d:\users\twist\onedrive\bureau\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK
e:\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Control Panel\Desktop]
"DragHeight"=4   
"CoolSwitchColumns"=7   
"ActiveWndTrackTimeout"=0   
"MouseCornerClipLength"=6   
"MouseMonitorEscapeSpeed"=0   
"DragWidth"=4   
"WallpaperStyle"=10   
"ScreenSaveActive"=1   
"TileWallpaper"=0   
"WheelScrollLines"=3   
"Pattern"=0   
"FontSmoothingType"=2   
"WindowArrangementActive"=1   
"BlockSendInputResets"=0   
"MenuShowDelay"=0   
"ClickLockTime"=1200   
"CaretWidth"=1   
"FocusBorderWidth"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"DragFullWindows"=1   
"CoolSwitchRows"=3   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"ForegroundLockTimeout"=0   
"FontSmoothingGamma"=0   
"DragFromMaximize"=1   
"FontSmoothing"=2   
"FocusBorderHeight"=1   
"WheelScrollChars"=3   
"DockMoving"=1   
"SnapSizing"=1   
"CursorBlinkRate"=530   
"MouseWheelRouting"=1   
"RightOverlapChars"=3   
"FontSmoothingOrientation"=1   
"PaintDesktopVersion"=0   
"Win8DpiScaling"=0   
"UserPreferencesMask"=0x9E1E078012000000   
"TranscodedImageCount"=1   
"MaxVirtualDesktopDimension"=1920   
"MaxMonitorDimension"=1920   
"LastUpdated"=4294967295   
"Wallpaper"=C:\Users\3rem_juin_tournage\Pictures\Untitled.png   [01/06/2023 09:42:15]
"TranscodedImageCache"=0x7AC301002B86000080040000F4020000D261B1955C94D90143003A005C00550073006500720073005C003300720065006D005F006A00750069006E005F0074006F00750072006E006100670065005C00500069006300740075007200650073005C0055006E007400690074006C00650064002E0070006E006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoEndTasks"=1   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiskSpaceChecks"=1   
"NoDriveTypeAutoRun"=181   

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"UserSignedIn"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"AppReadinessLogonComplete"=1   
"Browse For Folder Width"=318   
"Browse For Folder Height"=328   
"SIDUpdatedOnLibraries"=1   
"GlobalAssocChangedCounter"=20   
"DesktopProcess"=1   

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"StoreAppsOnTaskbar"=1   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"StartMenuInit"=6   
"ListviewAlphaSelect"=0   
"ListviewShadow"=1   
"TaskbarAnimations"=0   
"ReindexedProfile"=1   
"ExtendedUIHoverTime"=0   
"AlwaysShowMenus"=1   
"DesktopLivePreviewHoverTime"=0   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=5   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=0   
"NoActiveDesktop"=0   
"NoInternetOpenWith"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=38   
"SmartScreenEnabled"=RequireAdmin   
"Max Cached Icons"=2000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=5   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=0   
"NoActiveDesktop"=0   
"NoInternetOpenWith"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0   
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=14   
"Max Cached Icons"=2000   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;SkyDrive;Work Folders   
"BuildNumber"=9600   
"FirstLogon"=0   
"ParseAutoexec"=1   
"AutoRestartShell"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=C:\Windows\system32\userinit.exe,   
"LegalNoticeText"=   
"Shell"=explorer.exe   
"LegalNoticeCaption"=   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"ReportBootOk"=1   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"Background"=0 0 0   
"PasswordExpiryWarning"=5   
"CachedLogonsCount"=10   
"WinStationsDisabled"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"scremoveoption"=0   
"DisableCAD"=1   
"ShutdownFlags"=39   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-32   
"LastUsedUsername"=   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=C:\Windows\SYSWOW64\userinit.exe,   
"Shell"=explorer.exe   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"DefaultDomainName"=   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultUserName"=   
"AutoRestartShell"=1   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\iTop Private Browser\Shell\open\Command]
""=c:\\program files\\itop private browser\\iTopBrowser.exe   
[HKLM\Software\Clients\StartMenuInternet\iTop Private Browser\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\Clients\StartMenuInternet\UCBrowser\Shell\open\Command]
""="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"   
[HKLM\Software\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Waterfox-6F940AC27A98DD61\Shell\open\Command]
""="C:\Program Files\Waterfox\waterfox.exe"   
[HKLM\Software\Clients\StartMenuInternet\Waterfox-6F940AC27A98DD61\InstallInfo]
"ReinstallCommand"="C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\iTop Private Browser\Shell\open\Command]
""=c:\\program files\\itop private browser\\iTopBrowser.exe   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\iTop Private Browser\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\UCBrowser\Shell\open\Command]
""="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Waterfox-6F940AC27A98DD61\Shell\open\Command]
""="C:\Program Files\Waterfox\waterfox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Waterfox-6F940AC27A98DD61\InstallInfo]
"ReinstallCommand"="C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal


---------- | AppcompatFlags

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000A0550A0004710A0001000000000000000000030600210000B395E7CF049FCE010000000100000000
"C:\Users\3rem_juin_tournage\Downloads\DoNotSpy78-1.1.0.1-Setup.exe"=0x5341435001000000000000000700000028000000E0E31D00FD381E0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000CD598D01000000000100000001000000
"C:\Users\3rem_juin_tournage\AppData\Local\Temp\Temp1_resizer-free.zip\resizer-free.exe"=0x5341435001000000000000000700000028000000B85DBA006EFABA0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000B8D48A01000000000100000001000000
"C:\Program Files\IM-Magic\Partition Resizer\dm.resizer.exe"=0x534143500100000000000000070000002800000028E412017C81130101000000000000000000030673220000B395E7CF049FCE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000401A3B06000000000200000002000000
"C:\Program Files (x86)\Auslogics\Windows Slimmer\Integrator.exe"=0x534143500100000000000000070000002800000008235800940C590001000000000000000000030600210000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000068661B00000000000100000001000000
"C:\Program Files\GridinSoft Anti-Malware\gsam.exe"=0x5341435001000000000000000700000028000000909D94015638950101000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000CCFF0000000000000100000001000000
"E:\PortableApps\WiseDiskCleanerPortable\App\WiseDiskCleaner\WiseDiskCleaner.exe"=0x534143500100000000000000070000002800000038DEA600B3BCA70001000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000796C0001000000000300000003000000
"C:\Program Files\Wondershare\Wondershare DemoCreator (French)\DemoCreator.exe"=0x5341435001000000000000000700000028000000F096D2005BA3D20001000000000000000000030673220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000002DD2E902000000000100000001000000
"E:\ashampoo_snap_12_12.0.6_sm.exe"=0x5341435001000000000000000700000028000000D8A52008DCB3200801000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Ashampoo\Ashampoo Snap 12\ashsnap.exe"=0x5341435001000000000000000700000028000000D0886100987F620001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000008964FB03000000000400000004000000
"C:\Users\3rem_juin_tournage\Downloads\Morae_Recorder.msi"=0x534143500100000000000000070000002800000000FC0000FB41010001000000000000000000010500100000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000000E350900000000000100000001000000
"C:\Users\3rem_juin_tournage\Downloads\GoodSync-vsub-Setup(1).exe"=0x5341435001000000000000000700000028000000704A0B045BD50B0401000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000007F5B0300000000000100000001000000
"C:\Program Files\Waterfox\waterfox.exe"=0x5341435001000000000000000700000028000000603F090003B8090001000000000000000000030600210000B395E7CF049FCE010000000000000000
"C:\Program Files (x86)\BeeDoctor\BeeDoctor.exe"=0x534143500100000000000000070000002800000050AC07004CDA070001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C2190000000000000100000001000000
"C:\Users\3rem_juin_tournage\Downloads\snagit_2022-1-1_en_66144_64(1).exe"=0x5341435001000000000000000700000028000000E8911114992B121401000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006B120E00000000000100000001000000
"C:\Users\3rem_juin_tournage\Downloads\Ashampoo Backup 2023.exe"=0x5341435001000000000000000700000028000000E8090706E3B3070601000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000005B7D0400000000000100000001000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=130216565553372332
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"DisableAntiSpyware"=0
"ProductType"=2
"ProductStatus"=0
"PreserveInternalLicenseOnUpgrade"=0
"InstallTime"=0x207FF086F691D901

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

[41] More lines

---------- | Ping

Pinging google.com [2a00:1450:4007:813::200e] with 32 bytes of data:
Reply from 2a00:1450:4007:813::200e: time=33ms 
Reply from 2a00:1450:4007:813::200e: time=33ms 
Reply from 2a00:1450:4007:813::200e: time=32ms 
Reply from 2a00:1450:4007:813::200e: time=37ms 

Ping statistics for 2a00:1450:4007:813::200e:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 37ms, Average = 33ms

---------- | @

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Internet Explorer\Main]
"OperationalData"=13
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF580000005800000078030000D8020000
"ImageStoreRandomFolder"=gvvz7kc
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xDE840390DC92D901
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Start Page Redirect Cache"=https://www.msn.com/fr-fr/?ocid=iehp
"Start Page Redirect Cache_TIMESTAMP"=0x8D769E6C8D93D901
"Start Page Redirect Cache AcceptLangs"=fr-FR
"Use FormSuggest"=yes

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=http://youtube.com/

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0x674D8FCCD192D901
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"WarnonZoneCrossing"=0
"SecureProtocols"=2720
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"CertificateRevocation"=1
"MaxConnectionsPerServer"=10
"MaxConnectionsPer1_0Server"=10

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"EnablePunycode"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets

Possible Ramnit : C:\ProgramData\Auslogics\Windows Slimmer\4.x\Reports\System Information_2023-05-30-14-41-57-076.html : 5C57696E646F77735C73797374656D33325C737663686F73742E657865202D6B206E6574737663733C2F7370616E3E3C2F74643E0D0A3C746420636C6173733D

---------- | Notify 


---------- | Execution FileExts













---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [21/11/2014 11:15:49]

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"KnownProvidersUpgradeTime"=0x479D328FDC92D901   
"Version"=4   
"UpgradeTime"=0x738F4990DC92D901   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | ElevationPolicy

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files (x86)\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] :  : C:\Program Files (x86)\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll

---------- | Ext\Stats

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] :  : C:\Program Files (x86)\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] :  : %SystemRoot%\System32\msxml3.dll

---------- | Browser Helper Objects

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] -> (TSC Internet Explorer BHO) : C:\Program Files (x86)\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll  [29/09/2015 22:31:00]

---------- | Chrome


[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\cfmjkokphadmhbenfjjecfbhbbonbjcb]

---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"MoraeFirefoxExtension@techsmith.com"=C:\Program Files (x86)\TechSmith\Morae\BrowserExtensions\Firefox\morae_firefox_extension-1.0-fx-windows.xpi
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.18] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Users\3rem_juin_tournage\AppData\Roaming\Mozilla\Firefox\Profiles\7giesa8h.default-release\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20230522134052");
user_pref("browser.startup.homepage_override.mstone", "113.0.2");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"customizableui-special-spring2\",\"save-to-pocket-button\",\"downloads-button\",\"fxa-toolbar-menu-button\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"developer-button\"],\"dirtyAreaCache\":[\"nav-bar\",\"PersonalToolbar\",\"toolbar-menubar\",\"TabsToolbar\"],\"currentVersion\":19,\"newElementCount\":2}");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", 0);
user_pref("extensions.databaseSchema", 35);
user_pref("extensions.getAddons.cache.lastUpdate", 1685712629);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.lastAppBuildId", "20230522134052");
user_pref("extensions.lastAppVersion", "113.0.2");
user_pref("extensions.lastPlatformVersion", "113.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webcompat.enable_shims", true);
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"2ea5f553-d00a-4b29-ba95-d3ddbb343c39\",\"pictureinpicture@mozilla.org\":\"9ee47c3b-6ad1-494e-afda-c932cef44d01\",\"screenshots@mozilla.org\":\"b8e5716d-d453-43ba-aa4e-ee8e82defea1\",\"webcompat-reporter@mozilla.org\":\"74583be9-906f-4297-bdd1-6b0deefe8914\",\"webcompat@mozilla.org\":\"d1e50e1b-9c6e-4b43-a289-316f284064c9\",\"default-theme@mozilla.org\":\"5a59e9c7-dd0e-47ad-bea6-02fac6435e2f\",\"addons-search-detection@mozilla.com\":\"9019f139-5ce4-4dad-9c2b-ff0d215acc33\",\"google@search.mozilla.org\":\"f6d7e9a3-069b-4321-b93f-289b5a1ebbfb\",\"wikipedia@search.mozilla.org\":\"68fdf599-07d4-4bd8-b1db-15e0fce04257\",\"bing@search.mozilla.org\":\"b3eeafe1-e5f1-425f-9c56-72375185a592\",\"ddg@search.mozilla.org\":\"feb0083f-d480-41a8-a620-07d9edc2978e\",\"ebay@search.mozilla.org\":\"36631918-ccdf-46f1-b098-b72f65902d94\",\"qwant@search.mozilla.org\":\"59c6a54c-bf63-4047-bd84-8c73f0d8eb34\",\"amazon@search.mozilla.org\":\"a30c2407-3737-417c-b89f-5495f47d65b9\"}");

C:\Users\cewbe.securise.pasgm\AppData\Roaming\Mozilla\Firefox\Profiles\4ii3vpav.default-release\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20230522134052");
user_pref("browser.startup.homepage_override.mstone", "113.0.2");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"customizableui-special-spring2\",\"save-to-pocket-button\",\"downloads-button\",\"fxa-toolbar-menu-button\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"developer-button\"],\"dirtyAreaCache\":[\"nav-bar\",\"PersonalToolbar\",\"toolbar-menubar\",\"TabsToolbar\"],\"currentVersion\":19,\"newElementCount\":2}");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", 0);
user_pref("extensions.databaseSchema", 35);
user_pref("extensions.getAddons.cache.lastUpdate", 1685430155);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.lastAppBuildId", "20230522134052");
user_pref("extensions.lastAppVersion", "113.0.2");
user_pref("extensions.lastPlatformVersion", "113.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webcompat.enable_shims", true);
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"df5323ca-a364-4dc3-8501-1288552fb3f6\",\"pictureinpicture@mozilla.org\":\"2261c1da-43d0-44c9-890b-1c46f5edba9c\",\"screenshots@mozilla.org\":\"5483200f-2b82-4753-83ad-a5b1079319a3\",\"webcompat-reporter@mozilla.org\":\"d00e7fc3-1b41-4c25-b547-a7b30c7f0158\",\"webcompat@mozilla.org\":\"b66c0b40-e94e-4be5-aa06-178fe0614232\",\"default-theme@mozilla.org\":\"21f52f71-cefc-496c-9ff4-4027f9a61b31\",\"google@search.mozilla.org\":\"10dce320-d2d5-47c7-ac86-348b3c504065\",\"wikipedia@search.mozilla.org\":\"eeb8a149-ed33-4e16-a82b-cb83706c314a\",\"bing@search.mozilla.org\":\"58adddeb-0714-431d-a5cc-1b504d80ba8e\",\"amazon@search.mozilla.org\":\"ba7b3877-7a27-4c42-9afe-5bad8899d58e\",\"ddg@search.mozilla.org\":\"55fbb399-e78a-4eb4-8cf7-e0847788808a\",\"ebay@search.mozilla.org\":\"be44c6f7-824a-4537-b1a7-4d1d6419a02e\",\"qwant@search.mozilla.org\":\"5af6ade7-ffe2-4fc1-8504-19ae24dd6dfc\",\"addons-search-detection@mozilla.com\":\"e31cac3d-f104-4e9c-8023-97691cc842be\"}");
user_pref("network.http.max-persistent-connections-per-proxy", 16);

C:\Users\cewbe.securise.pasgm\AppData\Roaming\Mozilla\Firefox\Profiles\91rpnk6b.default\Prefs.js



[Profile0] - Name=default-release -> Profiles/7giesa8h.default-release

[Profile0] - Name=default-release -> Profiles/4ii3vpav.default-release

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{45FB3AF6-9833-46A0-AAA0-8ADE5669DA39}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{45FB3AF6-9833-46A0-AAA0-8ADE5669DA39}]
"DhcpNameServer"=192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> 
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> 
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> 
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> 
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{78E345F7-E976-3595-9C30-2458D6A8EC32}] - (.NET Framework) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> U
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}] - (UC Browser) - -> "C:\Program Files (x86)\UCBrowser\Application\7.0.185.1002\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{EC43E638-09F0-38CC-A585-72FCCDDF035C}] - (.NET Framework) - -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\waterfox.exe] : "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\waterfox.exe] : "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: WinStore OM - AppID: {03e64e17-b220-4052-9b9b-155f9cb8e016}
Name: RecorderCaptureHelper - AppID: {062C25DA-D101-46D6-B715-82F9774CBFF4}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: Import Duplicate Detection Manager - AppID: {0C00D6E0-078D-4275-8110-4336695AA586}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
Name: lfsvc - AppID: {18210155-49CD-444C-B582-FA9DE415B89F}
Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: WinStore OM - AppID: {2CD19B3E-3897-4EAB-9AC6-B1438F520CA1}
Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a}
Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
Name: RadioManagement Lib Class - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: %SystemRoot%\System32\wsclient.dll - AppID: {5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Activator - AppID: {6c482a9c-033d-45fe-a01c-9722ef35e255}
Name: Sensors CPL Change Device Permission LUA Helper - AppID: {6CE51F75-0448-438e-B9CA-69C352A248A7}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: GeofenceServerSimulator - AppID: {72F8681D-D893-46a1-A3C4-CEC073EF3EC5}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: Bulk File Operations Manager - AppID: {7649f23b-5a5e-4e2a-ba1e-fdeecb94ed83}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
Name: WinStore OM - AppID: {82C49192-BE68-467F-BF50-971FD01DABF3}
Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134}
Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
Name: Elevated System Settings COM Host - AppID: {A36294D6-90C9-4BA5-AD98-EEA4AB6D53D4}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
Name: Recorder - AppID: {A68748E6-2F9C-428A-8DFD-AB3DCD7BDCB3}
Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: WinStore OM - AppID: {B3823009-106A-4898-8C5A-F28A7CA83ED6}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83}
Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
Name: LockScreen Application Notification Broker - AppID: {C89FC3EF-A0DC-4feb-BFBC-F13A9C334D4F}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400}
Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: SyncEngineCOMServer - AppID: {EEABD3A3-784D-4334-AAFC-BB13234F17CF}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: WinStore OM - AppID: {fc470800-12e0-4da3-81f3-e67240d19093}
Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
Name: RecorderChat - AppID: {FF385292-7348-4C73-AC12-AC98FC3E1DC0}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{03e64e17-b220-4052-9b9b-155f9cb8e016}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{18210155-49CD-444C-B582-FA9DE415B89F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{18210155-49CD-444C-B582-FA9DE415B89F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{18210155-49CD-444C-B582-FA9DE415B89F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{18210155-49CD-444C-B582-FA9DE415B89F}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{478B41E6-3257-4519-BDA8-E971F9843849}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5C917E9C-0B2F-40D6-928B-5C43FDB16DF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6c482a9c-033d-45fe-a01c-9722ef35e255}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6c482a9c-033d-45fe-a01c-9722ef35e255}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6c482a9c-033d-45fe-a01c-9722ef35e255}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72F8681D-D893-46a1-A3C4-CEC073EF3EC5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72F8681D-D893-46a1-A3C4-CEC073EF3EC5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72F8681D-D893-46a1-A3C4-CEC073EF3EC5}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{72F8681D-D893-46a1-A3C4-CEC073EF3EC5}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{A36294D6-90C9-4BA5-AD98-EEA4AB6D53D4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A36294D6-90C9-4BA5-AD98-EEA4AB6D53D4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A36294D6-90C9-4BA5-AD98-EEA4AB6D53D4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{FE2F9D0D-18A4-4845-BA41-DE6451A66D11}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"regsvc"=RemoteRegistry

