Name="TDI" - Service.Name="Dhcp" LoadOrderGroup.Name="TDI" - Service.Name="Dnscache" LoadOrderGroup.Name="TDI" - Service.Name="dot3svc" LoadOrderGroup.Name="TDI" - Service.Name="DusmSvc" LoadOrderGroup.Name="Event Log" - Service.Name="EventLog" LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc" LoadOrderGroup.Name="TDI" - Service.Name="icssvc" LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation" LoadOrderGroup.Name="TDI" - Service.Name="lmhosts" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM" LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker" LoadOrderGroup.Name="NetworkProvider" - Service.Name="mpssvc" LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI" LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay" LoadOrderGroup.Name="Plugplay" - Service.Name="Power" LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs" LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr" LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection" LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler" LoadOrderGroup.Name="profsvc_group" - Service.Name="SysMain" LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller" LoadOrderGroup.Name="AudioGroup" - Service.Name="VacSvc" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc" LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc" LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient" LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc" LoadOrderGroup.Name="TDI" - Service.Name="wlpasvc" LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc" LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware" LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Acx01000" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="afunix" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="amdgpio2" LoadOrderGroup.Name="Base" - SystemDriver.Name="amdi2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2" LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="bindflt" LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="BthMini" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="BTHPORT" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="BTHUSB" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="bttflt" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd" LoadOrderGroup.Name="File system" - SystemDriver.Name="CimFS" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass" LoadOrderGroup.Name="FSFilter HSM" - SystemDriver.Name="CldFlt" LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS" LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG" LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus" LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc" LoadOrderGroup.Name="Base" - SystemDriver.Name="dg_ssudbus" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat" LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol" LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidspi" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice" LoadOrderGroup.Name="System" - SystemDriver.Name="HwNClx0101" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd" LoadOrderGroup.Name="Video" - SystemDriver.Name="HyperVideo" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt" LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2_BXT_P" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2_CNL" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2_GLK" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C_BXT_P" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C_CNL" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C_GLK" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAVC" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="IMFEFSFileControl" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="ImfHpFileFilter" LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelpmax" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="iTopEDFileFilter" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ItSas35i" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic" LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD" LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv" LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbhost" LoadOrderGroup.Name="Base" - SystemDriver.Name="mausbip" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas35i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr" LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge" LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM" LoadOrderGroup.Name="Network" - SystemDriver.Name="MsQuic" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig" LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr" LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy" LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="netvsc" LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="Ntfs" LoadOrderGroup.Name="Base" - SystemDriver.Name="Null" LoadOrderGroup.Name="Primary Disk" - SystemDriver.Name="nvdimm" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor" LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia" LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="portcfg" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched" LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd" LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFS" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="RFCOMM" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="rhproxy" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr" LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial" LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SmartSAMD" LoadOrderGroup.Name="Hyper-V Parsers" - SystemDriver.Name="spaceparser" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="SpatialGraphFilter" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2" LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme" LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt" LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="Telemetry" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmUcsiCx0101" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea" LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub" LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci" LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp" LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Vid" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmci" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="vmkbd3" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="VMnetAdapter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="VMnetBridge" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="VMnetuserif" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="vmx86" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vsock" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs" LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter" LoadOrderGroup.Name="base" - SystemDriver.Name="WdmCompanionFilter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi" LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl" LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf" LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip" LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AscFileFilter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="netprotection_network_filter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="netprotection_network_filter2" LoadOrderGroup.Name="Early-Launch" - SystemDriver.Name="rtp_elam" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="rtp_filter" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="rtp_filesystem_filter" LoadOrderGroup.Name="FSFilter Content Screener" - SystemDriver.Name="BdSentry" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="BdNet" ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvdimm (@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver) -> System32\drivers\nvdimm.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pmem (@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver) -> System32\drivers\pmem.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Telemetry (@intelta.inf,%Telemetry.SVCDESC%;Intel(R) Telemetry Service) -> System32\drivers\IntelTA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vmci (@oem7.inf,%loc.vmciServiceDisplayName%;VMware VMCI Bus Driver) -> System32\drivers\vmci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - vsock (vSockets Virtual Machine Communication Interface Sockets driver) -> system32\DRIVERS\vsock.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - rtp_elam (rtp_elam) -> system32\DRIVERS\rtp_elam.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - BdNet (Avira Network Filter) -> system32\DRIVERS\BdNet.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_fc93ae411c02f280\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ed345fdc37d65139\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - CimFS () -> (?) - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Vid () -> \SystemRoot\System32\drivers\Vid.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vmkbd3 (VMware Input Filter and Injection Driver (vmkbd)) -> \SystemRoot\system32\DRIVERS\vmkbd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ws2ifsl (Windows Socket 2.0 Non-IFS Service Provider Support Environment) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - netprotection_network_filter (netprotection_network_filter) -> System32\drivers\netprotection_network_filter.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - rtp_traverse (rtp_traverse) -> \SystemRoot\system32\DRIVERS\rtp_traverse.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - rtp_process_monitor (rtp_process_monitor) -> \SystemRoot\system32\DRIVERS\rtp_process_monitor.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rtp_filter (rtp_filter) -> system32\DRIVERS\rtp_filter.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - BdSentry (Avira Sentry Driver) -> system32\DRIVERS\BdSentry.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - bindflt (@%systemroot%\system32\drivers\bindflt.sys,-100) -> \SystemRoot\system32\drivers\bindflt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - hcmon (VMware hcmon) -> \SystemRoot\system32\DRIVERS\hcmon.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - iTopEDFileFilter (iTopEDFileFilter) -> \??