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\AppDataLow]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Ashampoo]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\ATI]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Baidu Security]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\BANDISOFT]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\BeeTalk]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\BugSplat]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Chromium]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\DAUM]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\DemoCreator]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Driver-Soft]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\GridinSoft]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\HWiNFO32]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\iPhone Backup Extractor]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\KILLSOFT]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Mine]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Mozilla]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\NTechnologies]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Policies]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\PrivaZer]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\RegisteredApplications]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\SharewareOnSale]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Siber Systems]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\TechSmith]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\WaterfoxLimited]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\WinRAR]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\WinRAR SFX]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Wondershare]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Wow6432Node]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\ZHP]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\.NETFramework]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\ActiveMovie]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Advanced INF Setup]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Command Processor]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\F12]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Installer]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Keyboard]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Microsoft Management Console]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\MPEG2Demultiplexer]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Multimedia]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Narrator]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Notepad]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Osk]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\PlayToReceiver]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\ScreenMagnifier]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Spelling]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\TabletTip]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\TPG]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\WcmSvc]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows Mail Setup]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows Media]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows Script]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows Script Host]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\RestartManager]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AMD]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\BandiMPEG1]
[HKLM\Software\Clients]
[HKLM\Software\DAUM]
[HKLM\Software\DemoCreator]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GridinSoft]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\pXc-coding]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Siber Systems]
[HKLM\Software\VideoLAN]
[HKLM\Software\WaterfoxLimited]
[HKLM\Software\WinChipHead]
[HKLM\Software\WinRAR]
[HKLM\Software\Wondershare]
[HKLM\Software\Wow6432Node]
[HKLM\SOFTWARE\Microsoft\.NETFramework]
[HKLM\SOFTWARE\Microsoft\Active Setup]
[HKLM\SOFTWARE\Microsoft\ADs]
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup]
[HKLM\SOFTWARE\Microsoft\ALG]
[HKLM\SOFTWARE\Microsoft\AllUserInstallAgent]
[HKLM\SOFTWARE\Microsoft\Assistance]
[HKLM\SOFTWARE\Microsoft\AudioCompressionManager]
[HKLM\SOFTWARE\Microsoft\AuthHost]
[HKLM\SOFTWARE\Microsoft\BidInterface]
[HKLM\SOFTWARE\Microsoft\Chkdsk]
[HKLM\SOFTWARE\Microsoft\COM3]
[HKLM\SOFTWARE\Microsoft\Command Processor]
[HKLM\SOFTWARE\Microsoft\Cryptography]
[HKLM\SOFTWARE\Microsoft\CTF]
[HKLM\SOFTWARE\Microsoft\DataAccess]
[HKLM\SOFTWARE\Microsoft\DevDiv]
[HKLM\SOFTWARE\Microsoft\Device Association Framework]
[HKLM\SOFTWARE\Microsoft\Dfrg]
[HKLM\SOFTWARE\Microsoft\DFS]
[HKLM\SOFTWARE\Microsoft\DirectDraw]
[HKLM\SOFTWARE\Microsoft\DirectInput]
[HKLM\SOFTWARE\Microsoft\DirectMusic]
[HKLM\SOFTWARE\Microsoft\DirectPlay8]
[HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp]
[HKLM\SOFTWARE\Microsoft\DirectShow]
[HKLM\SOFTWARE\Microsoft\DirectX]
[HKLM\SOFTWARE\Microsoft\DownloadManager]
[HKLM\SOFTWARE\Microsoft\Driver Signing]
[HKLM\SOFTWARE\Microsoft\DRM]
[HKLM\SOFTWARE\Microsoft\DVR]
[HKLM\SOFTWARE\Microsoft\DXP]
[HKLM\SOFTWARE\Microsoft\EAPSIMMethods]
[HKLM\SOFTWARE\Microsoft\EnterpriseCertificates]
[HKLM\SOFTWARE\Microsoft\EventSystem]
[HKLM\SOFTWARE\Microsoft\F12]
[HKLM\SOFTWARE\Microsoft\Fax]
[HKLM\SOFTWARE\Microsoft\FaxServer]
[HKLM\SOFTWARE\Microsoft\Feeds]
[HKLM\SOFTWARE\Microsoft\FTH]
[HKLM\SOFTWARE\Microsoft\Function Discovery]
[HKLM\SOFTWARE\Microsoft\Fusion]
[HKLM\SOFTWARE\Microsoft\HTMLHelp]
[HKLM\SOFTWARE\Microsoft\IdentityCRL]
[HKLM\SOFTWARE\Microsoft\IdentityStore]
[HKLM\SOFTWARE\Microsoft\IHDS]
[HKLM\SOFTWARE\Microsoft\IMAPI]
[HKLM\SOFTWARE\Microsoft\IME]
[HKLM\SOFTWARE\Microsoft\IMEJP]
[HKLM\SOFTWARE\Microsoft\IMEKR]
[HKLM\SOFTWARE\Microsoft\IMETC]
[HKLM\SOFTWARE\Microsoft\Immersive Browser]
[HKLM\SOFTWARE\Microsoft\InputMethod]
[HKLM\SOFTWARE\Microsoft\Internet Account Manager]
[HKLM\SOFTWARE\Microsoft\Internet Domains]
[HKLM\SOFTWARE\Microsoft\Internet Explorer]
[HKLM\SOFTWARE\Microsoft\IsoBurn]
[HKLM\SOFTWARE\Microsoft\Location]
[HKLM\SOFTWARE\Microsoft\MediaEngine]
[HKLM\SOFTWARE\Microsoft\MediaPlayer]
[HKLM\SOFTWARE\Microsoft\MemoryDiagnostic]
[HKLM\SOFTWARE\Microsoft\MessengerService]
[HKLM\SOFTWARE\Microsoft\Migwiz]
[HKLM\SOFTWARE\Microsoft\MMC]
[HKLM\SOFTWARE\Microsoft\Mobile]
[HKLM\SOFTWARE\Microsoft\MSBuild]
[HKLM\SOFTWARE\Microsoft\MSDE]
[HKLM\SOFTWARE\Microsoft\MSDRM]
[HKLM\SOFTWARE\Microsoft\MSDTC]
[HKLM\SOFTWARE\Microsoft\MSF]
[HKLM\SOFTWARE\Microsoft\MSLicensing]
[HKLM\SOFTWARE\Microsoft\MSMQ]
[HKLM\SOFTWARE\Microsoft\MSN Apps]
[HKLM\SOFTWARE\Microsoft\Multimedia]
[HKLM\SOFTWARE\Microsoft\NapServer]
[HKLM\SOFTWARE\Microsoft\NET Framework Setup]
[HKLM\SOFTWARE\Microsoft\NetSh]
[HKLM\SOFTWARE\Microsoft\Network]
[HKLM\SOFTWARE\Microsoft\NetworkAccessProtection]
[HKLM\SOFTWARE\Microsoft\Non-Driver Signing]
[HKLM\SOFTWARE\Microsoft\Notepad]
[HKLM\SOFTWARE\Microsoft\ODBC]
[HKLM\SOFTWARE\Microsoft\OEM]
[HKLM\SOFTWARE\Microsoft\Office]
[HKLM\SOFTWARE\Microsoft\Ole]
[HKLM\SOFTWARE\Microsoft\OnlineProviders]
[HKLM\SOFTWARE\Microsoft\Outlook Express]
[HKLM\SOFTWARE\Microsoft\Photos]
[HKLM\SOFTWARE\Microsoft\PLA]
[HKLM\SOFTWARE\Microsoft\PowerShell]
[HKLM\SOFTWARE\Microsoft\Print]
[HKLM\SOFTWARE\Microsoft\RADAR]
[HKLM\SOFTWARE\Microsoft\Ras]
[HKLM\SOFTWARE\Microsoft\Reliability Analysis]
[HKLM\SOFTWARE\Microsoft\RemovalTools]
[HKLM\SOFTWARE\Microsoft\RendezvousApps]
[HKLM\SOFTWARE\Microsoft\Router]
[HKLM\SOFTWARE\Microsoft\Rpc]
[HKLM\SOFTWARE\Microsoft\SchedulingAgent]
[HKLM\SOFTWARE\Microsoft\Security Center]
[HKLM\SOFTWARE\Microsoft\Sensors]
[HKLM\SOFTWARE\Microsoft\Shared Tools]
[HKLM\SOFTWARE\Microsoft\Shared Tools Location]
[HKLM\SOFTWARE\Microsoft\SideShow]
[HKLM\SOFTWARE\Microsoft\Software]
[HKLM\SOFTWARE\Microsoft\Speech]
[HKLM\SOFTWARE\Microsoft\SQMClient]
[HKLM\SOFTWARE\Microsoft\Sync Framework]
[HKLM\SOFTWARE\Microsoft\Sysprep]
[HKLM\SOFTWARE\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Microsoft\SystemSettings]
[HKLM\SOFTWARE\Microsoft\TableTextService]
[HKLM\SOFTWARE\Microsoft\TabletTip]
[HKLM\SOFTWARE\Microsoft\Tcpip]
[HKLM\SOFTWARE\Microsoft\TelemetryClient]
[HKLM\SOFTWARE\Microsoft\Terminal Server Client]
[HKLM\SOFTWARE\Microsoft\TermServLicensing]
[HKLM\SOFTWARE\Microsoft\TMM]
[HKLM\SOFTWARE\Microsoft\TouchPrediction]
[HKLM\SOFTWARE\Microsoft\TPG]
[HKLM\SOFTWARE\Microsoft\Tpm]
[HKLM\SOFTWARE\Microsoft\Tracing]
[HKLM\SOFTWARE\Microsoft\Transaction Server]
[HKLM\SOFTWARE\Microsoft\TV System Services]
[HKLM\SOFTWARE\Microsoft\uDRM]
[HKLM\SOFTWARE\Microsoft\UPnP Device Host]
[HKLM\SOFTWARE\Microsoft\Virtual Machine]
[HKLM\SOFTWARE\Microsoft\VisualStudio]
[HKLM\SOFTWARE\Microsoft\WAB]
[HKLM\SOFTWARE\Microsoft\Wbem]
[HKLM\SOFTWARE\Microsoft\WcmSvc]
[HKLM\SOFTWARE\Microsoft\WIMMount]
[HKLM\SOFTWARE\Microsoft\Windows]
[HKLM\SOFTWARE\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Microsoft\Windows Desktop Search]
[HKLM\SOFTWARE\Microsoft\Windows Mail]
[HKLM\SOFTWARE\Microsoft\Windows Media Device Manager]
[HKLM\SOFTWARE\Microsoft\Windows Media Foundation]
[HKLM\SOFTWARE\Microsoft\Windows Media Player NSS]
[HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem]
[HKLM\SOFTWARE\Microsoft\Windows NT]
[HKLM\SOFTWARE\Microsoft\Windows Photo Viewer]
[HKLM\SOFTWARE\Microsoft\Windows Portable Devices]
[HKLM\SOFTWARE\Microsoft\Windows Script Host]
[HKLM\SOFTWARE\Microsoft\Windows Search]
[HKLM\SOFTWARE\Microsoft\WindowsRuntime]
[HKLM\SOFTWARE\Microsoft\Wisp]
[HKLM\SOFTWARE\Microsoft\WlanSvc]
[HKLM\SOFTWARE\Microsoft\WSDAPI]
[HKLM\SOFTWARE\Microsoft\WwanSvc]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\Ashampoo]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Auslogics]
[HKLM\Software\WOW6432Node\Baidu_Drp_pos]
[HKLM\Software\WOW6432Node\BandiMPEG1]
[HKLM\Software\WOW6432Node\BANDISOFT]
[HKLM\Software\WOW6432Node\BeeTalk]
[HKLM\Software\WOW6432Node\DemoCreator]
[HKLM\Software\WOW6432Node\Driver-Soft]
[HKLM\Software\WOW6432Node\FreeFileSync]
[HKLM\Software\WOW6432Node\g3n-h@ckm@n]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\GridinSoft]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\iTop]
[HKLM\Software\WOW6432Node\iTop Data Recovery]
[HKLM\Software\WOW6432Node\iTop Screen Recorder]
[HKLM\Software\WOW6432Node\iTop VPN]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\KillSoft]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\pXc-coding]
[HKLM\Software\WOW6432Node\Techsmith]
[HKLM\Software\WOW6432Node\UCBrowser]
[HKLM\Software\WOW6432Node\UCBrowserPID]
[HKLM\Software\WOW6432Node\WafCX]
[HKLM\Software\WOW6432Node\Wondershare]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\.NETFramework]
[HKLM\Software\WOW6432Node\Microsoft\Active Setup]
[HKLM\Software\WOW6432Node\Microsoft\ADs]
[HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup]
[HKLM\Software\WOW6432Node\Microsoft\Assistance]
[HKLM\Software\WOW6432Node\Microsoft\AuthHost]
[HKLM\Software\WOW6432Node\Microsoft\BidInterface]
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
[HKLM\Software\WOW6432Node\Microsoft\Cryptography]
[HKLM\Software\WOW6432Node\Microsoft\CTF]
[HKLM\Software\WOW6432Node\Microsoft\DataAccess]
[HKLM\Software\WOW6432Node\Microsoft\DevDiv]
[HKLM\Software\WOW6432Node\Microsoft\Device Association Framework]
[HKLM\Software\WOW6432Node\Microsoft\Dfrg]
[HKLM\Software\WOW6432Node\Microsoft\Direct3D]
[HKLM\Software\WOW6432Node\Microsoft\DirectDraw]
[HKLM\Software\WOW6432Node\Microsoft\DirectInput]
[HKLM\Software\WOW6432Node\Microsoft\DirectMusic]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay8]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp]
[HKLM\Software\WOW6432Node\Microsoft\DirectShow]
[HKLM\Software\WOW6432Node\Microsoft\DirectX]
[HKLM\Software\WOW6432Node\Microsoft\DownloadManager]
[HKLM\Software\WOW6432Node\Microsoft\DRM]
[HKLM\Software\WOW6432Node\Microsoft\DVR]
[HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods]
[HKLM\Software\WOW6432Node\Microsoft\Exchange]
[HKLM\Software\WOW6432Node\Microsoft\Fax]
[HKLM\Software\WOW6432Node\Microsoft\Feeds]
[HKLM\Software\WOW6432Node\Microsoft\Function Discovery]
[HKLM\Software\WOW6432Node\Microsoft\Fusion]
[HKLM\Software\WOW6432Node\Microsoft\HTMLHelp]
[HKLM\Software\WOW6432Node\Microsoft\IdentityCRL]
[HKLM\Software\WOW6432Node\Microsoft\IdentityStore]
[HKLM\Software\WOW6432Node\Microsoft\IMAPI]
[HKLM\Software\WOW6432Node\Microsoft\IME]
[HKLM\Software\WOW6432Node\Microsoft\IMEJP]
[HKLM\Software\WOW6432Node\Microsoft\IMEKR]
[HKLM\Software\WOW6432Node\Microsoft\IMETC]
[HKLM\Software\WOW6432Node\Microsoft\Immersive Browser]
[HKLM\Software\WOW6432Node\Microsoft\InputMethod]
[HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager]
[HKLM\Software\WOW6432Node\Microsoft\Internet Domains]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer]
[HKLM\Software\WOW6432Node\Microsoft\IsoBurn]
[HKLM\Software\WOW6432Node\Microsoft\Jet]
[HKLM\Software\WOW6432Node\Microsoft\Location]
[HKLM\Software\WOW6432Node\Microsoft\MediaEngine]
[HKLM\Software\WOW6432Node\Microsoft\MediaPlayer]
[HKLM\Software\WOW6432Node\Microsoft\MessengerService]
[HKLM\Software\WOW6432Node\Microsoft\MMC]
[HKLM\Software\WOW6432Node\Microsoft\MSBuild]
[HKLM\Software\WOW6432Node\Microsoft\MSDE]
[HKLM\Software\WOW6432Node\Microsoft\MSDRM]
[HKLM\Software\WOW6432Node\Microsoft\MSDTC]
[HKLM\Software\WOW6432Node\Microsoft\MSF]
[HKLM\Software\WOW6432Node\Microsoft\MSLicensing]
[HKLM\Software\WOW6432Node\Microsoft\MSN Apps]
[HKLM\Software\WOW6432Node\Microsoft\Multimedia]
[HKLM\Software\WOW6432Node\Microsoft\NapServer]
[HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup]
[HKLM\Software\WOW6432Node\Microsoft\netsh]
[HKLM\Software\WOW6432Node\Microsoft\Network]
[HKLM\Software\WOW6432Node\Microsoft\NetworkAccessProtection]
[HKLM\Software\WOW6432Node\Microsoft\Notepad]
[HKLM\Software\WOW6432Node\Microsoft\ODBC]
[HKLM\Software\WOW6432Node\Microsoft\OEM]
[HKLM\Software\WOW6432Node\Microsoft\Office]
[HKLM\Software\WOW6432Node\Microsoft\OnlineProviders]
[HKLM\Software\WOW6432Node\Microsoft\Outlook Express]
[HKLM\Software\WOW6432Node\Microsoft\PCHealth]
[HKLM\Software\WOW6432Node\Microsoft\Photos]
[HKLM\Software\WOW6432Node\Microsoft\PLA]
[HKLM\Software\WOW6432Node\Microsoft\PowerShell]
[HKLM\Software\WOW6432Node\Microsoft\Print]
[HKLM\Software\WOW6432Node\Microsoft\RADAR]
[HKLM\Software\WOW6432Node\Microsoft\Reliability Analysis]
[HKLM\Software\WOW6432Node\Microsoft\RendezvousApps]
[HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent]
[HKLM\Software\WOW6432Node\Microsoft\Security Center]
[HKLM\Software\WOW6432Node\Microsoft\Sensors]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location]
[HKLM\Software\WOW6432Node\Microsoft\Software]
[HKLM\Software\WOW6432Node\Microsoft\Speech]
[HKLM\Software\WOW6432Node\Microsoft\SQMClient]
[HKLM\Software\WOW6432Node\Microsoft\Sync Framework]
[HKLM\Software\WOW6432Node\Microsoft\TableTextService]
[HKLM\Software\WOW6432Node\Microsoft\TabletTip]
[HKLM\Software\WOW6432Node\Microsoft\Tcpip]
[HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client]
[HKLM\Software\WOW6432Node\Microsoft\TouchPrediction]
[HKLM\Software\WOW6432Node\Microsoft\TPG]
[HKLM\Software\WOW6432Node\Microsoft\Tpm]
[HKLM\Software\WOW6432Node\Microsoft\Tracing]
[HKLM\Software\WOW6432Node\Microsoft\TV System Services]
[HKLM\Software\WOW6432Node\Microsoft\uDRM]
[HKLM\Software\WOW6432Node\Microsoft\Updates]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host]
[HKLM\Software\WOW6432Node\Microsoft\VisualStudio]
[HKLM\Software\WOW6432Node\Microsoft\WAB]
[HKLM\Software\WOW6432Node\Microsoft\WBEM]
[HKLM\Software\WOW6432Node\Microsoft\WIMMount]
[HKLM\Software\WOW6432Node\Microsoft\Windows]
[HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows Mail]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS]
[HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT]
[HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer]
[HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices]
[HKLM\Software\WOW6432Node\Microsoft\Windows Script Host]
[HKLM\Software\WOW6432Node\Microsoft\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime]
[HKLM\Software\WOW6432Node\Microsoft\Wisp]
[HKLM\Software\WOW6432Node\Microsoft\WlanSvc]
[HKLM\Software\WOW6432Node\Microsoft\WSDAPI]
[HKLM\Software\WOW6432Node\Microsoft\COM3]
[HKLM\Software\WOW6432Node\Microsoft\DFS]
[HKLM\Software\WOW6432Node\Microsoft\Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates]
[HKLM\Software\WOW6432Node\Microsoft\EventSystem]
[HKLM\Software\WOW6432Node\Microsoft\MSMQ]
[HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\Ole]
[HKLM\Software\WOW6432Node\Microsoft\Ras]
[HKLM\Software\WOW6432Node\Microsoft\Rpc]
[HKLM\Software\WOW6432Node\Microsoft\SystemCertificates]
[HKLM\Software\WOW6432Node\Microsoft\TermServLicensing]
[HKLM\Software\WOW6432Node\Microsoft\Transaction Server]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | FeatureControl