\C:\Program Files\iTop Easy Desktop\iTopEDFileFilter.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - VMnetBridge (@oem5.inf,%VMware_Desc%;VMware Bridge Protocol) -> \SystemRoot\system32\DRIVERS\vmnetbridge.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - VMnetuserif (VMware Virtual Ethernet Userif for VMnet) -> \SystemRoot\system32\DRIVERS\vmnetuserif.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - vmx86 (VMware vmx86) -> \SystemRoot\system32\DRIVERS\vmx86.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - rtp_filesystem_filter (rtp_filesystem_filter) -> system32\DRIVERS\rtp_filesystem_filter.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Acx01000 (@%SystemRoot%\system32\drivers\Acx01000.sys,-1000) -> system32\drivers\Acx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - amdgpio2 (@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver) -> \SystemRoot\System32\drivers\amdgpio2.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - amdi2c (@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service) -> \SystemRoot\System32\drivers\amdi2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ampa (ampa) -> \??\C:\Windows\system32\ampa.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AppleLowerFilter (@oem10.inf,%AppleLowerFilterDisplayName%;Apple Lower Filter Driver) -> \SystemRoot\System32\drivers\AppleLowerFilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - bowser (@%systemroot%\system32\wkssvc.dll,-2001) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - BthA2dp (@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver) -> \SystemRoot\System32\drivers\BthA2dp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthEnum (@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service) -> \SystemRoot\System32\drivers\BthEnum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthHFEnum (@microsoft_bluetooth_hfp.inf,%BTHHFENUM_DISPLAY_NAME%;Microsoft Bluetooth Hands-Free Profile driver) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthLEEnum (@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver) -> \SystemRoot\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthMini (@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver) -> \SystemRoot\System32\drivers\BTHMINI.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BTHPORT (@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver) -> \SystemRoot\System32\drivers\BTHport.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BTHUSB (@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver) -> \SystemRoot\System32\drivers\BTHUSB.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - CAD (@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver) -> \SystemRoot\System32\drivers\CAD.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - cpuz154 (cpuz154) -> \??\C:\Windows\temp\cpuz154\cpuz154_x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ddmdrv (ddmdrv) -> \??\C:\Windows\system32\ddmdrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - dg_ssudbus (@oem8.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudbus2.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\System32\drivers\drmkaud.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service) -> \SystemRoot\System32\drivers\HdAudio.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidspi (@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver) -> \SystemRoot\System32\drivers\hidspi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HwNClx0101 (Microsoft Hardware Notifications Class Extension Driver) -> System32\Drivers\mshwnclx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HyperVideo () -> \SystemRoot\System32\drivers\HyperVideo.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_GPIO2_BXT_P (@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_GPIO2_CNL (@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_CNL.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_GPIO2_GLK (@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2_GLK.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_I2C_BXT_P (@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C_BXT_P.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_I2C_CNL (@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C_CNL.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_I2C_GLK (@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C_GLK.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - intelpmax (@intelpmax.inf,%SvcDesc%;Intel(R) Dynamic Device Peak Power Manager Driver) -> \SystemRoot\System32\drivers\intelpmax.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - iobit_monitor_server2021 (iobit_monitor_server2021) -> \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPT () -> \SystemRoot\System32\drivers\ipt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\System32\drivers\L1C63x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - mausbhost (@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver) -> \SystemRoot\System32\drivers\mausbhost.