[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"PotPlayerMini64.exe"="11000"
"ashsnap.exe"="10001"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801]
"ashsnap.exe"="1"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
"ashsnap.exe"="1"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION]
"PotPlayerMini64.exe"="1"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"ashsnap.exe"="10"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"ashsnap.exe"="10"
[HKU\S-1-5-21-4070541873-3344096699-3285931096-1005\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"ashsnap.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"iexplore.exe"="1"
"*"="1"
"infopath.exe"="0"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"="8000"
"HelpPane.exe"="10000"
"bdcam.exe"="11000"
"DemoCreator.exe"="9999"
"DemoCreator Spark.exe"="9999"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"iexplore.exe"="1"
"SAPLOGON.exe"="0"
"SAPLgPad.exe"="0"
"explorer.exe"="1"
"SAPGuiIT.exe"="0"
"wmplayer.exe"="1"
"SAPfewgsrv.exe"="0"
"Scale_for_R3.exe"="0"
"SAPGUI.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"iexplore.exe"="1"
"ieuser.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"helppane.exe"="1"
"devenv.exe"="1"
"dexplore.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"sidebar.exe"="1"
"outlook.exe"="1"
"mshta.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"iexplore.exe"="0"
"explorer.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"prevhost.exe"="1"
"winmail.exe"="1"
"msimn.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"bdcam.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
"HelpPane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"prevhost.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"prevhost.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"iexplore.exe"="1"
"*"="1"
"infopath.exe"="0"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"HelpPane.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"HelpPane.exe"="10000"
"prevhost.exe"="8000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"iexplore.exe"="1"
"SAPLOGON.exe"="0"
"SAPLgPad.exe"="0"
"explorer.exe"="1"
"SAPGuiIT.exe"="0"
"wmplayer.exe"="1"
"SAPfewgsrv.exe"="0"
"Scale_for_R3.exe"="0"
"SAPGUI.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"iexplore.exe"="1"
"ieuser.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"HelpPane.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
"HelpPane.exe"="100000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"helppane.exe"="1"
"PresentationHost.exe"="0"
"devenv.exe"="1"
"dexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"sidebar.exe"="1"
"outlook.exe"="1"
"mshta.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"iexplore.exe"="0"
"explorer.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"winmail.exe"="1"
"prevhost.exe"="1"
"msimn.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"HelpPane.exe"="1"
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"HelpPane.exe"="0"
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"HelpPane.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"HelpPane.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"HelpPane.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"iexplore.exe"="1"
"explorer.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"iexplore.exe"="1"
"prevhost.exe"="1"
"explorer.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [02/06/2023 13:26:21] - |D| - [0] - C:\Program Files (x86)\Baidu Security
[MD5.00000000000000000000000000000000] - [02/06/2023 13:49:29] - |D| - [68455945] - C:\Program Files (x86)\BeeDoctor
[MD5.00000000000000000000000000000000] - [01/06/2023 05:00:13] - |D| - [34090811] - C:\Program Files (x86)\TechSmith
[MD5.B54B4D94FF1DD9D914CA5322A4A67132] - [01/06/2023 05:16:58] - |A| - [256] - C:\Windows\dm.dmap
[MD5.A868F4C645CA6EA3D8E6CD072BB344B8] - [02/06/2023 21:15:54] - |A| - [5858] - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/06/2023 21:15:54] - |A| - [0] - C:\Windows\setuperr.log
[MD5.B869A38388CFC68837BCEB5905CBB549] - [02/06/2023 20:09:39] - |A| - [20127744] - C:\Windows\Installer\e5ebee.msi
[MD5.DF74AB5B33972CECBE6E41EA0F118839] - [01/06/2023 05:00:02] - |A| - [20480] - C:\Windows\Installer\SourceHash{3064B250-EDCA-4E69-A62A-4DA32225E4BE}
[MD5.92781094B7E6887C89D27CEAC39A3987] - [02/06/2023 20:10:12] - |A| - [20480] - C:\Windows\Installer\SourceHash{4B65EC7C-A6A2-486D-8B96-8BF53730C965}
[MD5.00000000000000000000000000000000] - [01/06/2023 05:00:21] - |D| - [202240] - C:\Windows\Installer\{3064B250-EDCA-4E69-A62A-4DA32225E4BE}
[MD5.92AFBE9041DC57E02FF3EF95A8479AE6] - [02/06/2023 15:59:34] - |A| - [337928] - C:\Windows\system32\FNTCACHE.DAT
[MD5.AA1E66A8F2D3085702752FE32156EA77] - [02/06/2023 13:50:01] - |A| - [98384] - C:\Windows\system32\Drivers\TFsFltX64.sys

---------- | Drives


A:


B:


D:


E:

[30/05/2023 07:56:53] - |A| - (.-.) - [1029] - (0.0.0.0) - E:\Internet Explorer.lnk
[30/05/2023 06:03:08] - |A| - (.-.) - [1195] - (0.0.0.0) - E:\Pre_Scan_Donate.lnk
[30/05/2023 06:03:08] - |A| - (.-.) - [1559] - (0.0.0.0) - E:\Pre_Scan_Restore.lnk
[30/05/2023 04:02:39] - |A| - (.-.) - [1562] - (0.0.0.0) - E:\ScreenRec.lnk
[29/05/2023 16:45:36] - |A| - (.© IObit.                                                                       - Advanced SystemCare                                      .) - [51557136] - (16.4.0.225) - E:\advanced-systemcare-setup.exe
[30/05/2023 16:08:36] - |A| - (.Copyright 2022 Malwarebytes - AdwCleaner.) - [8791352] - (8.4.0.0) - E:\adwcleaner(1).exe
[30/05/2023 16:06:11] - |A| - (.Copyright 2022 Malwarebytes - AdwCleaner.) - [8791352] - (8.4.0.0) - E:\adwcleaner.exe
[29/05/2023 09:02:07] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo Snap 12 Setup                                   .) - [136357336] - (12.0.6.0) - E:\ashampoo_snap_12_12.0.6_sm.exe
[29/05/2023 08:58:22] - |A| - (.Ashampoo GmbH & Co. KG                                                                              - Ashampoo Snap 15 Setup                                   .) - [147400632] - (15.0.5.0) - E:\ashampoo_snap_15_15.0.5_sm.exe
[29/05/2023 15:44:14] - |A| - (.Copyright(C) 2009-2023 Bandicam.com, - Bandicam Setup File.) - [32490856] - (6.2.1.2068) - E:\bdcamsetup.exe
[01/06/2023 04:55:42] - |A| - (.Copyright (c) iterate GmbH. - Cyberduck.) - [54201704] - (8.6.0.39818) - E:\Cyberduck-Installer-8.6.0.39818.exe
[29/05/2023 17:47:12] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1180128] - (3.0.0.8212) - E:\CyberLink_PowerDirector_Downloader.exe
[29/05/2023 15:09:19] - |A| - (.Copyright©2023 Wondershare. - wondershare-democreator-(french)_setup_full7757.exe.) - [2058224] - (4.0.4.1) - E:\democreator_setup_full7757.exe
[01/06/2023 12:11:18] - |A| - (.-.) - [0] - (0.0.0.0) - E:\DiskCopy(1).exe
[01/06/2023 12:09:57] - |A| - (.-.) - [0] - (0.0.0.0) - E:\DiskCopy.exe
[30/05/2023 19:31:14] - |A| - (.© 2020 www.pXc-coding.com.                                                     - DoNotSpy78                                               .) - [1958880] - (1.1.0.1) - E:\DoNotSpy78-1.1.0.1-Setup.exe
[30/05/2023 14:22:59] - |N| - (.Copyright©2023 Wondershare. - wondershare-filmora-(fr)-(cpc)_setup_full7552.exe.) - [1985520] - (4.0.4.1) - E:\filmora_setup_full7552.exe
[29/05/2023 11:14:45] - |A| - (.Zenju - All Rights Reserved                                                                         - FreeFileSync Setup                                       .) - [19975768] - (12.3.0.0) - E:\FreeFileSync_12.3_Windows_Setup.exe
[01/06/2023 09:45:45] - |A| - (.Copyright (C) 1998-2023 Siber Systems Inc. - GoodSync.) - [67848816] - (12.2.4.4) - E:\GoodSync-vsub-2Go-Setup.exe
[01/06/2023 04:53:50] - |A| - (.Copyright (C) 1998-2023 Siber Systems Inc. - GoodSync.) - [67848816] - (12.2.4.4) - E:\GoodSync-vsub-Setup(1).exe
[31/05/2023 16:48:36] - |A| - (.Copyright (C) 1998-2023 Siber Systems Inc. - GoodSync.) - [67848816] - (12.2.4.4) - E:\GoodSync-vsub-Setup.exe
[29/05/2023 10:32:12] - |A| - (.Orange 2022 - Installateur Orange.) - [916720] - (4.5.0.3) - E:\Installateur_edge-chromium.exe
[30/05/2023 03:51:54] - |A| - (.© iTop Inc. - iTop Private Browser.) - [6586624] - (3.2.0.257) - E:\itop_private_browser_frseo_browser_setup.exe
[29/05/2023 09:43:24] - |A| - (.-.) - [598545] - (0.0.0.0) - E:\KCinst.exe
[30/05/2023 16:24:24] - |A| - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) - [957952] - (3.3.12.0) - E:\ListParts64.exe
[29/05/2023 17:42:10] - |A| - (.-.) - [11601432] - (0.0.0.0) - E:\OpenCodecSetup64 (1).exe
[29/05/2023 16:41:32] - |A| - (.-.) - [11601432] - (0.0.0.0) - E:\OpenCodecSetup64.exe
[29/05/2023 12:53:24] - |A| - (.ⓒ Kakao Corp. - PotPlayer Setup File.) - [34555296] - (1.7.21915.0) - E:\potplayer-1-7-21915.exe
[29/05/2023 17:51:21] - |A| - (.-.) - [607610840] - (0.0.0.0) - E:\PowerDirector_2812.4_365_Essential_VDE230224-01.exe
[30/05/2023 06:02:10] - |A| - (.Copyright (C) 2013-2019 SosVirus Software - Pre_Scan.) - [3082136] - (18.10.19.1) - E:\pre-scan_V9_18.10.19.1(1).exe
[30/05/2023 06:02:08] - |A| - (.Copyright (C) 2013-2019 SosVirus Software - Pre_Scan.) - [3082136] - (18.10.19.1) - E:\pre-scan_V9_18.10.19.1.exe
[30/05/2023 05:27:38] - |A| - (.Carifred © 2010 - 2019 - Quick user manager.) - [718392] - (2.2.0.0) - E:\QuickUserManager.exe
[30/05/2023 04:10:27] - |A| - (.Copyright © Learnpulse 2023 - Screenpresso.) - [22238216] - (2.1.11.0) - E:\Screenpresso.exe
[30/05/2023 03:55:45] - |A| - (.StreamingVideoProvider В© 2021 - Desktop Recording application.) - [459576] - (0.1.0.59) - E:\ScreenRec_webinstall_all.exe
[01/06/2023 12:10:26] - |A| - (.-.) - [0] - (0.0.0.0) - E:\SFCFix.exe
[07/04/2023 03:05:26] - |A| - (.2023 Rare Ideas, LLC - Start PortableApps.com.) - [2351832] - (25.0.0.0) - E:\Start.exe

F:

[11/05/2023 15:10:33] - |AC| - (.-.) - [1510] - (0.0.0.0) - F:\100APPLE - Shortcut.lnk
[11/05/2023 15:10:34] - |AC| - (.-.) - [1417] - (0.0.0.0) - F:\Microsoft Edge.lnk
[11/05/2023 14:51:56] - |AC| - (.-.) - [2023] - (0.0.0.0) - F:\text (16) post final à corriger car bug Windows 11 - Shortcut.lnk
[11/05/2023 15:10:33] - |AC| - (.Copyright 2018 Malwarebytes - AdwCleaner.) - [7320272] - (7.2.6.0) - F:\adwcleaner_7.2.6.0.exe
[10/11/2022 17:35:52] - |AC| - (.Anvisoft Company - Anvi Folder Locker Installation.) - [14631312] - (1.2.1370.0) - F:\anvi-folder-locker-1-2-1370-0-en-win.exe
[09/02/2023 12:19:42] - |AC| - (.-.) - [0] - (0.0.0.0) - F:\ashampoo_internet_accelerator_3_3.30_sm.exe
[09/02/2023 12:20:03] - |AC| - (.Copyright (C) 2010-2014 Andrea Russo - Italy                                                        - Clam Sentinel Setup                                      .) - [737886] - (1.22.0.0) - F:\ClamSentinel1.22.exe
[09/02/2023 12:20:08] - |AC| - (.                                                                                                   - ClamWin Free Antivirus Setup                             .) - [236832861] - (0.0.0.0) - F:\clamwin-0.103.2.1-setup.exe
[10/11/2022 19:31:59] - |AC| - (.Bernat - Java Runtime Environment 64 bit Portable.) - [53256489] - (0.0.0.0) - F:\Java_Portable_8.0.351.10_64-bit.exe
[09/02/2023 12:20:40] - |AC| - (.Copyright (c)2021-2023 KeepStreams Software Inc. - KeepStreams.) - [8072800] - (1.0.0.0) - F:\keepstreams_online_1162.exe
[10/11/2022 19:32:05] - |AC| - (.PortableApps.com - PortableApps.com Platform.) - [6025208] - (22.0.1.0) - F:\PortableApps.com_Platform_Setup_22.0.1.paf.exe
[09/02/2023 12:23:05] - |AC| - (.PortableApps.com - PortableApps.com Platform.) - [6062008] - (24.0.0.0) - F:\PortableApps.com_Platform_Setup_24.0.paf.exe
[06/05/2023 20:04:01] - |AC| - (.-.) - [65081420] - (0.0.0.0) - F:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe
[09/02/2023 12:18:56] - |AC| - (.Copyright ©2011 - 2023 - Setup Application.) - [56651952] - (4.13.0.1) - F:\tweaking.com_windows_repair_aio_setup.exe
[11/05/2023 14:51:56] - |AC| - (.� 2008/2019 - El Desaparecido - www.SOSVirus.net - UsbFix Premium.) - [4576584] - (11.0.1.0) - F:\UsbFix_2019_11.010.exe

J:

[06/05/2023 20:03:49] - |A| - (.Copyright © 1998-2012 URSoft, Inc.                                                                  - Your Uninstaller! 7 Setup                                .) - [6822592] - (7.5.2014.3) - J:\yusetup.exe
[06/05/2023 20:03:50] - |A| - (.-.) - [65081420] - (0.0.0.0) - J:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe

K:


Q:

[26/01/2023 17:20:48] - |A| - (.-.) - [450] - (0.0.0.0) - Q:\Poursuivez l'installation de CorelDRAW Graphics Suite.lnk
[23/02/2023 03:15:30] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\GiveawayClub_Magix_Music_Maker.exe
[21/02/2023 09:05:26] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\ad-aware&comodo_bundle2019_setup_sib.exe
[25/02/2023 00:04:42] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\Adaware_protect_Installer (1).exe
[21/02/2023 09:05:34] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\apower-manager.exe
[21/02/2023 09:05:38] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\ApplicationManager_v1318_rv200683(1.3)_STD_APM190117-01.exe
[21/02/2023 09:05:40] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\ashampoo_snap_10_10.0.8_sm.exe
[21/02/2023 09:05:40] - |A| - (.-.) - [0] - (0.0.0.0) - Q:\ashampoo_snap_9_9.0.6_sm.exe
[06/05/2023 20:05:01] - |A| - (.© 1999-2022 Jonathan Bennett & AutoIt Team - Farbar Service Scanner.) - [959488] - (30.4.2023.0) - Q:\FSS.exe
[06/05/2023 20:05:01] - |A| - (.Copyright © 1998-2012 URSoft, Inc.                                                                  - Your Uninstaller! 7 Setup                                .) - [6822592] - (7.5.2014.3) - Q:\yusetup.exe
[06/05/2023 20:05:02] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - Q:\AdsFix (1).exe
[06/05/2023 20:05:02] - |A| - (.Copyright (C) 2013-2021 SosVirus Software - AdsFix.) - [5976304] - (9.113.22.1) - Q:\AdsFix.exe
[06/05/2023 20:05:00] - |A| - (.Copyright (c) KsL Software and Published by RoseCitySoftware                                        - Registry First Aid, the easy powerful registry maintenance p.) - [9217312] - (11.3.1.2618) - Q:\rfasetup.exe
[06/05/2023 20:05:00] - |A| - (.-.) - [65081420] - (0.0.0.0) - Q:\sony-ericsson-pc-suite_1-6-0_fr_312200.exe
[30/04/2019 05:21:20] - |A| - (.-.) - [712] - (0.0.0.0) - Q:\ZentimoSettings.ini
[23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - Q:\pmp_usb (2).ini
[23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - Q:\pmp_usb (3).ini
[23/02/2023 05:08:42] - |A| - (.-.) - [68] - (0.0.0.0) - Q:\pmp_usb.ini

T:

[02/12/2022 13:50:04] - |A| - (.-.) - [2841] - (0.0.0.0) - T:\Sophos Virus Removal Tool.lnk
[02/12/2022 13:50:04] - |A| - (.-.) - [2288] - (0.0.0.0) - T:\YaraEditor Installer                                         Virtuel.lnk
[02/12/2022 13:50:04] - |A| - (.-.) - [878] - (0.0.0.0) - T:\ZHPCleaner.lnk
[02/12/2022 13:50:05] - |A| - (.-.) - [1092] - (0.0.0.0) - T:\Appsitory Updater.lnk
[02/12/2022 13:50:08] - |A| - (.-.) - [2154] - (0.0.0.0) - T:\COMODO Internet Security Premium.lnk
[02/12/2022 13:50:08] - |A| - (.-.) - [2138] - (0.0.0.0) - T:\Comodo Secure Shopping.lnk
[02/12/2022 13:50:17] - |A| - (.-.) - [1262] - (0.0.0.0) - T:\IObit Malware Fighter.lnk
[02/12/2022 13:50:17] - |A| - (.-.) - [1421] - (0.0.0.0) - T:\IObit Software Updater.lnk
[02/12/2022 13:50:17] - |A| - (.-.) - [871] - (0.0.0.0) - T:\iTop PDF.lnk
[02/12/2022 13:50:17] - |A| - (.-.) - [1091] - (0.0.0.0) - T:\iTop VPN.lnk
[02/12/2022 13:50:17] - |A| - (.-.) - [1024] - (0.0.0.0) - T:\PotPlayer 64 bit.lnk
[02/12/2022 13:50:04] - |A| - (.© Microsoft Corporation. - Windows Installer.) - [74184] - (10.0.19041.1) - T:\setup.exe
[02/12/2022 13:50:05] - |A| - (.                                                                                                   - AudioRanger Setup                                        .) - [10326504] - (3.4.3.0) - T:\AudioRangerSetup.exe
[02/12/2022 13:50:16] - |A| - (.PC HelpSoft                                                                                         - PC HelpSoft Driver Updater                               .) - [6181480] - (6.2.810.0) - T:\Driver_Updater.exe
[02/12/2022 13:50:16] - |A| - (.©Farbar - Farbar Recovery Scan Tool.) - [2373632] - (23.10.2022.0) - T:\FRST64-2.1.exe
[02/12/2022 13:50:17] - |A| - (.© 2013-2021 SurfRight, A Sophos Company - HitmanPro.Alert.) - [5861120] - (3.8.21.943) - T:\hmpalert3.exe
[02/12/2022 13:50:06] - |A| - (.-.) - [128] - (0.0.0.0) - T:\autorun.inf