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mausbip (@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver) -> \SystemRoot\System32\drivers\mausbip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MbbCx (MBB Network Adapter Class Extension) -> system32\drivers\MbbCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Microsoft_Bluetooth_AvrcpTransport (@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver) -> \SystemRoot\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\System32\drivers\MSKSSRV.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\System32\drivers\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\System32\drivers\MSPQM.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - MsQuic (@%SystemRoot%\system32\drivers\msquic.sys,-1) -> system32\drivers\msquic.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\System32\drivers\MSTEE.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NDKPing (NDKPing Driver) -> system32\drivers\NDKPing.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ndproxy (@%SystemRoot%\system32\drivers\ndproxy.sys,-6000) -> System32\DRIVERS\NDProxy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - netvsc () -> \SystemRoot\System32\drivers\netvsc.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - Ntfs () -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - PktMon (Packet Monitor Driver) -> system32\drivers\PktMon.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - PNPMEM (@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver) -> \SystemRoot\System32\drivers\pnpmem.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - portcfg () -> \SystemRoot\System32\drivers\portcfg.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - ReFS () -> (?) - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - ReFSv1 () -> (?) - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RFCOMM (@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI)) -> \SystemRoot\System32\drivers\rfcomm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - rhproxy (@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver) -> \SystemRoot\System32\drivers\rhproxy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SDFRd (@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector) -> \SystemRoot\System32\drivers\SDFRd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - spaceparser (@%systemroot%\system32\drivers\spaceparser.sys,-1001) -> system32\drivers\spaceparser.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SpatialGraphFilter (Holographic Spatial Graph Filter) -> System32\drivers\SpatialGraphFilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ssudmdm (@oem9.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudmdm.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TsUsbFlt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> system32\drivers\tsusbflt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - tunnel (@%SystemRoot%\System32\drivers\tunnel.sys,-500) -> System32\drivers\tunnel.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmUcsiAcpiClient (@UcmUcsiAcpiClient.inf,%UcmUcsiAcpiClient.ServiceName%;UCM-UCSI ACPI Client) -> \SystemRoot\System32\drivers\UcmUcsiAcpiClient.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmUcsiCx0101 (UCM-UCSI KMDF Class Extension) -> System32\Drivers\UcmUcsiCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbaudio2 (@usbaudio2.inf,%usbaudio2.SVCDESC%;USB Audio 2.0 Service) -> \SystemRoot\System32\drivers\usbaudio2.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbvideo (@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM)) -> \SystemRoot\System32\Drivers\usbvideo.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vhf (@hidvhf.inf,%VhfService%;Virtual HID Framework (VHF) Driver) -> \SystemRoot\System32\drivers\vhf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - VirtualRender () -> \SystemRoot\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - VMnetAdapter (@oem6.inf,%VMnetAdapter.Service.DispName%;VMware Virtual Ethernet Adapter Driver) -> \SystemRoot\system32\DRIVERS\vmnetadapter.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdmCompanionFilter (@%SystemRoot%\system32\drivers\WdmCompanionFilter.sys,-1000) -> system32\drivers\WdmCompanionFilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\drivers\wd\WdNisDrv.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinNat (@%SystemRoot%\system32\drivers\winnat.sys,-10001) -> system32\drivers\winnat.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WINUSB (@winusb.inf,%WINUSB_SvcName%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WUDFWpdFs (@wpdfs.inf,%WPDFS_SvcName%;WPD File System driver) -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - AscFileFilter (AscFileFilter) -> \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscFileFilter.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - AscRegistryFilter (AscRegistryFilter) -> \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\AscRegistryFilter.sys - AcceptPause: False - AcceptStop: True S4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: False S4 - [Kernel Driver] - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys - AcceptPause: False - AcceptStop: False S4 - [Kernel Driver] - hvcrash () -> \SystemRoot\System32\drivers\hvcrash.sys - AcceptPause: False - AcceptStop: False R4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: True S4 - [Kernel Driver] - VerifierExt (@%SystemRoot%\System32\drivers\VerifierExt.sys,-1000) -> System32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-1064503503-3167082132-3616807767-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b] : (balenaEtcher 1.14.3.