U:

[12/02/2020 16:50:32] - |A| - (.2020 Rare Ideas, LLC - Start PortableApps.com.) - [1449024] - (16.1.0.0) - U:\Start.exe

X:

[18/12/2024 22:52:34] - |A| - (.Copyright©2017 Wondershare. - wondershare-dvd-creator_setup_full619.exe.) - [1580272] - (2.1.3.2) - X:\dvd-creator_setup_full619.exe
[27/02/2020 16:09:49] - |A| - (.-.) - [973104] - (0.0.0.0) - X:\ejay_dance6_reloaded_downloader.exe
[18/12/2024 19:31:30] - |A| - (.                                                                                                   - iBoysoft File Protector Setup                            .) - [4981393] - (0.0.0.0) - X:\iboysoftfileprotectorx64.exe
[18/12/2024 22:52:31] - |A| - (.Copyright by Abelssoft                                                                              - ScreenVideo 2019                                         .) - [49801120] - (1.0.0.0) - X:\screenvideo.exe
[18/12/2024 22:52:33] - |A| - (.Copyright©2017 Wondershare. - video-converter-ultimate_setup_full905.exe.) - [990312] - (2.0.9.2) - X:\video-converter-ultimate_setup_full905.exe
[18/12/2024 22:52:34] - |A| - (.Copyright©2017 IskySoft. - iskysoft-video-converter-ultimate-(cpc)_setup_full1329.exe.) - [971400] - (2.0.15.2) - X:\video-converter-ultimate_setup_full1329.exe
[18/12/2024 22:52:33] - |A| - (.-.) - [79067832] - (0.0.0.0) - X:\x-ipad-magic-platinum-fr.exe
[30/07/2020 23:17:31] - |A| - (.-.) - [18434630] - (0.0.0.0) - X:\uTorrentFPROPortable-3.5.5.45395.exe
[18/12/2024 23:49:44] - |A| - (.©1999-2018 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2581504] - (27.1.2020.0) - X:\FRST64.exe
[25/02/2020 14:43:38] - |A| - (.-.) - [68] - (0.0.0.0) - X:\pmp_usb.ini

---------- | C:

[22/08/2013 17:36:31] - |SHD| - [258] - C:\$Recycle.Bin
[19/05/2023 03:28:29] - |D| - [0] - C:\$WinREAgent
[18/05/2023 21:25:56] - |D| - [886777] - C:\AdsFix
[30/05/2023 16:06:29] - |D| - [381746620] - C:\AdwCleaner
[21/05/2023 20:30:17] - |D| - [213972243] - C:\AMD
[30/05/2023 10:43:35] - |D| - [91566874] - C:\Bandicam
[MD5.0B17239B2E03F5AEA96929003CA22337] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [404250] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[21/05/2023 20:27:23] - |D| - [83426254] - C:\Dist
[22/08/2013 16:45:52] - |SD| - [0] - C:\Documents and Settings
[18/05/2023 08:22:35] - |D| - [0] - C:\Downloads
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/05/2023 08:30:13] - |ASH| - (.-.) - [3070005248] - (0.0.0.0) - C:\hiberfil.sys
[17/05/2023 16:05:22] - |D| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/06/2023 15:59:31] - |ASH| - (.-.) - [4624400384] - (0.0.0.0) - C:\pagefile.sys
[30/05/2023 11:51:47] - |D| - [0] - C:\PC Accelerate
[22/08/2013 17:36:30] - |D| - [0] - C:\PerfLogs
[MD5.CE70E9BEA501B5B4C4CC2ADD13A9887D] - [30/05/2023 07:56:53] - |RA| - (.-.) - [9298] - (0.0.0.0) - C:\Pre_Scan_30_05_2023_07_56_53.txt
[22/08/2013 15:36:15] - |RD| - [4691224774] - C:\Program Files
[22/08/2013 15:36:15] - |RD| - [3197019137] - C:\Program Files (x86)
[17/05/2023 15:53:17] - |RD| - [12901] - C:\Program Files (x86) - 100% Sécurisé Toolbox v0.1
[17/05/2023 15:53:17] - |D| - [0] - C:\Program Files (x86) - Sifatal-3à4Rem-Morae-Goodsync-PCAti Toolbox v1.0
[07/12/2019 11:30:39] - |SD| - [847974321] - C:\ProgramData
[27/05/2023 08:26:15] - |D| - [3759099] - C:\QuickDiag
[MD5.5D063BCBA4DB6BD100E218C54DD60B5F] - [03/06/2023 09:49:55] - |A| - (.-.) - [241007] - (0.0.0.0) - C:\QuickDiag.txt
[24/05/2023 19:49:57] - |D| - [482101] - C:\SearcherBar
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/05/2023 08:25:53] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[29/05/2023 03:28:19] - |SHD| - [0] - C:\System Volume Information
[22/08/2013 15:36:15] - |RD| - [31934316239] - C:\Users
[22/08/2013 15:36:15] - |D| - [14087392224] - C:\Windows
[24/05/2023 15:52:04] - |D| - [64199] - C:\_Backup
[24/05/2023 15:52:16] - |RSD| - [253062033] - C:\_Backup.RC

---------- | C:\Windows

[30/05/2023 11:43:53] - |D| - [1003496] - C:\Windows\5158974E2D28401893357694C2974746.TMP
[22/08/2013 17:36:30] - |D| - [802] - C:\Windows\addins
[22/08/2013 17:36:31] - |D| - [1160704] - C:\Windows\ADFS
[22/08/2013 17:36:30] - |D| - [2028560] - C:\Windows\AppCompat
[22/08/2013 17:36:31] - |D| - [11883922] - C:\Windows\apppatch
[22/08/2013 17:36:30] - |D| - [0] - C:\Windows\AppReadiness
[22/08/2013 17:36:30] - |RD| - [548209344] - C:\Windows\assembly
[MD5.EBCFA11C16A9A073E797622BAA74D76F] - [21/07/2014 22:04:38] - |A| - (.-.) - [47887] - (0.0.0.0) - C:\Windows\atiogl.xml
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/05/2023 09:44:13] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin
[MD5.FA78F9739F8F0239A539A06B10D354C7] - [22/08/2013 13:21:53] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [56832] - (6.3.9600.16384) - C:\Windows\bfsvc.exe
[22/08/2013 17:36:31] - |D| - [36824366] - C:\Windows\Boot
[MD5.9D065A4DE6AD09924869DE689F6C3BA9] - [22/08/2013 16:46:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[22/08/2013 17:36:31] - |D| - [2296376] - C:\Windows\Branding
[22/08/2013 17:36:30] - |D| - [7213632] - C:\Windows\Camera
[22/08/2013 17:20:01] - |D| - [0] - C:\Windows\CbsTemp
[MD5.0505315076F50DE128B8256927B94722] - [21/11/2014 10:25:45] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\Windows\Core.xml
[22/08/2013 17:36:30] - |D| - [4503720] - C:\Windows\Cursors
[22/08/2013 17:36:31] - |D| - [432] - C:\Windows\debug
[22/08/2013 17:36:30] - |RD| - [22590] - C:\Windows\DesktopTileResources
[22/08/2013 17:36:30] - |D| - [3495466] - C:\Windows\diagnostics
[22/08/2013 17:43:29] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.B54B4D94FF1DD9D914CA5322A4A67132] - [01/06/2023 05:16:58] - |A| - (.-.) - [256] - (0.0.0.0) - C:\Windows\dm.dmap
[22/08/2013 17:36:31] - |SD| - [0] - C:\Windows\Downloaded Program Files
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\ELAMBKUP
[22/08/2013 17:43:29] - |D| - [97792] - C:\Windows\en-US
[MD5.85D47EB257B06094F052E0C8AEFA3BEE] - [21/11/2014 11:16:21] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2501368] - (6.3.9600.17415) - C:\Windows\explorer.exe
[22/08/2013 17:36:30] - |D| - [14522153] - C:\Windows\FileManager
[22/08/2013 15:36:15] - |RSD| - [489068885] - C:\Windows\Fonts
[22/08/2013 17:36:30] - |D| - [93333783] - C:\Windows\Globalization
[22/08/2013 17:36:31] - |D| - [1626642] - C:\Windows\Help
[MD5.80E856B1AFAEB6195EADAAD65945147C] - [21/11/2014 11:15:58] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [1001472] - (6.3.9600.17415) - C:\Windows\HelpPane.exe
[MD5.B934411DFE7DEACFA95A1255A48133C9] - [21/11/2014 11:15:58] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [17408] - (6.3.9600.17415) - C:\Windows\hh.exe
[22/08/2013 17:36:30] - |D| - [152843668] - C:\Windows\IME
[22/08/2013 17:36:31] - |RD| - [7289116] - C:\Windows\ImmersiveControlPanel
[22/08/2013 15:36:15] - |D| - [42350834] - C:\Windows\Inf
[22/08/2013 17:36:31] - |D| - [119175822] - C:\Windows\InputMethod
[22/08/2013 17:36:31] - |SHD| - [100890957] - C:\Windows\Installer
[22/08/2013 17:36:31] - |D| - [61417] - C:\Windows\L2Schemas
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\LiveKernelReports
[22/08/2013 15:36:15] - |D| - [430203286] - C:\Windows\Logs
[22/08/2013 17:36:30] - |RSD| - [19944453] - C:\Windows\Media
[22/08/2013 17:36:31] - |D| - [18917376] - C:\Windows\MediaViewer
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [22/08/2013 09:01:23] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[22/08/2013 17:36:30] - |D| - [530398405] - C:\Windows\Microsoft.NET
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\ModemLogs
[MD5.959A31D0CD013CEA0C66DB7C03BCBDDF] - [21/11/2014 11:16:15] - |A| - (.© Microsoft Corporation. - Notepad.) - [221184] - (6.3.9600.17415) - C:\Windows\notepad.exe
[22/08/2013 17:36:30] - |RD| - [65] - C:\Windows\Offline Web Pages
[29/05/2023 18:24:56] - |D| - [0] - C:\Windows\Panther
[22/08/2013 17:36:30] - |D| - [44833195] - C:\Windows\Performance
[22/08/2013 17:36:30] - |D| - [1121834] - C:\Windows\PLA
[22/08/2013 17:36:30] - |D| - [2326841] - C:\Windows\PolicyDefinitions
[29/05/2023 08:26:39] - |D| - [34036832] - C:\Windows\Prefetch
[MD5.B67DB709F5FDAA89CA6C2CB6C1E39B3B] - [21/11/2014 11:15:43] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [154624] - (6.3.9600.17415) - C:\Windows\regedit.exe
[22/08/2013 17:36:30] - |D| - [22588] - C:\Windows\Registration
[22/08/2013 17:36:30] - |D| - [5301077] - C:\Windows\rescache
[22/08/2013 17:36:31] - |D| - [2579171] - C:\Windows\Resources
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\SchCache
[22/08/2013 17:36:30] - |D| - [118561] - C:\Windows\schemas
[22/08/2013 17:36:31] - |D| - [1056768] - C:\Windows\security
[22/08/2013 16:45:15] - |D| - [39214732] - C:\Windows\ServiceProfiles
[22/08/2013 15:36:15] - |D| - [118357738] - C:\Windows\servicing
[22/08/2013 16:45:23] - |D| - [42] - C:\Windows\Setup
[MD5.A868F4C645CA6EA3D8E6CD072BB344B8] - [02/06/2023 21:15:54] - |A| - (.-.) - [5858] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/06/2023 21:15:54] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[21/11/2014 10:25:32] - |D| - [4544] - C:\Windows\ShellNew
[21/11/2014 10:25:32] - |D| - [31373168] - C:\Windows\SKB
[29/05/2023 08:36:05] - |D| - [410091372] - C:\Windows\SoftwareDistribution
[22/08/2013 17:36:30] - |D| - [125808437] - C:\Windows\Speech
[MD5.4D9DA155B7B449964E14FC32124CC601] - [21/11/2014 11:16:13] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128512] - (6.3.9600.17415) - C:\Windows\splwow64.exe
[MD5.A77E65831A152C8FCA5B822749E2624D] - [22/08/2013 17:19:59] - |A| - (.-.) - [35891] - (0.0.0.0) - C:\Windows\Starter.xml
[22/08/2013 17:36:30] - |D| - [31039] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[22/08/2013 15:36:16] - |RD| - [3190563536] - C:\Windows\System32
[22/08/2013 17:36:30] - |D| - [8110216] - C:\Windows\SystemResources
[22/08/2013 15:36:16] - |D| - [1282296640] - C:\Windows\SysWOW64
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\TAPI
[22/08/2013 17:36:30] - |D| - [1270] - C:\Windows\Tasks
[22/08/2013 15:36:16] - |D| - [0] - C:\Windows\Temp
[22/08/2013 17:36:30] - |RD| - [22151] - C:\Windows\ToastData
[22/08/2013 17:36:31] - |D| - [0] - C:\Windows\tracing
[22/08/2013 17:36:31] - |D| - [7680] - C:\Windows\twain_32
[MD5.727B4519FE9919447108CBEC4768F34A] - [21/11/2014 11:17:13] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [54272] - (1.7.1.3) - C:\Windows\twain_32.dll
[22/08/2013 17:36:30] - |D| - [15852282] - C:\Windows\vpnplugins
[22/08/2013 17:36:30] - |D| - [12420] - C:\Windows\Vss
[22/08/2013 17:36:31] - |D| - [8817972] - C:\Windows\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [22/08/2013 15:25:43] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [22/08/2013 08:53:50] - |RA| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.E369FCA6D74D6A63332284F4BC5AAD45] - [29/05/2023 08:36:04] - |A| - (.-.) - [1079201] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.335C38783B3F1B383ECAC17DB3705895] - [21/11/2014 11:15:14] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.3.9600.17415) - C:\Windows\winhlp32.exe
[22/08/2013 17:36:31] - |D| - [1790881] - C:\Windows\WinStore
[22/08/2013 15:36:16] - |D| - [6118479433] - C:\Windows\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [22/08/2013 08:52:18] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.73E19BE0E0ECD88616B5762F621B0226] - [21/11/2014 11:16:16] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (6.3.9600.17415) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[31/05/2023 16:48:32] - C:\Windows\Installer\143823e.msi : (Morae Recorder - TechSmith Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:56] - C:\Windows\Installer\452ac6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/04/2014 13:21:34] - C:\Windows\Installer\452ad2.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:50] - C:\Windows\Installer\452ade.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:28] - C:\Windows\Installer\452aea.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:34] - C:\Windows\Installer\452af6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:40] - C:\Windows\Installer\452b02.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:48] - C:\Windows\Installer\452b0e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:54] - C:\Windows\Installer\452b1a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:00] - C:\Windows\Installer\452b26.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:06] - C:\Windows\Installer\452b32.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:12] - C:\Windows\Installer\452b3e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:18] - C:\Windows\Installer\452b4a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:24] - C:\Windows\Installer\452b56.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:30] - C:\Windows\Installer\452b62.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:36] - C:\Windows\Installer\452b6e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:42] - C:\Windows\Installer\452b7a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:48] - C:\Windows\Installer\452b86.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:46:54] - C:\Windows\Installer\452b92.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:00] - C:\Windows\Installer\452b9e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:06] - C:\Windows\Installer\452baa.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:12] - C:\Windows\Installer\452bb6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:18] - C:\Windows\Installer\452bc2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:28] - C:\Windows\Installer\452bce.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:34] - C:\Windows\Installer\452bda.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:47:40] - C:\Windows\Installer\452be6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:48:08] - C:\Windows\Installer\452bf2.msi : (Catalyst Control Center Utility 64 - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:48:54] - C:\Windows\Installer\452bfe.msi : (AMD Fuel - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2014 22:45:20] - C:\Windows\Installer\452c0a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/06/2023 20:09:39] - C:\Windows\Installer\e5ebee.msi : (iPhone Backup Extractor - Reincubate Ltd)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/05/2023 09:47:05] - [88102] - C:\Windows\Installer\{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:16] - [88102] - C:\Windows\Installer\{104DE091-6C4F-C5A9-F619-5D6C965A0296}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:45:56] - [10134] - C:\Windows\Installer\{25A3B953-1423-3F15-640E-B620DD0F419A}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:37] - [88102] - C:\Windows\Installer\{285C9F30-3BF8-697B-BD1D-353435E94B78}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:40] - [88102] - C:\Windows\Installer\{29967A7C-6E18-91CD-BBE4-9C09F401E950}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:20] - [88102] - C:\Windows\Installer\{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:59] - [88102] - C:\Windows\Installer\{54D05374-2428-7BE0-58CD-CE8031163DE6}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:00] - [88102] - C:\Windows\Installer\{5C6AFE98-08BF-086A-300D-18F77D284966}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:43] - [88102] - C:\Windows\Installer\{5C757800-27E8-2AE3-889A-8B959AE689F8}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:48:23] - [88102] - C:\Windows\Installer\{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:28] - [88102] - C:\Windows\Installer\{5D3EC645-B957-36A1-068A-FE8450963669}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:55] - [88102] - C:\Windows\Installer\{61B90A4D-8CC9-2FED-2495-AC8C9467C984}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:33] - [88102] - C:\Windows\Installer\{7C5B13DA-6A68-86C7-ED29-610CA0F49555}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:45:53] - [88102] - C:\Windows\Installer\{80680785-2EE1-053F-9CD3-4B2C904596EE}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:54] - [88102] - C:\Windows\Installer\{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:31] - [88102] - C:\Windows\Installer\{A3806AB7-AB46-7672-A825-F9AE0DE6910A}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:15] - [88102] - C:\Windows\Installer\{B079957C-3276-4B9F-DB08-D1CA8C090D9E}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:45:59] - [88102] - C:\Windows\Installer\{B12BE177-DC00-5746-3AB9-91CD090AF555}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:11] - [88102] - C:\Windows\Installer\{BF5509A0-250A-25EA-0C19-61505E9EBA13}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:02] - [88102] - C:\Windows\Installer\{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:11] - [88102] - C:\Windows\Installer\{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:47:29] - [4846] - C:\Windows\Installer\{E7ACB435-E0B4-4770-77DE-ED38887CD133}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:48] - [88102] - C:\Windows\Installer\{EB766D4A-C56C-946D-F74D-43C78FE4521E}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:56] - [88102] - C:\Windows\Installer\{ED0D7699-1943-0C29-7465-6530F8DE2DA2}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:02] - [88102] - C:\Windows\Installer\{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:06] - [88102] - C:\Windows\Installer\{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:58] - [88102] - C:\Windows\Installer\{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}\ARPPRODUCTICON.exe     () - ()
[29/05/2023 09:46:19] - [88102] - C:\Windows\Installer\{FDF2FE33-426D-45C2-4E70-76C162F1B790}\ARPPRODUCTICON.exe     () - ()

---------- | %System%\*.in*

[22/08/2013 17:36:48] - [75] - C:\Windows\System32\desktop.ini
[22/08/2013 10:30:15] - [16284] - C:\Windows\System32\ieuinit.inf
[21/11/2014 10:44:26] - [4076] - C:\Windows\System32\PerfStringBackup.INI
[22/08/2013 08:56:03] - [60124] - C:\Windows\System32\tcpmon.ini
[21/11/2014 10:52:27] - [2255] - C:\Windows\System32\WimBootCompress.ini
[22/08/2013 03:43:03] - [16284] - C:\Windows\Syswow64\ieuinit.inf
[21/11/2014 10:52:42] - [2255] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.BE452D7BF880125D2832F99BFDBFD1AE] - |A| - [22/08/2013 08:57:05] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb
[MD5.F6EAEE0DA9BE8D6F149ACE957D41AE80] - |A| - [21/11/2014 11:16:28] - (.-.) - [423.47 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/06/2023 10:13:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\DMI1E2C.tmp
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:40] - [0 Ko] - C:\Windows\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [3882.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.83C0B3FED669FCEEF24B72458F7C1D8A] - |A| - [21/07/2014 22:03:42] - (.-.) - [131.5 Ko] - (0.0.0.0) - C:\Windows\System32\amdhdl64.dll
[MD5.87934E2EB2D6362490EC20C8C3C47BC6] - |A| - [21/07/2014 22:03:42] - (.-.) - [403 Ko] - (0.0.0.0) - C:\Windows\System32\amdmiracast.dll
[MD5.9929E58AB4181979CE5F4A8F474B62F5] - |A| - [21/07/2014 22:04:04] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.2 Runtime.) - [28693.5 Ko] - (10.0.1348.5) - C:\Windows\System32\amdocl64.dll
[MD5.ECC9D68F5BEF5CD67BE2D2F758661980] - |A| - [21/07/2014 22:04:04] - (.-.) - [1159.51 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_as64.exe
[MD5.DD3E0FE46F9AB3F9A339F4DD3B2B2E4C] - |A| - [21/07/2014 22:04:04] - (.-.) - [1037.01 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_ld64.exe
[MD5.C5A5D65C2D7732B7C2D63CD6F57A7B2D] - |A| - [21/07/2014 22:04:06] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll
[MD5.3C7600CDA882D9B73A5DBD023B83FC9B] - |A| - [21/11/2014 11:16:04] - (.-.) - [379.9 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [529.69 Ko] - C:\Windows\System32\ar-SA
[MD5.7C6C74AB778BC3B7683017A6026B2B35] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [1117.5 Ko] - (6.14.10.1129) - C:\Windows\System32\atiadlxx.dll
[MD5.579E9592AE6F0C56896BAC2BA0723686] - |A| - [21/07/2014 22:04:06] - (.-.) - [537.57 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb
[MD5.C4AA588A6E6EF1E59E80EDF084A02A74] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [360 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe
[MD5.749584902AE80A53EFDA4F8FA03E1713] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2008 Advanced Micro Devices, Inc. - ATIBRTMON.) - [116 Ko] - (2.0.0.0) - C:\Windows\System32\atibtmon.exe
[MD5.E270AFD3091444785EE4CD04D2705936] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [54.5 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalcl64.dll
[MD5.01D27BB8AD954E099288330F2137C31F] - |A| - [21/07/2014 22:04:14] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15348 Ko] - (6.14.10.1848) - C:\Windows\System32\aticaldd64.dll
[MD5.0F2C6B8C896CB7080E51CED7DCA8EE92] - |A| - [21/07/2014 22:04:16] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [61 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalrt64.dll
[MD5.867CDA25497E8A6B878A189EE5736498] - |A| - [21/07/2014 22:04:16] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1287.65 Ko] - (8.17.10.1247) - C:\Windows\System32\aticfx64.dll
[MD5.57501E8CB62C0ED9DD99E2AFE064C514] - |A| - [21/07/2014 22:04:16] - (.2002-2012 - Graphics DEM.) - [432 Ko] - (4.5.5298.37087) - C:\Windows\System32\atidemgy.dll
[MD5.A6290EBBB8DBF3426F022EFC98A46779] - |A| - [21/07/2014 22:04:22] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [9525.15 Ko] - (8.17.10.525) - C:\Windows\System32\atidxx64.dll
[MD5.89B1B68B76363ABD2E24E3BB614CE53C] - |A| - [21/07/2014 22:04:24] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [574.5 Ko] - (6.14.11.1164) - C:\Windows\System32\atieclxx.exe
[MD5.6CF81DD5083D7F94A7E76E50429A949C] - |A| - [21/07/2014 22:04:24] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [234 Ko] - (6.14.11.1164) - C:\Windows\System32\atiesrxx.exe
[MD5.E6F08F8A43BB02915B778D8767934EC6] - |A| - [21/07/2014 22:04:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [73 Ko] - (8.14.1.6354) - C:\Windows\System32\atig6pxx.dll
[MD5.FAA19E9F9B4CECC7AFA4684ADD37250F] - |A| - [21/07/2014 22:04:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [98 Ko] - (8.14.1.6354) - C:\Windows\System32\atig6txx.dll
[MD5.C640A5D15DE097BE8F3860187E51D601] - |A| - [21/07/2014 22:04:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68 Ko] - (8.14.1.6354) - C:\Windows\System32\atiglpxx.dll
[MD5.D68F4FBFC475E5E64260169B8BE9D5E6] - |A| - [21/07/2014 22:04:24] - (.-.) - [704.39 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat
[MD5.A203932D01E57D16E06D8987A603207C] - |A| - [21/07/2014 22:04:30] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll
[MD5.1FA0535466D8899901643452FF0A7AEF] - |A| - [21/07/2014 22:04:30] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [30.5 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll
[MD5.57A4BE04E15894E81A3FE0E8CBB16B3C] - |A| - [21/07/2014 22:04:38] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [25734.5 Ko] - (6.14.10.12618) - C:\Windows\System32\atio6axx.dll
[MD5.A6BAAA6608A9B00220E9D5C023FC53D1] - |A| - [21/07/2014 22:04:38] - (.Copyright (C) 2008 - ATIODCLI Application.) - [50 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe
[MD5.463FFBD3350E3EB57F7D5746EBD233CA] - |A| - [21/07/2014 22:04:38] - (.Copyright (C) 2008 - ATIODE Application.) - [325 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [21/07/2014 22:04:46] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\System32\atipblag.dat
[MD5.7E8BC710E0B932EEB2BB8CCEFB302D59] - |A| - [21/07/2014 22:04:46] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [186.5 Ko] - (6.14.11.25) - C:\Windows\System32\atitmm64.dll
[MD5.02A4E519659652BF606A79B152F8C432] - |A| - [21/07/2014 22:04:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [112.8 Ko] - (8.14.1.6354) - C:\Windows\System32\atiu9p64.dll
[MD5.3379E7E075A9F430CC60667ECCE9B549] - |A| - [21/07/2014 22:04:48] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [7570.23 Ko] - (9.14.10.1001) - C:\Windows\System32\atiumd64.dll
[MD5.0C7B057AE1F740786F41999B51C951D9] - |A| - [21/07/2014 22:04:50] - (.-.) - [3346.38 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap
[MD5.60C8A1F53BE76E2EF92EFFF0F96377CD] - |A| - [21/07/2014 22:04:52] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8718.46 Ko] - (8.14.10.429) - C:\Windows\System32\atiumd6a.dll
[MD5.1FC51C8E2EC6D156C4907C27B3432EA0] - |A| - [21/07/2014 22:04:58] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [139.95 Ko] - (8.14.1.6354) - C:\Windows\System32\atiuxp64.dll
[MD5.EE8B93F0A196F70FDA0C18BB40386433] - |A| - [21/07/2014 22:04:58] - (.-.) - [81.59 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat
[MD5.9633F90657A212F3EF98BF9F9493D083] - |A| - [21/07/2014 22:04:58] - (.-.) - [228.55 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat
[MD5.76E6DBFC06B27F745C37BDF6276792BD] - |A| - [21/07/2014 22:04:58] - (.-.) - [228.3 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [21/07/2014 22:04:58] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [21/07/2014 22:04:58] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [22/08/2013 17:36:38] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config
[MD5.531F17189C60ED61BDE4DCC82CC66B59] - |A| - [26/01/2017 09:26:44] - (.-.) - [73.48 Ko] - (0.0.0.0) - C:\Windows\System32\bdmjpeg64.dll
[MD5.2F42956D6772A840D47C92C48004C946] - |A| - [26/01/2017 09:26:50] - (.-.) - [74.01 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpega64.acm
[MD5.12C2E65CA9CDFB4E77B65CC311FD97C3] - |A| - [26/01/2017 09:26:46] - (.-.) - [73.51 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpegv64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [530.09 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [5980.69 Ko] - C:\Windows\System32\Boot
[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - |A| - [21/11/2014 11:16:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [94 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0.93 Ko] - C:\Windows\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [76116.34 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [53272.08 Ko] - C:\Windows\System32\catroot2
[MD5.29CE8104F3995C6CBCB0D2EC649CDE81] - |A| - [21/07/2014 22:05:22] - (.-.) - [225.5 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1628.46 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.35A4C50BFD9831495FC7B5C35E35A825] - |A| - [21/07/2014 22:05:22] - (.AMD. - CoInstaller DLL.) - [132 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_13.251.9001.1001.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [362.5 Ko] - C:\Windows\System32\Com
[MD5.00000000000000000000000000000000] - |SD| - [21/11/2014 17:56:33] - [14148.8 Ko] - C:\Windows\System32\CompatTel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [217394.38 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 17:36:31] - [19.02 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [403.51 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [365.41 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [416.73 Ko] - C:\Windows\System32\de-DE
[MD5.08750A50CF027F93070C8BB78E27C3B7] - |ASH| - [22/08/2013 17:36:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [21/11/2014 10:53:12] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\Windows\System32\dfpinc.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [6140.67 Ko] - C:\Windows\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [328 Ko] - C:\Windows\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [67813.76 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:31:28] - [624167.81 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 17:36:30] - [83.5 Ko] - C:\Windows\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [635.08 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:40] - [1680 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [300.48 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [36144.69 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [396.31 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [305.41 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [386.12 Ko] - C:\Windows\System32\fi-FI
[MD5.92AFBE9041DC57E02FF3EF95A8479AE6] - |A| - [02/06/2023 15:59:34] - (.-.) - [330.01 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [415.29 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.55158C8F4CFAB021134137B68BBFD01F] - |A| - [22/08/2013 08:58:31] - (.-.) - [72.53 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [491.52 Ko] - C:\Windows\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [335.47 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [412.53 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.EB4E7F45BFF3828AF307963A80038975] - |A| - [30/05/2023 19:34:57] - (.-.) - [767.5 Ko] - (0.0.0.0) - C:\Windows\System32\im-fre.exe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23316.67 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [4637.5 Ko] - C:\Windows\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [411.2 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [559.29 Ko] - C:\Windows\System32\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [664.2 Ko] - C:\Windows\System32\ko-KR
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [22/08/2013 08:59:51] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [86.43 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [25.97 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [346.75 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [349.78 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [24182.85 Ko] - C:\Windows\System32\Macromed
[MD5.1274AF76C5B0409043D96E071A82C72A] - |A| - [30/05/2023 19:34:53] - (.-.) - [44.95 Ko] - (0.0.0.0) - C:\Windows\System32\MDA_NTDRV.sys
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 16:45:10] - [4.18 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [4605 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [44080.56 Ko] - C:\Windows\System32\migwiz
[MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [22/08/2013 08:53:23] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [5.5 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [367.66 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [22/08/2013 08:58:31] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [393.83 Ko] - C:\Windows\System32\nl-NL
[MD5.F746E5DDC489931AD269ECFFA4A39815] - |A| - [22/08/2013 17:36:38] - (.-.) - [8.5 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [22/08/2013 08:52:33] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [13396.66 Ko] - C:\Windows\System32\oobe
[MD5.ECB6BAECECCF79E0916C946CDE1C0A07] - |A| - [21/07/2014 22:05:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [98 Ko] - (10.0.1348.5) - C:\Windows\System32\OpenVideo64.dll
[MD5.7BC85035917933E7DF7F7D515BD99DFC] - |A| - [21/07/2014 22:05:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [84.5 Ko] - (10.0.1348.5) - C:\Windows\System32\OVDecode64.dll
[MD5.BE38E1EABDC92CCAC657830A15CAF3A4] - |A| - [22/08/2013 17:39:08] - (.-.) - [139.83 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [22/08/2013 17:39:08] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.6EFDF53F1F5C5D1ACCFF66DC297DF515] - |A| - [22/08/2013 17:39:08] - (.-.) - [686.83 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.FEEEC65C2D2A2DC28F19AD19035A3A79] - |A| - [21/11/2014 10:44:26] - (.-.) - [3.98 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [414.94 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:39] - [413.88 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [22/08/2013 11:17:09] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [396.25 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [394.39 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [1.02 Ko] - C:\Windows\System32\Recovery
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [366.01 Ko] - C:\Windows\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [608.16 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [22/08/2013 12:54:19] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [3.92 Ko] - C:\Windows\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [22/08/2013 08:55:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [347.75 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [333.1 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:40] - [45.92 Ko] - C:\Windows\System32\slmgr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [12113.02 Ko] - C:\Windows\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [7791.31 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [43518.89 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [4003.87 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.63 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [224.5 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [341.23 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.B7CC32E00C5C5152D221DF182827F58E] - |A| - [21/11/2014 11:15:38] - (.-.) - [49.56 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [2640 Ko] - C:\Windows\System32\sru
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [22/08/2013 08:57:09] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [373.81 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [1533.6 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [1074.49 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - |A| - [21/11/2014 10:52:24] - (.-.) - [136.33 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [408.06 Ko] - C:\Windows\System32\Tasks
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [22/08/2013 08:56:03] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.60CE51972E0A06217C52202F7208EB9A] - |A| - [22/08/2013 12:18:00] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [555.95 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [394.54 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [542 Ko] - C:\Windows\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [67041.1 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:39] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [37759.47 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [22/08/2013 10:29:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [46 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [14.53 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [27.59 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [7299.07 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [69848 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1928.5 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:40] - [100.11 Ko] - C:\Windows\System32\winrm
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [22/08/2013 08:57:09] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [390.47 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [407.15 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [406.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:41] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [2228.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.E42605BFEB376CE46FEE0AC54F5DC217] - |A| - [21/07/2014 22:03:42] - (.-.) - [120.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdhdl32.dll
[MD5.171AFB08DF01F6DFA61A4BB8D41ED4D5] - |A| - [21/07/2014 22:03:52] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 1.2 Runtime.) - [24277.5 Ko] - (10.0.1348.5) - C:\Windows\SysWOW64\amdocl.dll
[MD5.56B986D13C74903FE27B71BA85C76037] - |A| - [21/07/2014 22:04:04] - (.-.) - [972.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_as32.exe
[MD5.28F4F5BAC73505F71B8AEC95B7FBE1DD] - |A| - [21/07/2014 22:04:04] - (.-.) - [780.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_ld32.exe
[MD5.261A1E5A929CF97FD91F4E2164513BCC] - |A| - [21/07/2014 22:04:04] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [513.69 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.AB783A0B11AAD95FD99EEC5900F6C8F4] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2008-2011 Advanced Micro Devices, Inc. - ADL.) - [806 Ko] - (6.14.10.1129) - C:\Windows\SysWOW64\atiadlxy.dll
[MD5.579E9592AE6F0C56896BAC2BA0723686] - |A| - [21/07/2014 22:04:06] - (.-.) - [537.57 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb
[MD5.3FFF932E38D884DC4980D2948242B5EA] - |A| - [21/07/2014 22:04:06] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalcl.dll
[MD5.F400B796047B871C78C244B21807FC7F] - |A| - [21/07/2014 22:04:10] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13967 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticaldd.dll
[MD5.87B95EDDE3FEC879EDF0825C218C127E] - |A| - [21/07/2014 22:04:14] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [51 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalrt.dll
[MD5.9E688C01B4C6070CA10125A8D58F00E9] - |A| - [21/07/2014 22:04:16] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1074.43 Ko] - (8.17.10.1247) - C:\Windows\SysWOW64\aticfx32.dll
[MD5.64F3BD22714DC650084328154A8A6B9B] - |A| - [21/07/2014 22:04:20] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [8209.01 Ko] - (8.17.10.525) - C:\Windows\SysWOW64\atidxx32.dll
[MD5.20B011DDE81CC0403D053F35D217DDD3] - |A| - [21/07/2014 22:04:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [94.5 Ko] - (8.14.1.6354) - C:\Windows\SysWOW64\atigktxx.dll
[MD5.C640A5D15DE097BE8F3860187E51D601] - |A| - [21/07/2014 22:04:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68 Ko] - (8.14.1.6354) - C:\Windows\SysWOW64\atiglpxx.dll
[MD5.D77830F22E9A9020437B1266D3D06693] - |A| - [21/07/2014 22:04:28] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll
[MD5.D9BA95B5A361353C10B2D91C5935B796] - |A| - [21/07/2014 22:04:46] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [21638.5 Ko] - (6.14.10.12618) - C:\Windows\SysWOW64\atioglxx.dll
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [21/07/2014 22:04:46] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atipblag.dat
[MD5.3891AFF28BF57CDD413AFD00335B87A8] - |A| - [21/07/2014 22:04:46] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [96.19 Ko] - (8.14.1.6354) - C:\Windows\SysWOW64\atiu9pag.dll
[MD5.C6B2E30B577C4E1A7D5FE562021DDC00] - |A| - [21/07/2014 22:04:54] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [6474.84 Ko] - (9.14.10.1001) - C:\Windows\SysWOW64\atiumdag.dll
[MD5.1535F349C16769F331E0B383C188C22D] - |A| - [21/07/2014 22:04:56] - (.-.) - [3379.92 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap
[MD5.5F35C5C82AC555A900E65D09C0DC4B7E] - |A| - [21/07/2014 22:04:58] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8092.78 Ko] - (8.14.10.429) - C:\Windows\SysWOW64\atiumdva.dll
[MD5.A1F2E63A393A958FBD2F127815BE1685] - |A| - [21/07/2014 22:04:58] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [123.38 Ko] - (8.14.1.6354) - C:\Windows\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [21/07/2014 22:04:58] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [21/07/2014 22:04:58] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat
[MD5.69BC2386DFA5E79BCDD1079B59CCA1C4] - |A| - [26/01/2017 09:26:38] - (.-.) - [69.48 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmjpeg.dll
[MD5.9B3C54A9C49CA00F5A9DA7C7F84A57F9] - |A| - [26/01/2017 09:26:48] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpega.acm
[MD5.90476773F98F4AE0A3CB013F4D21650B] - |A| - [26/01/2017 09:26:44] - (.-.) - [69.51 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpegv.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [511.09 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.1ED7171BE5B2E3477678ECF4BE5ED76D] - |A| - [31/08/2016 05:26:22] - (.Copyright (C) W.ch 2001-2015 - DLL for CH372/CH375/CH376/CH378, by W.ch.) - [20.52 Ko] - (2.30.2015.12) - C:\Windows\SysWOW64\CH375DLL.DLL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [316 Ko] - C:\Windows\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [0 Ko] - C:\Windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [385.01 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [347.91 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [396.73 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [4706.67 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [327.5 Ko] - C:\Windows\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [3387.15 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [614.08 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:41] - [1653.5 Ko] - C:\Windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [282.98 Ko] - C:\Windows\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [31311.88 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [376.81 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [288.41 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [367.62 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.1892A823ACF268C7177B285294B03138] - |A| - [29/09/2015 22:31:00] - (.Copyright (C) 2012 - Morae Recorder Firefox extension.) - [73.81 Ko] - (1.0.0.1) - C:\Windows\SysWOW64\FirefoxCaptureBridge.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [394.79 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [476.02 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [317.47 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [393.03 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [18875.67 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [184 Ko] - C:\Windows\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [391.7 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [547.29 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.5ACD11DF2AA5F3E3F30F785589B70347] - |A| - [13/11/2005 20:07:12] - (.-.) - [6.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\kc.exe
[MD5.6315AB54B0156C7B5B1B6E499601C171] - |A| - [29/10/2006 17:36:54] - (.Killer{R} -.) - [1158 Ko] - (2.8.4.0) - C:\Windows\SysWOW64\killcopy.exe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [652.7 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [86.43 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [328.75 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [331.78 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [19449.57 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [3033.5 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [789 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [5.5 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [350.66 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [374.83 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [636.5 Ko] - C:\Windows\SysWOW64\oobe
[MD5.6E1EA774EB7393B0F982DF429996D60F] - |A| - [21/07/2014 22:05:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [82 Ko] - (10.0.1348.5) - C:\Windows\SysWOW64\OpenVideo.dll
[MD5.AA3A92AF25ABABCD3A979D4A4CA7F15D] - |A| - [21/07/2014 22:05:22] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [72 Ko] - (10.0.1348.5) - C:\Windows\SysWOW64\OVDecode.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [394.94 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:40] - [413.88 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [377.25 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [375.39 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0.76 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [347.51 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [589.66 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [328.25 Ko] - C:\Windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [314.6 Ko] - C:\Windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:41] - [45.92 Ko] - C:\Windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:16] - [0 Ko] - C:\Windows\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [4213.31 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [558.28 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [23.63 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [206.5 Ko] - C:\Windows\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [323.23 Ko] - C:\Windows\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [356.31 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [21/11/2014 10:00:41] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [538.95 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [377.04 Ko] - C:\Windows\SysWOW64\tr-TR