-.Balena Inc.) -> "C:\Users\lfshy\AppData\Local\Programs\balena-etcher\Uninstall balenaEtcher.exe" /currentuser ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\iTop PDF_is1] : (iTop PDF.-.iTop Inc.) -> "C:\Program Files\iTop PDF\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\RFA11_is1] : (Registry First Aid 11.-.RoseCitySoftware) -> "g:\Program Files\RFA 11\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0E992720-1330-4AB3-8155-255F79785535}] : (VMware Workstation.-.VMware, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7366CA8-7179-77AE-E712-BA18D70A0A07}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Advanced SystemCare_is1] : (Advanced SystemCare.-.IObit) -> "C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ALToolBar_is1] : (ALToolBar.-.ESTsoft Corp.) -> C:\Program Files (x86)\ESTsoft\ALToolBar\unins000.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Driver Booster_is1] : (Driver Booster 10.-.IObit) -> "C:\Program Files (x86)\IObit\Driver Booster\10.3.0\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Software Updater_is1] : (IObit Software Updater.-.IObit) -> "C:\Program Files (x86)\IObit\Software Updater\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop Easy Desktop_is1] : (iTop Easy Desktop.-.iTop Inc.) -> "C:\Program Files\iTop Easy Desktop\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop Private Browser_is1] : (iTop Private Browser.-.iTop Inc.) -> "C:\Program Files\iTop Private Browser\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop VPN_is1] : (iTop VPN.-.iTop Inc.) -> "C:\Program Files (x86)\iTop VPN\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xilisoft YouTube Vidéo Téléchargeur] : (Xilisoft YouTube Vidéo Téléchargeur.-.Xilisoft) -> C:\Program Files (x86)\Xilisoft\Download YouTube Video\Uninstall.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{07326A3E-02B3-1078-25D7-B8666BA8FE15}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AD99E77-37CC-744E-39CA-67F6FD34565A}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{82CA1714-13EA-F419-91FE-12834424745E}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B839153C-D4D2-F89C-5033-0A160C62706B}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1EA3764-1138-AE27-AD63-549BAD99BA15}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E1252473-6306-4d5d-904D-B06AA7F38161}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E817E580-6318-AFC8-2102-322C73117EC4}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F77474EE-EB6C-C87B-88AF-3310C848E068}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> ---------- | Ports ---------- | Microsoft Specifications CheckID: ParPort0{0E992720-1330-4AB3-8155-255F79785535} - PARPORT_EXISTS=0 -> ParPort ---------- | CLSID (Whitelist) [HKCR\CLSID\{043B13A3-C479-48AF-9E98-E9F08A411670}] - (.-.) - C:\Windows\SysWOW64\UpdateDeploymentProvider.dll [HKCR\CLSID\{15E8169D-7633-48F1-8690-52AE8EB3F3C1}] - (.ⓒ ESTsoft Corporation. - ALToolbar IE band Module.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_4260.dll [02/06/2022 05:52:04] [HKCR\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}] - (.-.) - %windir%\system32\btpanui.dll [HKCR\CLSID\{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}] - (.-.) - C:\Windows\SysWOW64\speech_onecore\engines\tts\MSTTSEngine_OneCore.dll [22/04/2023 06:54:15] [HKCR\CLSID\{181A38F4-6CE6-4edc-8DB0-6E5631963A1E}] - (.-.) - C:\Windows\SysWOW64\LocationFramework.dll [HKCR\CLSID\{1965FEA3-3896-438B-B789-F5981797E7E7}] - (.-.) - C:\Windows\SysWOW64\MapsBtSvcProxy.dll [HKCR\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{206FA6D0-A493-41FA-943D-3F655088F7B9}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}] - (.-.) - "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\X86\MpOav.dll" [HKCR\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{2FBBDF8C-9E54-437E-8B79-346C3FD2B4E2}] - (.ⓒ ESTsoft Corporation. - ALToolbar IE band Module.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_4260.dll [02/06/2022 05:52:04] [HKCR\CLSID\{2FE8F810-B2A5-11d0-A787-0000F803ABFC}] - (.-.) - C:\Windows\system32\dplayx.dll [HKCR\CLSID\{363BE3C0-DDD4-4B21-BC6D-7E9DF8CE19CB}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{38FBE93D-4CA1-4414-AF6A-94920C5BD8DA}] - (.ⓒ ESTsoft Corporation. - ALToolBar.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_4260.dll [02/06/2022 05:52:08] [HKCR\CLSID\{3A84F9C2-6164-485C-A7D9-4B27F8AC009E}] - (.-.) - C:\Program Files (x86)\Microsoft\Edge\Application\112.0.1722.68\PdfPreview\PdfPreviewHandler.dll [04/05/2023 08:56:45] [HKCR\CLSID\{3F052B8E-512B-419D-9E06-9B9ADDC7118C}] - (.-.) - C:\Windows\SysWOW64\MapsCSP.dll [HKCR\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{4516EC43-8F20-11D0-9B6D-0000C0781BC3}] - (.-.) - C:\Windows\system32\d3dxof.dll [HKCR\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}] - (.-.) - %windir%\system32\acppage.dll [HKCR\CLSID\{5DE7918B-BFD7-4C1E-B4E0-B16D0A3EA76B}] - (.