---------- | [3rem_juin_tournage]

[30/05/2023 10:36:11] - |HD| - [813162215] - C:\Users\3rem_juin_tournage\AppData
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Application Data
[30/05/2023 19:27:37] - |RD| - [412] - C:\Users\3rem_juin_tournage\Contacts
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Cookies
[30/05/2023 10:36:11] - |RD| - [705785193] - C:\Users\3rem_juin_tournage\Desktop
[30/05/2023 10:36:11] - |RD| - [1677] - C:\Users\3rem_juin_tournage\Documents
[30/05/2023 10:36:11] - |RD| - [1515835140] - C:\Users\3rem_juin_tournage\Downloads
[30/05/2023 10:36:11] - |RD| - [690] - C:\Users\3rem_juin_tournage\Favorites
[30/05/2023 10:36:11] - |RD| - [3481] - C:\Users\3rem_juin_tournage\Links
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Local Settings
[30/05/2023 10:36:11] - |RD| - [504] - C:\Users\3rem_juin_tournage\Music
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\My Documents
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\NetHood
[30/05/2023 10:36:11] - |AH| - [786432] - C:\Users\3rem_juin_tournage\NTUSER.DAT
[30/05/2023 10:36:11] - |ASH| - [1540096] - C:\Users\3rem_juin_tournage\ntuser.dat.LOG1
[30/05/2023 10:36:11] - |ASH| - [974848] - C:\Users\3rem_juin_tournage\ntuser.dat.LOG2
[30/05/2023 10:36:11] - |ASH| - [65536] - C:\Users\3rem_juin_tournage\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TM.blf
[30/05/2023 10:36:11] - |ASH| - [524288] - C:\Users\3rem_juin_tournage\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TMContainer00000000000000000001.regtrans-ms
[30/05/2023 10:36:11] - |ASH| - [524288] - C:\Users\3rem_juin_tournage\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TMContainer00000000000000000002.regtrans-ms
[30/05/2023 10:36:12] - |SH| - [20] - C:\Users\3rem_juin_tournage\ntuser.ini
[30/05/2023 10:36:11] - |RD| - [576369851] - C:\Users\3rem_juin_tournage\Pictures
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\PrintHood
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Recent
[30/05/2023 10:36:11] - |RD| - [282] - C:\Users\3rem_juin_tournage\Saved Games
[30/05/2023 10:36:34] - |RD| - [1879] - C:\Users\3rem_juin_tournage\Searches
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\SendTo
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Start Menu
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\Templates
[30/05/2023 10:36:11] - |RD| - [14418936] - C:\Users\3rem_juin_tournage\Videos
[30/05/2023 10:36:11] - |D| - [690569378] - C:\Users\3rem_juin_tournage\AppData\Local
[30/05/2023 10:36:12] - |D| - [234532] - C:\Users\3rem_juin_tournage\AppData\LocalLow
[30/05/2023 10:36:11] - |D| - [122358305] - C:\Users\3rem_juin_tournage\AppData\Roaming
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\Application Data
[31/05/2023 09:03:41] - |D| - [40051] - C:\Users\3rem_juin_tournage\AppData\Local\Ashampoo
[30/05/2023 19:28:40] - |D| - [41231850] - C:\Users\3rem_juin_tournage\AppData\Local\CrashDumps
[31/05/2023 09:03:37] - |D| - [545489] - C:\Users\3rem_juin_tournage\AppData\Local\CrashRpt
[02/06/2023 20:02:01] - |D| - [66301] - C:\Users\3rem_juin_tournage\AppData\Local\Diagnostics
[30/05/2023 11:53:13] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\EmieBrowserModeList
[30/05/2023 11:53:13] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\EmieSiteList
[30/05/2023 11:53:13] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\EmieUserList
[01/06/2023 04:55:03] - |D| - [153340] - C:\Users\3rem_juin_tournage\AppData\Local\GoodSync
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\History
[02/06/2023 15:56:17] - |AH| - [16132] - C:\Users\3rem_juin_tournage\AppData\Local\IconCache.db
[30/05/2023 10:36:11] - |D| - [219070386] - C:\Users\3rem_juin_tournage\AppData\Local\Microsoft
[30/05/2023 14:35:35] - |D| - [129413504] - C:\Users\3rem_juin_tournage\AppData\Local\Mozilla
[30/05/2023 10:36:25] - |D| - [7680505] - C:\Users\3rem_juin_tournage\AppData\Local\Packages
[30/05/2023 15:54:53] - |D| - [4170172] - C:\Users\3rem_juin_tournage\AppData\Local\PrivaZer
[30/05/2023 13:54:39] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\Programs
[30/05/2023 10:36:11] - |D| - [44234318] - C:\Users\3rem_juin_tournage\AppData\Local\Temp
[30/05/2023 10:36:12] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\Temporary Internet Files
[30/05/2023 19:27:26] - |D| - [7297] - C:\Users\3rem_juin_tournage\AppData\Local\VirtualStore
[30/05/2023 10:41:28] - |D| - [243822031] - C:\Users\3rem_juin_tournage\AppData\Local\Waterfox
[30/05/2023 14:34:09] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Local\Wondershare
[03/06/2023 09:13:39] - |D| - [118002] - C:\Users\3rem_juin_tournage\AppData\Local\ZHP
[31/05/2023 08:58:40] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\LocalLow\EmieBrowserModeList
[31/05/2023 08:58:36] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\LocalLow\EmieSiteList
[31/05/2023 08:58:40] - |SHD| - [0] - C:\Users\3rem_juin_tournage\AppData\LocalLow\EmieUserList
[30/05/2023 10:43:37] - |SD| - [234532] - C:\Users\3rem_juin_tournage\AppData\LocalLow\Microsoft
[30/05/2023 10:41:28] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\LocalLow\Mozilla
[30/05/2023 11:52:57] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\Adobe
[03/06/2023 10:59:22] - |D| - [524] - C:\Users\3rem_juin_tournage\AppData\Roaming\Bandicam Company
[02/06/2023 13:50:26] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\BeeDoctor
[31/05/2023 02:44:59] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\Daum
[30/05/2023 18:49:10] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\IObit
[30/05/2023 10:36:11] - |SD| - [463908] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft
[30/05/2023 14:35:35] - |D| - [37534210] - C:\Users\3rem_juin_tournage\AppData\Roaming\Mozilla
[31/05/2023 02:44:50] - |D| - [190] - C:\Users\3rem_juin_tournage\AppData\Roaming\PotPlayerMini64
[02/06/2023 20:10:27] - |D| - [38183539] - C:\Users\3rem_juin_tournage\AppData\Roaming\Reincubate
[31/05/2023 09:03:47] - |D| - [5913961] - C:\Users\3rem_juin_tournage\AppData\Roaming\snaptron
[30/05/2023 10:41:28] - |D| - [36677916] - C:\Users\3rem_juin_tournage\AppData\Roaming\Waterfox
[30/05/2023 15:21:57] - |D| - [12] - C:\Users\3rem_juin_tournage\AppData\Roaming\WinRAR
[30/05/2023 16:13:51] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\Wise Disk Cleaner
[31/05/2023 02:53:59] - |D| - [368] - C:\Users\3rem_juin_tournage\AppData\Roaming\Wondershare
[31/05/2023 02:54:52] - |D| - [0] - C:\Users\3rem_juin_tournage\AppData\Roaming\ws_hook_cfg
[03/06/2023 09:13:39] - |D| - [3583677] - C:\Users\3rem_juin_tournage\AppData\Roaming\ZHP
[30/05/2023 19:27:37] - |SH| - [174] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[30/05/2023 10:36:11] - |RD| - [30302] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/05/2023 10:36:11] - |RD| - [3888] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/05/2023 10:36:11] - |RD| - [1486] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/05/2023 19:27:39] - |RD| - [174] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/06/2023 13:49:51] - |D| - [3987] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeeDoctor
[30/05/2023 10:36:11] - |SH| - [564] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[30/05/2023 10:36:11] - |A| - [369] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[30/05/2023 19:34:38] - |D| - [3134] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IM-Magic Partition Resizer Free
[30/05/2023 19:27:28] - |A| - [1471] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[30/05/2023 10:36:11] - |D| - [170] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/05/2023 10:36:11] - |A| - [369] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[30/05/2023 11:56:42] - |A| - [754] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps.com Platform.lnk
[02/06/2023 20:10:27] - |D| - [3181] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
[30/05/2023 11:43:12] - |RD| - [928] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/05/2023 10:36:11] - |RD| - [5274] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/05/2023 15:21:42] - |D| - [4553] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[30/05/2023 11:43:13] - |SH| - [174] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[30/05/2023 11:56:42] - |A| - [754] - C:\Users\3rem_juin_tournage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PortableApps.com Platform.lnk

---------- | [cewbe.securise.pasgm]

[29/05/2023 08:38:23] - |HD| - [9080441271] - C:\Users\cewbe.securise.pasgm\AppData
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Application Data
[29/05/2023 08:38:51] - |RD| - [412] - C:\Users\cewbe.securise.pasgm\Contacts
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Cookies
[29/05/2023 08:38:23] - |RD| - [9509986920] - C:\Users\cewbe.securise.pasgm\Desktop
[29/05/2023 08:38:23] - |RD| - [2283210052] - C:\Users\cewbe.securise.pasgm\Documents
[29/05/2023 08:38:23] - |RD| - [46269426] - C:\Users\cewbe.securise.pasgm\Downloads
[29/05/2023 08:38:23] - |RD| - [690] - C:\Users\cewbe.securise.pasgm\Favorites
[30/05/2023 03:57:30] - |D| - [0] - C:\Users\cewbe.securise.pasgm\iTop Private Browser
[29/05/2023 08:38:23] - |RD| - [2418] - C:\Users\cewbe.securise.pasgm\Links
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Local Settings
[29/05/2023 08:38:23] - |RD| - [504] - C:\Users\cewbe.securise.pasgm\Music
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\My Documents
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\NetHood
[29/05/2023 08:38:23] - |ASH| - [786432] - C:\Users\cewbe.securise.pasgm\NTUSER.DAT
[29/05/2023 08:38:24] - |ASH| - [16384] - C:\Users\cewbe.securise.pasgm\ntuser.dat.LOG1
[29/05/2023 08:38:24] - |ASH| - [1400832] - C:\Users\cewbe.securise.pasgm\ntuser.dat.LOG2
[29/05/2023 08:38:24] - |ASH| - [65536] - C:\Users\cewbe.securise.pasgm\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TM.blf
[29/05/2023 08:38:24] - |ASH| - [524288] - C:\Users\cewbe.securise.pasgm\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TMContainer00000000000000000001.regtrans-ms
[29/05/2023 08:38:24] - |ASH| - [524288] - C:\Users\cewbe.securise.pasgm\NTUSER.DAT{050e281c-7154-11e4-80c6-b8ca3aeea201}.TMContainer00000000000000000002.regtrans-ms
[29/05/2023 08:38:24] - |ASH| - [20] - C:\Users\cewbe.securise.pasgm\ntuser.ini
[29/05/2023 08:38:23] - |RD| - [407621687] - C:\Users\cewbe.securise.pasgm\Pictures
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\PrintHood
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Recent
[29/05/2023 08:38:23] - |RD| - [282] - C:\Users\cewbe.securise.pasgm\Saved Games
[29/05/2023 08:38:52] - |RD| - [1879] - C:\Users\cewbe.securise.pasgm\Searches
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\SendTo
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Start Menu
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\Templates
[29/05/2023 08:38:23] - |RD| - [504] - C:\Users\cewbe.securise.pasgm\Videos
[29/05/2023 08:38:23] - |D| - [8877904258] - C:\Users\cewbe.securise.pasgm\AppData\Local
[29/05/2023 08:38:24] - |D| - [237731] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow
[29/05/2023 08:38:23] - |HD| - [202299282] - C:\Users\cewbe.securise.pasgm\AppData\Roaming
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\Application Data
[29/05/2023 09:37:30] - |D| - [40051] - C:\Users\cewbe.securise.pasgm\AppData\Local\Ashampoo
[30/05/2023 04:07:34] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\cache
[29/05/2023 16:37:51] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\CEF
[29/05/2023 20:12:07] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\CrashDumps
[29/05/2023 09:37:26] - |D| - [56183] - C:\Users\cewbe.securise.pasgm\AppData\Local\CrashRpt
[29/05/2023 08:53:47] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\EmieBrowserModeList
[29/05/2023 08:53:47] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\EmieSiteList
[29/05/2023 08:53:47] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\EmieUserList
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\History
[30/05/2023 03:52:16] - |D| - [930] - C:\Users\cewbe.securise.pasgm\AppData\Local\iTop Private Browser
[29/05/2023 08:38:23] - |D| - [285539579] - C:\Users\cewbe.securise.pasgm\AppData\Local\Microsoft
[29/05/2023 09:00:39] - |D| - [251212781] - C:\Users\cewbe.securise.pasgm\AppData\Local\Mozilla
[29/05/2023 08:38:41] - |D| - [1222751] - C:\Users\cewbe.securise.pasgm\AppData\Local\Packages
[29/05/2023 09:04:20] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\Programs
[30/05/2023 04:05:39] - |D| - [191348] - C:\Users\cewbe.securise.pasgm\AppData\Local\StreamingVideoProvider
[29/05/2023 08:38:23] - |D| - [1993001] - C:\Users\cewbe.securise.pasgm\AppData\Local\Temp
[29/05/2023 08:38:24] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Local\Temporary Internet Files
[29/05/2023 08:38:43] - |D| - [8251642280] - C:\Users\cewbe.securise.pasgm\AppData\Local\VirtualStore
[30/05/2023 04:53:55] - |D| - [86005272] - C:\Users\cewbe.securise.pasgm\AppData\Local\Waterfox
[29/05/2023 15:57:22] - |D| - [82] - C:\Users\cewbe.securise.pasgm\AppData\Local\Wondershare
[29/05/2023 08:53:53] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\EmieBrowserModeList
[29/05/2023 08:53:41] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\EmieSiteList
[29/05/2023 08:53:53] - |SHD| - [0] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\EmieUserList
[29/05/2023 17:37:06] - |D| - [256] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\IObit
[29/05/2023 18:15:07] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\iTop Screen Recorder
[29/05/2023 08:38:28] - |SD| - [237475] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\Microsoft
[30/05/2023 04:53:56] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\LocalLow\Mozilla
[29/05/2023 08:38:44] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Adobe
[29/05/2023 15:49:07] - |D| - [524] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Bandicam Company
[29/05/2023 13:01:20] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Daum
[29/05/2023 11:15:58] - |D| - [114414749] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\FreeFileSync
[29/05/2023 17:29:41] - |D| - [61154] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\IObit
[29/05/2023 17:58:42] - |D| - [3784] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\iTop Data Recovery
[29/05/2023 18:11:15] - |D| - [313835] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\iTop Screen Recorder
[29/05/2023 17:50:39] - |D| - [3248] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\iTop VPN
[29/05/2023 08:38:23] - |SD| - [825706] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft
[29/05/2023 09:00:39] - |D| - [52913674] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Mozilla
[30/05/2023 04:07:29] - |D| - [40] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Opera Software
[29/05/2023 12:57:12] - |D| - [6036] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\PotPlayerMini64
[29/05/2023 09:37:32] - |D| - [6176377] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\snaptron
[30/05/2023 08:07:43] - |D| - [99006] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\vlc
[30/05/2023 04:53:55] - |D| - [27479654] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Waterfox
[29/05/2023 16:02:11] - |D| - [1495] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Wondershare
[29/05/2023 16:38:02] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\ws_hook_cfg
[29/05/2023 08:38:52] - |ASH| - [174] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[29/05/2023 08:38:23] - |RD| - [18781] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[29/05/2023 08:38:23] - |RD| - [3888] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[29/05/2023 08:38:23] - |RD| - [1486] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/05/2023 08:38:52] - |RD| - [174] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/05/2023 08:38:24] - |ASH| - [564] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/05/2023 08:38:24] - |A| - [369] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[29/05/2023 08:38:44] - |A| - [1471] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[29/05/2023 09:43:40] - |D| - [0] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy
[29/05/2023 08:38:23] - |D| - [170] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[29/05/2023 08:38:24] - |A| - [369] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[30/05/2023 04:02:39] - |D| - [4842] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ScreenRec
[29/05/2023 08:38:52] - |RD| - [174] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/05/2023 08:38:23] - |RD| - [5274] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[29/05/2023 08:38:52] - |ASH| - [174] - C:\Users\cewbe.securise.pasgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [EFM1_Sifatal_Désinf]