-.) - C:\Windows\SysWOW64\AuthHostProxy.dll [HKCR\CLSID\{5EB699B3-9296-41BA-9258-DE70F03B7D6C}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}] - (.-.) - C:\Windows\system32\audiodev.dll [HKCR\CLSID\{663e1a94-a37e-4e8a-9e55-5354b2139790}] - (.-.) - C:\Windows\SysWOW64\EsclWiaDriver.dll [HKCR\CLSID\{6FBD442F-BAB8-470E-969A-F7073BC08E88}] - (.-.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\ASZUAC.DLL [05/05/2023 14:12:32] [HKCR\CLSID\{79BA9E00-B6EE-11D1-86BE-00C04FBF8FEF}] - (.-.) - C:\Windows\System32\dmband.dll [HKCR\CLSID\{7F1A79F9-78D1-4186-9F60-EE0B63DF042A}] - (.ⓒ ESTsoft Corporation. - ALToolBar.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBar_4260.dll [02/06/2022 05:52:08] [HKCR\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{8685C4A9-D0E4-444C-87A0-D9FB858235A7}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{882BC1E4-C79E-475D-8CC7-CC8D112FDB17}] - (.-.) - C:\Windows\SysWOW64\RMSRoamingSecurity.dll [HKCR\CLSID\{95BD18C1-D7FB-4BD3-839A-1C37C90131B1}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{97012808-1848-4ADA-904C-7AE32263E2B6}] - (.- Ashampoo Zip Pro.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\aszoutlook.dll [05/05/2023 14:15:12] [HKCR\CLSID\{973F6B07-9147-459f-9ABE-34BF2E9A927A}] - (.ⓒ ESTsoft Corporation. - ALToolbar IE band Module.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_4260.dll [02/06/2022 05:52:04] [HKCR\CLSID\{994B3B2F-2880-4318-A583-15C38A01F571}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{A020FAD9-D661-4857-AA43-E6A86FF1163E}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}] - (.-.) - %windir%\system32\btpanui.dll [HKCR\CLSID\{A82536D7-C8E6-4CEF-AA66-11E97EDDFC6D}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{AAB48CA0-4229-4127-8BD7-A17049A49CC9}] - (.- Ashampoo Zip Pro.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\aszoutlook.dll [05/05/2023 14:15:12] [HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}] - (.-.) - C:\PROGRA~2\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [HKCR\CLSID\{C05D20C2-15E5-4567-95C7-1546EF9C52F3}] - (.-.) - C:\Windows\SysWOW64\windows.applicationmodel.conversationalagent.proxystub.dll [07/12/2019 11:09:11] [HKCR\CLSID\{C5621364-87CC-4731-8947-929CAE75323E}] - (.-.) - %windir%\system32\F12\msdbg2.dll [HKCR\CLSID\{C64501F6-E6E6-451f-A150-25D0839BC510}] - (.-.) - C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll [22/04/2023 06:53:39] [HKCR\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{CDAEB70C-E686-4299-93EB-7D63D77B7F63}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{D13D3E68-0F44-3D45-B15F-BCFD8A8B4C7E}] - (.- ASZSHLEXT64.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\ASZSHLEXT.DLL [05/05/2023 14:15:32] [HKCR\CLSID\{D13D3E69-0F44-3D45-B15F-BCFD8A8B4C7E}] - (.- ASZSHLEXT64.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\ASZSHLEXT.DLL [05/05/2023 14:15:32] [HKCR\CLSID\{D13D3E6A-0F44-3D45-B15F-BCFD8A8B4C7E}] - (.- ASZSHLEXT64.) - d:\PROGRA~1\Ashampoo\Ashampoo ZIP Pro 4\ASZSHLEXT.DLL [05/05/2023 14:15:32] [HKCR\CLSID\{D1EB6D20-8923-11d0-9D97-00A0C90A43CB}] - (.-.) - C:\Windows\system32\dplayx.dll [HKCR\CLSID\{D2AC2894-B39B-11D1-8704-00600893B1BD}] - (.-.) - C:\Windows\System32\dmband.dll [HKCR\CLSID\{D3075F87-A7BD-4231-9F6A-60C5E07374A7}] - (.-.) - %windir%\system32\acppage.dll [HKCR\CLSID\{D5B6A1A1-6B5C-45d0-9298-B4CFF1A1974D}] - (.ⓒ ESTsoft Corporation. - ALToolbar IE band Module.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_4260.dll [02/06/2022 05:52:04] [HKCR\CLSID\{D6FCA954-F7AE-4EAC-8783-85F5E4ABD840}] - (.-.) - %windir%\system32\F12\pdmproxy100.dll [HKCR\CLSID\{D8E090A5-4149-467D-8103-BFB8F51E8BCB}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{DACE006F-9846-4D70-A0BE-6EF90FA99392}] - (.-.) - C:\Windows\SysWOW64\windows.applicationmodel.conversationalagent.internal.proxystub.dll [07/12/2019 11:09:11] [HKCR\CLSID\{DF16F419-058B-4766-AA1B-BC65AC07AE59}] - (.ⓒ ESTsoft Corporation. - ALToolbar IE band Module.) - C:\Program Files (x86)\ESTsoft\ALToolBar\ALToolBand_4260.dll [02/06/2022 05:52:04] [HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll [HKCR\CLSID\{e8cc4cbf-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll [HKCR\CLSID\{EBF2320A-2502-11D3-8BD1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll [HKCR\CLSID\{FA6C507D-A9AF-4385-86C0-80115F0AE20B}] - (.-.) - C:\Windows\SysWOW64\PerceptionSimulationExtensions.dll [HKCR\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}] - (.