[29/05/2023 10:45:03] - |RD| - [298] - C:\Users\EFM1_Sifatal_Désinf\3D Objects
[29/05/2023 10:45:03] - |HD| - [3927550439] - C:\Users\EFM1_Sifatal_Désinf\AppData
[30/05/2023 17:47:18] - |D| - [7834000] - C:\Users\EFM1_Sifatal_Désinf\Application Data
[29/05/2023 11:13:53] - |RD| - [412] - C:\Users\EFM1_Sifatal_Désinf\Contacts
[30/05/2023 17:47:14] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\Cookies
[29/05/2023 11:13:53] - |RD| - [38585] - C:\Users\EFM1_Sifatal_Désinf\Desktop
[29/05/2023 11:13:54] - |RD| - [1600] - C:\Users\EFM1_Sifatal_Désinf\Documents
[29/05/2023 11:13:54] - |RD| - [769679510] - C:\Users\EFM1_Sifatal_Désinf\Downloads
[29/05/2023 11:28:22] - |RD| - [690] - C:\Users\EFM1_Sifatal_Désinf\Favorites
[29/05/2023 11:28:22] - |RD| - [1040] - C:\Users\EFM1_Sifatal_Désinf\Links
[30/05/2023 17:47:25] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\Local Settings
[29/05/2023 11:28:23] - |RD| - [504] - C:\Users\EFM1_Sifatal_Désinf\Music
[30/05/2023 17:47:26] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\NetHood
[29/05/2023 10:45:03] - |AH| - [6029312] - C:\Users\EFM1_Sifatal_Désinf\NTUSER.DAT
[29/05/2023 10:45:03] - |ASH| - [1376256] - C:\Users\EFM1_Sifatal_Désinf\ntuser.dat.LOG1
[29/05/2023 10:45:03] - |ASH| - [1530880] - C:\Users\EFM1_Sifatal_Désinf\ntuser.dat.LOG2
[29/05/2023 10:45:03] - |ASH| - [65536] - C:\Users\EFM1_Sifatal_Désinf\NTUSER.DAT{a2332f18-cdbf-11ec-8680-002248483d79}.TM.blf
[29/05/2023 10:45:03] - |ASH| - [524288] - C:\Users\EFM1_Sifatal_Désinf\NTUSER.DAT{a2332f18-cdbf-11ec-8680-002248483d79}.TMContainer00000000000000000001.regtrans-ms
[29/05/2023 10:45:03] - |ASH| - [524288] - C:\Users\EFM1_Sifatal_Désinf\NTUSER.DAT{a2332f18-cdbf-11ec-8680-002248483d79}.TMContainer00000000000000000002.regtrans-ms
[29/05/2023 10:45:03] - |ASH| - [20] - C:\Users\EFM1_Sifatal_Désinf\ntuser.ini
[29/05/2023 11:28:23] - |RD| - [694] - C:\Users\EFM1_Sifatal_Désinf\Pictures
[29/05/2023 11:28:24] - |RD| - [282] - C:\Users\EFM1_Sifatal_Désinf\Saved Games
[29/05/2023 11:28:24] - |RD| - [1020] - C:\Users\EFM1_Sifatal_Désinf\Searches
[29/05/2023 11:28:24] - |RD| - [504] - C:\Users\EFM1_Sifatal_Désinf\Videos
[29/05/2023 10:45:03] - |D| - [3919642845] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local
[29/05/2023 11:13:45] - |D| - [73594] - C:\Users\EFM1_Sifatal_Désinf\AppData\LocalLow
[29/05/2023 11:13:48] - |D| - [7834000] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming
[29/05/2023 10:45:04] - |D| - [8] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\AMD
[30/05/2023 17:47:06] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Application Data
[29/05/2023 10:45:04] - |D| - [46821] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Ashampoo
[29/05/2023 10:45:04] - |D| - [66989] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\ATI
[29/05/2023 10:45:04] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\CEF
[29/05/2023 10:45:04] - |D| - [18898948] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Comms
[29/05/2023 10:45:05] - |D| - [1087922] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\ConnectedDevicesPlatform
[29/05/2023 10:45:05] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\CrashDumps
[29/05/2023 10:45:07] - |D| - [66500] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\D3DSCache
[29/05/2023 10:45:07] - |D| - [107787] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Diagnostics
[30/05/2023 17:47:09] - |D| - [130] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\History
[29/05/2023 10:45:04] - |AH| - [16594] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\IconCache.db
[29/05/2023 10:45:08] - |D| - [238558889] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Microsoft
[29/05/2023 10:47:39] - |D| - [61638232] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Packages
[29/05/2023 10:48:41] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\PlaceholderTileLogoFolder
[29/05/2023 10:48:41] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Publishers
[29/05/2023 10:48:41] - |D| - [3599154025] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Temp
[30/05/2023 17:47:12] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\Temporary Internet Files
[29/05/2023 11:13:45] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Local\VirtualStore
[29/05/2023 11:13:45] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\LocalLow\IObit
[29/05/2023 11:13:45] - |SD| - [73594] - C:\Users\EFM1_Sifatal_Désinf\AppData\LocalLow\Microsoft
[29/05/2023 11:13:48] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Adobe
[29/05/2023 11:13:48] - |D| - [0] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\ATI
[29/05/2023 11:13:48] - |D| - [7168] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Avanquest
[29/05/2023 11:13:48] - |D| - [7480854] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Avast Software
[29/05/2023 11:13:50] - |D| - [170] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\IObit
[29/05/2023 11:13:50] - |SD| - [345796] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft
[29/05/2023 11:13:53] - |D| - [12] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\WinRAR
[29/05/2023 11:13:52] - |ASH| - [174] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[29/05/2023 11:13:52] - |RD| - [20749] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[29/05/2023 11:13:52] - |RD| - [6356] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[29/05/2023 11:13:52] - |RD| - [1674] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/05/2023 11:13:52] - |RD| - [174] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/05/2023 11:13:52] - |A| - [1281] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
[29/05/2023 11:13:52] - |ASH| - [522] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/05/2023 11:13:52] - |A| - [407] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
[29/05/2023 11:13:52] - |D| - [170] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[29/05/2023 11:13:52] - |RD| - [174] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[29/05/2023 11:13:52] - |RD| - [4913] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[29/05/2023 11:13:52] - |D| - [5078] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[29/05/2023 11:13:52] - |ASH| - [174] - C:\Users\EFM1_Sifatal_Désinf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [negation de pouf en forme de dél]

[30/05/2023 17:47:34] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData
[30/05/2023 17:47:45] - |D| - [0] - C:\Users\negation de pouf en forme de dél\Cookies
[30/05/2023 17:47:46] - |D| - [0] - C:\Users\negation de pouf en forme de dél\Music
[30/05/2023 17:47:47] - |D| - [0] - C:\Users\negation de pouf en forme de dél\Pictures
[30/05/2023 03:57:35] - |D| - [264177504] - C:\Users\negation de pouf en forme de dél\StreamingVideoProvider
[30/05/2023 17:47:49] - |D| - [0] - C:\Users\negation de pouf en forme de dél\Videos
[30/05/2023 17:47:34] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Local
[30/05/2023 17:47:44] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Roaming
[30/05/2023 17:47:38] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Local\Application Data
[30/05/2023 17:47:39] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Local\History
[30/05/2023 17:47:35] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Local\Microsoft
[30/05/2023 17:47:41] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Local\Temporary Internet Files
[30/05/2023 17:47:54] - |D| - [0] - C:\Users\negation de pouf en forme de dél\AppData\Roaming\Microsoft

---------- | [Public]

[17/05/2023 14:49:54] - |RHD| - [100573] - C:\Users\Public\AccountPictures
[20/05/2023 10:08:27] - |D| - [5582] - C:\Users\Public\CyberLink
[22/08/2013 17:36:30] - |RHD| - [35384] - C:\Users\Public\Desktop
[07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini
[07/12/2019 11:14:52] - |RD| - [1144552531] - C:\Users\Public\Documents
[07/12/2019 11:14:52] - |RD| - [174] - C:\Users\Public\Downloads
[22/08/2013 17:36:32] - |A| - [174] - C:\Users\Public\kc_rename.desktop.ini
[07/12/2019 11:14:52] - |RHD| - [2348] - C:\Users\Public\Libraries
[07/12/2019 11:14:52] - |RD| - [760] - C:\Users\Public\Music
[07/12/2019 11:14:52] - |RD| - [760] - C:\Users\Public\Pictures
[07/12/2019 11:14:52] - |RD| - [760] - C:\Users\Public\Videos

---------- | [twist]

[29/05/2023 11:28:24] - |A| - [95] - C:\Users\twist\.accessibility.properties
[29/05/2023 11:28:25] - |D| - [56] - C:\Users\twist\.cache
[29/05/2023 11:28:25] - |HD| - [1469] - C:\Users\twist\AppData
[29/05/2023 11:28:25] - |ASH| - [20] - C:\Users\twist\ntuser.ini
[29/05/2023 11:28:25] - |D| - [1209] - C:\Users\twist\AppData\Local
[29/05/2023 11:28:29] - |D| - [260] - C:\Users\twist\AppData\LocalLow
[30/05/2023 17:48:17] - |D| - [0] - C:\Users\twist\AppData\Roaming
[29/05/2023 11:28:25] - |D| - [905] - C:\Users\twist\AppData\Local\Abelssoft
[29/05/2023 11:28:26] - |D| - [256] - C:\Users\twist\AppData\Local\AdvertisingPopup
[29/05/2023 11:28:25] - |A| - [48] - C:\Users\twist\AppData\Local\computerid
[29/05/2023 11:28:29] - |D| - [260] - C:\Users\twist\AppData\LocalLow\IObit
[29/05/2023 11:28:29] - |SD| - [0] - C:\Users\twist\AppData\LocalLow\Microsoft
[30/05/2023 17:48:32] - |D| - [0] - C:\Users\twist\AppData\Roaming\Microsoft

---------- | C:\ProgramData

[18/05/2023 10:51:21] - |D| - [10314646] - C:\ProgramData\Acronis
[22/05/2023 07:55:09] - |D| - [12214] - C:\ProgramData\AMD
[27/05/2023 13:28:41] - |D| - [0] - C:\ProgramData\Anvisoft
[23/05/2023 08:12:26] - |D| - [51] - C:\ProgramData\AomeiBR
[23/05/2023 08:12:26] - |D| - [20] - C:\ProgramData\AOMEIPA
[22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Application Data
[29/05/2023 09:05:59] - |D| - [840492] - C:\ProgramData\Ashampoo
[21/05/2023 20:15:25] - |D| - [2962771] - C:\ProgramData\ASR8Settings
[22/05/2023 17:51:29] - |D| - [186] - C:\ProgramData\ATI
[30/05/2023 13:54:58] - |D| - [134011132] - C:\ProgramData\Auslogics
[24/05/2023 15:47:46] - |D| - [35658796] - C:\ProgramData\Avanquest
[18/05/2023 16:57:38] - |D| - [6856426] - C:\ProgramData\Avast Software
[25/05/2023 18:01:26] - |D| - [35967671] - C:\ProgramData\AVG
[02/06/2023 13:26:21] - |D| - [2158] - C:\ProgramData\Baidu Security
[02/06/2023 13:49:54] - |D| - [23718626] - C:\ProgramData\BeeDoctor
[23/05/2023 08:12:19] - |D| - [24] - C:\ProgramData\boost_interprocess
[20/05/2023 09:31:39] - |D| - [517] - C:\ProgramData\CLSK
[29/05/2023 17:47:46] - |D| - [2486] - C:\ProgramData\CyberLink
[22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Desktop
[18/05/2023 08:45:54] - |D| - [7000] - C:\ProgramData\DNSBackup
[22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Documents
[30/05/2023 15:54:28] - |D| - [0] - C:\ProgramData\Driver-Soft
[21/05/2023 08:28:40] - |D| - [84] - C:\ProgramData\EaseUS
[20/05/2023 15:55:50] - |D| - [12416] - C:\ProgramData\Emsisoft
[01/06/2023 04:57:48] - |D| - [319116] - C:\ProgramData\GoodSync
[30/05/2023 15:26:46] - |D| - [83053106] - C:\ProgramData\GridinSoft
[29/05/2023 18:10:16] - |D| - [0] - C:\ProgramData\install_backup
[20/05/2023 09:32:40] - |D| - [299408] - C:\ProgramData\install_clap
[19/05/2023 07:12:49] - |D| - [63816] - C:\ProgramData\IObit
[19/05/2023 07:32:10] - |D| - [1709] - C:\ProgramData\iTop
[30/05/2023 03:52:17] - |D| - [92836988] - C:\ProgramData\iTop Private Browser
[29/05/2023 17:50:31] - |D| - [32289] - C:\ProgramData\iTop VPN
[25/05/2023 18:34:32] - |RASHD| - [1024] - C:\ProgramData\Key-Base
[22/08/2013 15:36:15] - |SD| - [247226596] - C:\ProgramData\Microsoft
[29/05/2023 09:00:39] - |D| - [16737] - C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
[18/05/2023 12:54:22] - |D| - [1702178] - C:\ProgramData\OneSafe Driver Manager
[29/05/2023 09:06:07] - |D| - [36950812] - C:\ProgramData\Package Cache
[17/05/2023 15:09:23] - |D| - [43647811] - C:\ProgramData\Paragon
[17/05/2023 19:07:14] - |D| - [0] - C:\ProgramData\Paragon Software
[18/05/2023 13:48:27] - |D| - [3037867] - C:\ProgramData\Piriform
[30/05/2023 15:54:53] - |D| - [140] - C:\ProgramData\privazer
[19/05/2023 07:13:53] - |D| - [2906] - C:\ProgramData\ProductData
[22/08/2013 17:36:30] - |D| - [988] - C:\ProgramData\regid.1991-06.com.microsoft
[21/05/2023 20:10:25] - |D| - [3513992] - C:\ProgramData\ReviverSoft
[07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[23/05/2023 13:27:23] - |D| - [174840] - C:\ProgramData\Spybot - Search & Destroy
[08/09/2022 05:13:02] - |D| - [0] - C:\ProgramData\ssh
[22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Start Menu
[20/05/2023 15:27:03] - |D| - [8352] - C:\ProgramData\SystemAcCrux
[22/08/2013 16:45:52] - |SHD| - [0] - C:\ProgramData\Templates
[23/05/2023 13:57:47] - |D| - [131719] - C:\ProgramData\UCheck
[07/12/2019 11:14:52] - |D| - [8175616] - C:\ProgramData\USOPrivate
[07/12/2019 11:14:52] - |D| - [5943296] - C:\ProgramData\USOShared
[18/05/2023 08:36:25] - |D| - [3224] - C:\ProgramData\VPNBackup
[30/05/2023 04:53:55] - |D| - [195] - C:\ProgramData\Waterfox-1de4eec8-1241-4177-a864-e594e8d1fb38
[29/05/2023 15:34:13] - |D| - [265] - C:\ProgramData\Wondershare
[29/05/2023 15:34:12] - |D| - [70390323] - C:\ProgramData\Wondershare DemoCreator
[29/05/2023 15:58:10] - |D| - [69950] - C:\ProgramData\Wondershare DemoCreator Spark
[30/05/2023 14:34:09] - |D| - [0] - C:\ProgramData\Wondershare Filmora
[19/05/2023 07:32:22] - |D| - [1210] - C:\ProgramData\{150F4013-6884-4350-8DDC-6BFCB4C5DC15}
[24/05/2023 07:58:15] - |D| - [0] - C:\ProgramData\{7D4F950D-61ED-482D-A05D-43620B49B610}
[25/05/2023 18:34:34] - |D| - [0] - C:\ProgramData\{AE69CC69-D0C0-C96A-FBD7-9BA95E0CEA8F}
[24/05/2023 07:58:10] - |D| - [132] - C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[22/08/2013 17:36:33] - |AS| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[22/08/2013 17:36:30] - |RD| - [159782] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[30/05/2023 15:21:42] - |A| - [1110] - C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[22/08/2013 17:36:30] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[22/08/2013 17:36:30] - |RD| - [18212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[22/08/2013 17:36:30] - |RD| - [27216] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/05/2023 09:48:24] - |D| - [4305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[29/05/2023 09:05:59] - |D| - [1256] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[30/05/2023 13:59:11] - |D| - [2781] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[29/05/2023 15:46:42] - |D| - [1696] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[22/08/2013 08:57:22] - |RAS| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
[22/08/2013 17:36:33] - |AS| - [1086] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/08/2013 08:57:05] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[30/05/2023 19:32:22] - |D| - [1094] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoNotSpy78
[21/11/2014 17:57:14] - |RD| - [1818] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
[21/11/2014 10:52:51] - |RAS| - [2440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[29/05/2023 09:00:21] - |A| - [973] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[29/05/2023 11:15:56] - |A| - [1015] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
[01/06/2023 04:58:04] - |D| - [3834] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
[30/05/2023 15:26:48] - |D| - [1037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
[22/08/2013 08:54:10] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[30/05/2023 03:59:18] - |D| - [2647] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater
[29/05/2023 18:04:28] - |D| - [2312] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Data Recovery
[29/05/2023 18:14:03] - |D| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop Screen Recorder
[29/05/2023 18:03:32] - |D| - [2125] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTop VPN
[29/05/2023 09:43:41] - |D| - [5762] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy
[22/08/2013 17:36:30] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/06/2023 05:00:21] - |D| - [3653] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Morae
[29/05/2023 09:00:22] - |A| - [2119] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigation privée de Firefox.lnk
[30/05/2023 11:51:40] - |D| - [18965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Accelerate
[22/08/2013 08:57:08] - |RAS| - [2365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
[29/05/2023 12:57:32] - |D| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PotPlayer
[29/05/2023 11:15:56] - |A| - [991] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
[22/08/2013 08:45:50] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[22/08/2013 17:36:30] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[22/08/2013 17:36:30] - |RD| - [6359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[21/11/2014 10:25:32] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[30/05/2023 17:02:09] - |D| - [10141] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[30/05/2023 08:06:35] - |D| - [5838] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[30/05/2023 04:42:31] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[22/08/2013 08:48:43] - |RAS| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
[30/05/2023 15:21:42] - |D| - [4481] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[29/05/2023 15:57:04] - |D| - [6932] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[22/08/2013 17:36:33] - |AS| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[29/05/2023 10:43:52] - |AD| - [873950988] - C:\Program Files (x86)\1-Anti-Asarl X for 3à4rem
[29/05/2023 10:44:15] - |AD| - [0] - C:\Program Files (x86)\2-Twister & Anti-Twister X for 3&4rem
[29/05/2023 10:44:21] - |D| - [27588] - C:\Program Files (x86)\Acronis
[29/05/2023 10:44:22] - |D| - [42515981] - C:\Program Files (x86)\Advanced System Repair Pro 1.9.9.2.0
[29/05/2023 10:44:24] - |D| - [49799412] - C:\Program Files (x86)\Anvisoft
[29/05/2023 10:44:29] - |D| - [7178565] - C:\Program Files (x86)\AOMEI OneKey Recovery 1.7.1
[29/05/2023 11:37:45] - |D| - [548] - C:\Program Files (x86)\AOMEI Partition Assistant
[29/05/2023 09:04:32] - |D| - [339012528] - C:\Program Files (x86)\Ashampoo
[29/05/2023 09:45:53] - |D| - [64998222] - C:\Program Files (x86)\ATI Technologies
[30/05/2023 13:58:54] - |D| - [66941868] - C:\Program Files (x86)\Auslogics
[29/05/2023 11:37:47] - |D| - [3704897] - C:\Program Files (x86)\Avanquest
[29/05/2023 11:37:49] - |D| - [1110] - C:\Program Files (x86)\AVG
[02/06/2023 13:26:21] - |D| - [0] - C:\Program Files (x86)\Baidu Security
[29/05/2023 15:45:53] - |D| - [9130326] - C:\Program Files (x86)\BandiMPEG1
[02/06/2023 13:49:29] - |D| - [68455945] - C:\Program Files (x86)\BeeDoctor
[22/08/2013 15:36:15] - |D| - [134586432] - C:\Program Files (x86)\Common Files
[22/08/2013 17:36:33] - |AS| - [174] - C:\Program Files (x86)\desktop.ini
[30/05/2023 19:32:18] - |D| - [4978587] - C:\Program Files (x86)\DoNotSpy78
[29/05/2023 11:37:51] - |D| - [7625] - C:\Program Files (x86)\EaseUS
[29/05/2023 10:43:41] - |A| - [464092269] - C:\Program Files (x86)\IMG_0323.MOV
[22/08/2013 17:36:30] - |D| - [6852983] - C:\Program Files (x86)\Internet Explorer
[29/05/2023 17:36:27] - |D| - [96383922] - C:\Program Files (x86)\IObit
[29/05/2023 17:58:42] - |D| - [37898439] - C:\Program Files (x86)\iTop Data Recovery
[29/05/2023 18:11:06] - |D| - [0] - C:\Program Files (x86)\iTop Screen Recorder
[29/05/2023 17:50:42] - |D| - [84130663] - C:\Program Files (x86)\iTop VPN
[29/05/2023 09:43:35] - |D| - [781117] - C:\Program Files (x86)\KillSoft
[22/08/2013 17:36:30] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[29/05/2023 09:00:14] - |D| - [352623] - C:\Program Files (x86)\Mozilla Maintenance Service
[29/05/2023 10:42:59] - |D| - [412237] - C:\Program Files (x86)\NordVPN network TAP
[30/05/2023 11:51:40] - |D| - [2120376] - C:\Program Files (x86)\PC Accelerate
[29/05/2023 10:43:00] - |D| - [12599] - C:\Program Files (x86)\post-final annonce parents interdisent upload videos sur forums
[29/05/2023 10:43:00] - |D| - [689842] - C:\Program Files (x86)\reversed naturallyspeaking android 5 required for jobs uef sept a nov 2021 vers 2024
[29/05/2023 10:43:00] - |D| - [59756488] - C:\Program Files (x86)\Safer-Networking Ltd
[29/05/2023 10:43:03] - |D| - [334572479] - C:\Program Files (x86)\Spybot - Search & Destroy 2
[01/06/2023 05:00:13] - |D| - [34090811] - C:\Program Files (x86)\TechSmith
[30/05/2023 17:01:07] - |D| - [104715448] - C:\Program Files (x86)\Tweaking.com
[29/05/2023 10:43:37] - |D| - [9692165] - C:\Program Files (x86)\UsbFix
[22/08/2013 17:36:30] - |D| - [1228016] - C:\Program Files (x86)\Windows Defender
[22/08/2013 17:36:30] - |D| - [5953536] - C:\Program Files (x86)\Windows Mail
[22/08/2013 17:36:30] - |D| - [3315226] - C:\Program Files (x86)\Windows Media Player
[22/08/2013 17:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Multimedia Platform
[22/08/2013 17:36:30] - |D| - [7472698] - C:\Program Files (x86)\Windows NT
[22/08/2013 17:36:30] - |D| - [5495440] - C:\Program Files (x86)\Windows Photo Viewer
[22/08/2013 17:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Portable Devices
[22/08/2013 17:36:30] - |SD| - [0] - C:\Program Files (x86)\Windows Sidebar
[22/08/2013 17:36:30] - |D| - [0] - C:\Program Files (x86)\WindowsPowerShell
[30/05/2023 14:34:09] - |D| - [202866284] - C:\Program Files (x86)\Wondershare
[29/05/2023 10:43:40] - |AD| - [68356921] - C:\Program Files (x86)\Youtubeuse Lady Boo & ses cheveux verts