-.) - %windir%\system32\amsi.dll ---------- | Installer [HKCR\Installer\Products\027299E003313BA4185552F597875553] : VMware Workstation [HKCR\Installer\Products\085E718E81368CFA122023C23711E74C] : CCC Help Polish -> C:\Windows\Installer\{E817E580-6318-AFC8-2102-322C73117EC4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0D4A6A5A500250A2E212948580FC59DE] : CCC Help Norwegian -> C:\Windows\Installer\{A5A6A4D0-2005-2A05-2E21-495808CF95ED}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0F76E360892CA2A8F06A481C35224A0E] : ccc-utility64 -> C:\Windows\Installer\{063E67F0-C298-8A2A-0FA6-84C15322A4E0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1D5F27E1E3559FFC603AC8A55F70DDC1] : CCC Help French -> C:\Windows\Installer\{1E72F5D1-553E-CFF9-06A3-8C5AF507DD1C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\241A5D4605DBE627DEE92D05D8A2712E] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{64D5A142-BD50-726E-ED9E-D2508D2A17E2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\37E58BB129D0A406A0FA7CAA5D3E3A6C] : CCC Help English -> C:\Windows\Installer\{1BB85E73-0D92-604A-0AAF-C7AAD5E3A3C6}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3A56CBC8BA0456EDC21B99A7DB8ADF86] : CCC Help Turkish -> C:\Windows\Installer\{8CBC65A3-40AB-DE65-2CB1-997ABDA8FD68}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3C1BCDF6CDE9CBC374C3DD58DEE54049] : CCC Help German -> C:\Windows\Installer\{6FDCB1C3-9EDC-3CBC-473C-DD85ED5E0494}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4171AC28AE31914F19EF2138444247E5] : CCC Help Italian -> C:\Windows\Installer\{82CA1714-13EA-F419-91FE-12834424745E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4673AE1C831172EADA3645B9DA99AB51] : CCC Help Japanese -> C:\Windows\Installer\{C1EA3764-1138-AE27-AD63-549BAD99BA15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\554590D7179DC4D4E9DFA96F6A85F4A3] : Bing Desktop -> C:\Windows\Installer\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}\icon.ico [HKCR\Installer\Products\59EBDD8FEBCD5B303595ED631041E612] : CCC Help Danish -> C:\Windows\Installer\{F8DDBE95-DCBE-03B5-5359-DE3601146E21}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5E16E053C2C6C3F2A341E790A46B3D0A] : CCC Help Spanish -> C:\Windows\Installer\{350E61E5-6C2C-2F3C-3A14-7E094AB6D3A0}\ARPPRODUCTICON.exe [HKCR\Installer\Products\66122D971C874DA2407EDB22DB85DF64] : CCC Help Chinese Traditional -> C:\Windows\Installer\{79D22166-78C1-2AD4-04E7-BD22BD58FD46}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68ADF0FAB7E6C6A1154D34FA0581E12D] : AMD Catalyst Control Center -> C:\Windows\Installer\{AF0FDA86-6E7B-1A6C-51D4-43AF50181ED2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\72BCCFF8D2EEF85DA5DBDEC5609BE118] : CCC Help Swedish -> C:\Windows\Installer\{8FFCCB27-EE2D-D58F-5ABD-ED5C06B91E81}\ARPPRODUCTICON.exe [HKCR\Installer\Products\77E99DA1CC73E44793AC766FDF4365A5] : Catalyst Control Center Localization All -> C:\Windows\Installer\{1AD99E77-37CC-744E-39CA-67F6FD34565A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\797ECA52ADBEB4E090F6F99EA7E1A2F6] : CCC Help Russian -> C:\Windows\Installer\{25ACE797-EBDA-0E4B-096F-9FE97A1E2A6F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8AC6637E9717EA777E21AB817DA0A070] : AMD Fuel -> C:\Windows\Installer\{E7366CA8-7179-77AE-E712-BA18D70A0A07}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8BA31D3CA8644710D160BDA9EAA831B1] : CCC Help Czech -> C:\Windows\Installer\{C3D13AB8-468A-0174-1D06-DB9AAE8A131B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A748067A9D4CFE7E17F6706CBC6F1B74] : CCC Help Thai -> C:\Windows\Installer\{A760847A-C4D9-E7EF-716F-07C6CBF6B147}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C0DBE580E42F49BED633A222FE465CFC] : CCC Help Finnish -> C:\Windows\Installer\{085EBD0C-F24E-EB94-6D33-2A22EF64C5CF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C351938B2D4DC98F0533A061C02607B6] : CCC Help Portuguese -> C:\Windows\Installer\{B839153C-D4D2-F89C-5033-0A160C62706B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C51E70D24A9A6D8D3D1729CE78975E78] : CCC Help Hungarian -> C:\Windows\Installer\{2D07E15C-A9A4-D8D6-D371-92EC8779E587}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DED17A5318AD313153A2CEA8B072FDB3] : CCC Help Chinese Standard -> C:\Windows\Installer\{35A71DED-DA81-1313-352A-EC8A0B27DF3B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E3A623703B208701527D8B66B68AEF51] : CCC Help Korean -> C:\Windows\Installer\{07326A3E-02B3-1078-25D7-B8666BA8FE15}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EE47477FC6BEB78C88FA33018C840E86] : CCC Help Greek -> C:\Windows\Installer\{F77474EE-EB6C-C87B-88AF-3310C848E068}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F75D59AC3CF97DD0C76363F2478D0CE4] : CCC Help Dutch -> C:\Windows\Installer\{CA95D57F-9FC3-0DD7-7C36-362F74D8C04E}\ARPPRODUCTICON.exe ---------- | ADS Detected : C:\ProgramData\Temp:1CE11B51 ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Error while updating status to SECURITY_PRODUCT_STATE_ON. ------------ Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary IMFCameraProtect. System Error: The system cannot find the file specified. . ------------ Security Center failed to validate caller with error DC040780. ------------ Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet ------------ The program SearchApp.exe version 10.0.19041.2788 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1ba0 Start Time: 01d98025de4ebdd8 Termination Time: 4294967295 Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Report Id: 8ee82707-57df-4200-9e8c-405ba5a10f83 Faulting package full name: Microsoft.Windows.Search_1.14.9.19041_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: ShellFeedsUI Hang type: Quiesce ------------ Faulting application name: HDDC3Service.exe, version: 0.0.0.0, time stamp: 0x57d7f525 Faulting module name: HDDC3Service.exe, version: 0.0.0.0, time stamp: 0x57d7f525 Exception code: 0xc0000005 Fault offset: 0x00024bd3 Faulting process id: 0xfd0 Faulting application start time: 0x01d9801e57d9f3f4 Faulting application path: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe Faulting module path: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe Report Id: f46c30bc-8b1c-45a9-b05e-f933b0d7b6b9 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: Explorer.EXE, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc000041d Fault offset: 0x00000000004afe66 Faulting process id: 0x1998 Faulting application start time: 0x01d98020c5f3ef57 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: 813ce1a4-03e4-454f-9424-fb14046c00d3 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: Explorer.EXE, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc0000005 Fault offset: 0x00000000004afe66 Faulting process id: 0x1998 Faulting application start time: 0x01d98020c5f3ef57 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: 07d5e839-ea2f-40fa-a9f5-c7a84001d2f3 Faulting package full name: Faulting package-relative application ID: ------------ wuaueng.dll (4224,R,98) SUS20ClientDataStore: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb00009.log. ------------ Faulting application name: NisSrv.exe, version: 4.18.2304.8, time stamp: 0x3c012ca8 Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf Exception code: 0xc0000409 Fault offset: 0x000000000007286e Faulting process id: 0xff0 Faulting application start time: 0x01d9801c5f8d4747 Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe Faulting module path: C:\Windows\SYSTEM32\ucrtbase.dll Report Id: c26e8e18-e9f9-45d6-a243-379e2e3c65e4 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: Avira.VpnService.exe, version: 2.41.1.25731, time stamp: 0x62444a67 Faulting module name: mscoreei.dll, version: 4.8.4180.0, time stamp: 0x5e7d1fe7 Exception code: 0xc00000fd Fault offset: 0x0000000000001566 Faulting process id: 0x1d2c Faulting application start time: 0x01d97f3807091e62 Faulting application path: C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll Report Id: 2cd7b31f-78c2-41ed-bba6-b31f43912b44 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: HDDC3Service.exe, version: 0.0.0.0, time stamp: 0x57d7f525 Faulting module name: HDDC3Service.exe, version: 0.0.0.0, time stamp: 0x57d7f525 Exception code: 0xc0000005 Fault offset: 0x00024bd3 Faulting process id: 0xd88 Faulting application start time: 0x01d97f60dd6b2dda Faulting application path: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe Faulting module path: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 3\HDDC3Service.exe Report Id: f36dd459-a922-4ea7-8aca-1b9e8469c2ac Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: explorer.exe, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc000041d Fault offset: 0x00000000004afe66 Faulting process id: 0x2e34 Faulting application start time: 0x01d97f4a981bd44f Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: 65cf4c17-02d7-410c-b375-a62ed331b703 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: explorer.exe, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc0000005 Fault offset: 0x00000000004afe66 Faulting process id: 0x2e34 Faulting application start time: 0x01d97f4a981bd44f Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: 932b66ae-e9aa-432e-9cda-6aa2694c568a Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x00007fff9285fe66 Faulting process id: 0x176c Faulting application start time: 0x01d97f4a80380afb Faulting application path: bad_module_info Faulting module path: unknown Report Id: 20bddf3e-8579-49db-82eb-08eb2aa86866 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: explorer.exe, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc0000005 Fault offset: 0x00000000004afe66 Faulting process id: 0x176c Faulting application start time: 0x01d97f4a80380afb Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: 5118fefe-9a4e-4bef-87a2-81953a375db6 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: explorer.exe, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc0000005 Fault offset: 0x00000000004afe66 Faulting process id: 0xde4 Faulting application start time: 0x01d97f4a5bd092b2 Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: faab277d-ac82-4d44-b27c-760179c4508b Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: explorer.exe, version: 10.0.19041.2846, time stamp: 0xa24c72e0 Faulting module name: SHELL32.dll, version: 10.0.19041.2788, time stamp: 0x18db2b76 Exception code: 0xc0000005 Fault offset: 0x00000000004afe66 Faulting process id: 0x1ae4 Faulting application start time: 0x01d97f4a40442a41 Faulting application path: C:\Windows\explorer.exe Faulting module path: C:\Windows\System32\SHELL32.dll Report Id: c3bc1a1f-0074-4c8f-9508-ddf485f48faa Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc000041d Fault offset: 0x00007fff9285fe66 Faulting process id: 0x1448 Faulting application start time: 0x01d97f4a23d9ab5e Faulting application path: bad_module_info Faulting module path: unknown Report Id: d5b75137-e4ed-4422-b6d0-91fa0b4d0a75 Faulting package full name: Faulting package-relative application ID: ------------ ----------( EOF)---------- - 7050 | 23:19:45