---------- | C:\Program Files

[29/05/2023 09:43:47] - |D| - [57795294] - C:\Program Files\AMD
[29/05/2023 09:47:27] - |D| - [5593344] - C:\Program Files\ATI Technologies
[29/05/2023 15:46:01] - |D| - [109481688] - C:\Program Files\Bandicam
[22/08/2013 15:36:15] - |D| - [55455726] - C:\Program Files\Common Files
[29/05/2023 12:56:36] - |D| - [153216094] - C:\Program Files\DAUM
[22/08/2013 17:36:45] - |ASH| - [174] - C:\Program Files\desktop.ini
[21/11/2014 17:57:14] - |D| - [1907200] - C:\Program Files\Embedded Lockdown Manager
[29/05/2023 11:15:45] - |D| - [54742851] - C:\Program Files\FreeFileSync
[30/05/2023 15:26:34] - |D| - [83536317] - C:\Program Files\GridinSoft Anti-Malware
[30/05/2023 19:34:31] - |D| - [21722084] - C:\Program Files\IM-Magic
[22/08/2013 17:36:31] - |D| - [26815836] - C:\Program Files\Internet Explorer
[29/05/2023 18:11:15] - |D| - [539056281] - C:\Program Files\iTop Screen Recorder
[29/05/2023 08:59:59] - |D| - [230673073] - C:\Program Files\Mozilla Firefox
[01/06/2023 04:57:34] - |D| - [106177349] - C:\Program Files\Siber Systems
[22/08/2013 16:47:10] - |HD| - [0] - C:\Program Files\Uninstall Information
[30/05/2023 08:06:01] - |D| - [185891381] - C:\Program Files\VideoLAN
[30/05/2023 04:42:23] - |D| - [260493953] - C:\Program Files\Waterfox
[22/08/2013 17:36:31] - |D| - [9599599] - C:\Program Files\Windows Defender
[21/11/2014 10:25:32] - |D| - [8954488] - C:\Program Files\Windows Journal
[22/08/2013 17:36:31] - |D| - [6312448] - C:\Program Files\Windows Mail
[22/08/2013 17:36:31] - |D| - [5367870] - C:\Program Files\Windows Media Player
[22/08/2013 17:36:31] - |D| - [286208] - C:\Program Files\Windows Multimedia Platform
[22/08/2013 17:36:31] - |D| - [7824954] - C:\Program Files\Windows NT
[22/08/2013 17:36:31] - |D| - [6426768] - C:\Program Files\Windows Photo Viewer
[22/08/2013 17:36:31] - |D| - [286208] - C:\Program Files\Windows Portable Devices
[22/08/2013 17:36:31] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[22/08/2013 17:36:31] - |HD| - [1019703202] - C:\Program Files\WindowsApps
[22/08/2013 17:36:31] - |D| - [0] - C:\Program Files\WindowsPowerShell
[30/05/2023 15:21:35] - |D| - [8768817] - C:\Program Files\WinRAR
[29/05/2023 15:34:12] - |D| - [1725135567] - C:\Program Files\Wondershare

---------- | C:\Program Files (x86)\Common Files

[29/05/2023 11:37:51] - |D| - [0] - C:\Program Files (x86)\Common Files\Anvisoft
[29/05/2023 17:40:11] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit
[22/08/2013 17:36:30] - |D| - [14976753] - C:\Program Files (x86)\Common Files\Microsoft Shared
[22/08/2013 17:36:30] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[22/08/2013 17:36:30] - |D| - [9705355] - C:\Program Files (x86)\Common Files\System
[30/05/2023 11:43:35] - |D| - [103166976] - C:\Program Files (x86)\Common Files\Wise Installation Wizard
[29/05/2023 15:57:15] - |D| - [6734646] - C:\Program Files (x86)\Common Files\Wondershare

---------- | C:\Program Files\Common files

[22/08/2013 17:36:31] - |D| - [44765141] - C:\Program Files\Common files\microsoft shared
[22/08/2013 17:36:31] - |D| - [2702] - C:\Program Files\Common files\Services
[22/08/2013 17:36:31] - |D| - [10687883] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.38DDD7E085A0315ADA764164479EA874] - [30/05/2023 15:55:52] - |A| - [382] - C:\Windows\Tasks\Driver Genius Skip UAC.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/08/2013 16:45:54] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.052895653ECD3A50547479462B5687B3] - [30/05/2023 17:02:51] - |A| - [574] - C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
[MD5.F7C5AF5A8151011F843ED64D3E8E886A] - [30/05/2023 11:53:19] - |AH| - [308] - C:\Windows\Tasks\User_Feed_Synchronization-{74492E6E-5209-49D7-B0F7-5478386330F0}.job
[MD5.00000000000000000000000000000000] - [22/08/2013 17:36:30] - |D| - [393852] - C:\Windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [29/05/2023 09:00:23] - |D| - [8288] - C:\Windows\System32\Tasks\Mozilla
[MD5.4485D9A6C6E0DFC007DA001A03267973] - [29/05/2023 08:44:09] - |A| - [3598] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4070541873-3344096699-3285931096-1001
[MD5.CD768DBD9C12D543BAB1657A7FE6AF80] - [30/05/2023 19:33:43] - |A| - [3598] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4070541873-3344096699-3285931096-1005
[MD5.60A988D90D8B8C5225A1606175C1D79B] - [29/05/2023 08:53:48] - |A| - [4004] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7AF8CA0-4EDB-4543-92B1-2C5BBD122EB4}         :   C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [29/05/2023 08:39:13] - |D| - [4516] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [22/08/2013 17:36:31] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WirelessDisplay-Out-UDP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-In-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"Netlogon-TCP-RPC-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-NamedPipe-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"TCP Query User{4D562E82-F0D9-4587-9732-136721301259}C:\program files\wondershare\wondershare democreator spark\democreator wsid service.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\wondershare\wondershare democreator spark\democreator wsid service.exe|Name=DemoCreator Wsid Service|Desc=DemoCreator Wsid Service|Defer=User|
"UDP Query User{515C28A9-2064-4D97-B9C9-EB3F875F0862}C:\program files\wondershare\wondershare democreator spark\democreator wsid service.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\wondershare\wondershare democreator spark\democreator wsid service.exe|Name=DemoCreator Wsid Service|Desc=DemoCreator Wsid Service|Defer=User|
"TCP Query User{A77A935E-B1EA-40C4-B388-8C0212728C1A}C:\program files\wondershare\wondershare democreator (french)\democreator wsid service.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\wondershare\wondershare democreator (french)\democreator wsid service.exe|Name=DemoCreator Wsid Service|Desc=DemoCreator Wsid Service|Defer=User|
"UDP Query User{182FF36F-85F2-4FC8-B3D6-A7BF605FC107}C:\program files\wondershare\wondershare democreator (french)\democreator wsid service.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\wondershare\wondershare democreator (french)\democreator wsid service.exe|Name=DemoCreator Wsid Service|Desc=DemoCreator Wsid Service|Defer=User|
"{8A9C3985-CCD8-44F7-B973-B3FA7D301AE1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Siber Systems\GoodSync\gs-server.exe|Name=GoodSync Server|Desc=GoodSync Server serves files from this computer|
"{19484C0F-FA50-433E-B5EC-B2CF6FD7273A}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Siber Systems\GoodSync\goodsync.exe|Name=GoodSync Synchronizer|Desc=GoodSync Synchronizer allows you to synchronize files|
"{DF7C15AA-B2EE-49F4-A65B-28952B35CCE9}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Siber Systems\GoodSync\gsexplorer.exe|Name=GoodSync Explorer|Desc=GoodSync Explorer allows you to access files on servers and clouds|
"{714581CA-16E3-4F6E-AFF6-226FF2A37381}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\TechSmith\Morae\MoraeRecorder.exe|Name=Morae Recorder|
"{C10DC5A8-8CC1-4A5E-B301-BA565ADCD23A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-4070541873-3344096699-3285931096-1005|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{36E4AA3E-BE37-4EC4-AFE1-4499568F86FB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-4070541873-3344096699-3285931096-1005|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1C1232F3-A04B-4690-858B-296EF1E42D7E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PCG.exe|Name=BeeDoctor|
"{47BD68DD-AC28-45B2-8259-1E5ADE4EC66A}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PCG.exe|Name=BeeDoctor|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%SECURITYACCELERATORCLASSNAME%;Security Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @mgtdyn.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{77989adf-06db-4025-92e8-40d902c03b0a}] : (WCH) [] -> @oem3.inf,%ClassName%;Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8c78b96c-9120-4da4-a144-ff427f2cf132}] : (BarcodeScanner) [] -> @hidscanner.inf,%ClassName%;POS HID Barcode scanners
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[22/08/2013 08:57:53] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\Windows\system32\DRIVERS\L1C63x64.sys
[22/08/2014 08:08:10] - (2014.8.22.1408) - (BeeDoctor Private Limited       - Action filter framework(driver)) - C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgSysMonX64.sys
[02/06/2023 13:50:01] - (2014.8.22.1408) - (BeeDoctor Private Limited       - File filter(driver)) - C:\Windows\system32\Drivers\TFsFltX64.sys
[22/08/2013 17:36:40] - (4.3.86.0) - (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - Macrovision SECURITY Driver) - C:\Windows\System32\Drivers\secdrv.SYS
[22/08/2014 08:08:12] - (2014.8.22.1408) - (BeeDoctor Private Limited       - TSSysKit64 Driver) - C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\TSSysKit64.sys
[21/11/2014 11:16:27] - (5.1.2.238) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL
[11/08/2019 19:13:54] - (3.8.31.0) - (Prolific Technology Inc. - USB-to-Serial Cable Driver) - C:\Windows\system32\DRIVERS\ser2pl64.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 71 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 72 - Status: OK
Name: _Early-Launch - DriverEnabled: False - GroupOrder: 73 - Status: OK
Name: LocalService - DriverEnabled: False - GroupOrder: 74 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="System Reserved" - Service.Name="AdvancedSystemCareService16"
LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="PCGRTP"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="FxPPM"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="GridinSoftInetSecurityDriver"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="GSDriver"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
LoadOrderGroup.Name="Video" - SystemDriver.Name="HyperVideo"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="L1C"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="NdisVirtualBus"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NDProxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="netvsc"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="Ntfs"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="PcgSysMonX64"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="Base" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Ser2pl"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="TFsFlt"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
LoadOrderGroup.Name="base" - SystemDriver.Name="TsUsbFlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35"
LoadOrderGroup.Name="Base" - SystemDriver.Name="UCX01000"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="viaide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="WFPLWFS"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wpcfltr"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice"
LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
LoadOrderGroup.Name="Base" - SystemDriver.Name="WUDFRd"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - gagp30kx (@machine.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3 () -> System32\drivers\lsi_sas3.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - uagp35 (@machine.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - PcgSysMonX64 (PcgSysMonX64) -> \??\C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\PcgSysMonX64.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - secdrv (Security Driver) -> (?) - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - TFsFlt (TFsFlt) -> \??\C:\Windows\system32\Drivers\TFsFltX64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\system32\DRIVERS\atikmdag.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\system32\DRIVERS\atikmpag.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - AppID (@%systemroot%\system32\appidsvc.dll,-102) -> \SystemRoot\system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - BTHMODEM (@bthspp.inf,%BthSerial.DisplayName%;Bluetooth Serial Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CH375_A64 (CH375WDM_A64) -> \SystemRoot\System32\Drivers\CH375W64.SYS - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - CompositeBus (@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\drivers\CompositeBus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\drivers\drmkaud.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - FxPPM (@cpu.inf,%FxPPM.SvcDesc%;Power Framework Processor Driver) -> \SystemRoot\System32\drivers\fxppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - GridinSoftInetSecurityDriver (GridinSoft Internet Security Driver) -> \SystemRoot\system32\DRIVERS\gsInetSecurity.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - GSDriver (GridinSoft Mini-Filter service) -> system32\DRIVERS\GSDriver64.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HdAudAddService (@hdaudio.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Microsoft 1.1 UAA Function Driver for High Definition Audio Service) -> \SystemRoot\system32\drivers\HdAudio.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - HyperVideo () -> \SystemRoot\system32\DRIVERS\HyperVideo.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\system32\DRIVERS\kdnic.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - L1C (@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller) -> \SystemRoot\system32\DRIVERS\L1C63x64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - MDA_NTDRV (MDA_NTDRV) -> \??\C:\Windows\system32\MDA_NTDRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - monitor (@monitor.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\FirewallAPI.dll,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True
S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> \SystemRoot\system32\DRIVERS\bridge.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\drivers\MSKSSRV.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsLldp (@C:\Windows\system32\DRIVERS\mslldp.sys,-200) -> \SystemRoot\system32\DRIVERS\mslldp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\drivers\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\drivers\MSPQM.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\drivers\MSTEE.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> \SystemRoot\system32\DRIVERS\ndiscap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> \SystemRoot\system32\DRIVERS\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> \SystemRoot\system32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Ndisuio (@ndisuio.inf,%NDISUIO_Desc%;NDIS Usermode I/O Protocol) -> \SystemRoot\system32\DRIVERS\ndisuio.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NdisWanLegacy (@%systemroot%\system32\rascfg.dll,-32014) -> \SystemRoot\system32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - NDProxy (NDIS Proxy) -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - netvsc () -> \SystemRoot\System32\drivers\netvsc63.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - Ntfs () -> (?) - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> \SystemRoot\system32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - ReFS () -> (?) - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Ser2pl (@oem4.inf,%Serial.SVCDESC%;Prolific Serial port WDF driver) -> \SystemRoot\system32\DRIVERS\ser2pl64.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - Serenum (@oem4.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False
R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True
R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - TCPIP6 (@netip6.inf,%MS_TCPIP6.TCPIP6.ServiceDescription%;Microsoft IPv6 Protocol Driver) -> \SystemRoot\system32\DRIVERS\tcpip.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\system32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbFlt () -> system32\drivers\tsusbflt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\system32\DRIVERS\tunnel.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UCX01000 (USB Controller Extension) -> \SystemRoot\System32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - usbvideo (@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM)) -> \SystemRoot\System32\Drivers\usbvideo.sys - AcceptPause: False - AcceptStop: True
S3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys - AcceptPause: False - AcceptStop: False
S3 - [File System Driver] - WIMMount (WIMMount) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WinUsb (@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb) -> \SystemRoot\system32\DRIVERS\WinUsb.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: False
S3 - [Kernel Driver] - wpcfltr (Family Safety Filter Driver) -> system32\DRIVERS\wpcfltr.sys - AcceptPause: False - AcceptStop: False
R3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WSDPrintDevice (@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;WSD Scan Support) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WUDFRd (@hidbthle.inf,%WudfRdDisplayName%;Windows Driver Foundation - User-mode Driver Framework Reflector) -> \SystemRoot\System32\drivers\WUDFRd.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True
R3 - [Kernel Driver] - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: True
R4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: True
S4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: False
S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False
R4 - [Kernel Driver] - TSSysKit (TSSysKit) -> \??\C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\TSSysKit64.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GridinSoft Anti-Malware] : (GridinSoft Anti-Malware.-.Gridinsoft LLC) -> C:\Program Files\GridinSoft Anti-Malware\uninst.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}] : (ccc-utility64.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E7ACB435-E0B4-4770-77DE-ED38887CD133}] : (AMD Fuel.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BeeDoctor] : (BeeDoctor (Remove Only).-.BeeTalk Private Limited) -> C:\Program Files (x86)\BeeDoctor\0.1.1411.0618\Uninstall.exe
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeFileSync_is1] : (FreeFileSync.-.FreeFileSync.org) -> "C:\Program Files\FreeFileSync\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IM_Magic_PR] : (IM-Magic Partition Resizer Free .-.IM-Magic Inc.) -> C:\Program Files\IM-Magic\Partition Resizer\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObit Software Updater_is1] : (IObit Software Updater.-.IObit) -> "C:\Program Files (x86)\IObit\Software Updater\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop Private Browser_is1] : (iTop Private Browser.-.iTop Inc.) -> "C:\Program Files\iTop Private Browser\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop Screen Recorder_is1] : (iTop Screen Recorder.-.iTop Inc.) -> "C:\Program Files\iTop Screen Recorder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iTop VPN_is1] : (iTop VPN.-.iTop Inc.) -> "C:\Program Files (x86)\iTop VPN\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PC Accelerate_is1] : (PC Accelerate.-.PC Accelerate) -> "C:\Program Files (x86)\PC Accelerate\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{104DE091-6C4F-C5A9-F619-5D6C965A0296}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{25A3B953-1423-3F15-640E-B620DD0F419A}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{25A3B953-1423-3F15-640E-B620DD0F419A}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{285C9F30-3BF8-697B-BD1D-353435E94B78}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29967A7C-6E18-91CD-BBE4-9C09F401E950}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3064B250-EDCA-4E69-A62A-4DA32225E4BE}] : (Morae Recorder.-.TechSmith Corporation) -> MsiExec.exe /I{3064B250-EDCA-4E69-A62A-4DA32225E4BE}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B45B12B-CD31-4235-9D44-03A368510635}] : (.-.Avanquest Software) -> MsiExec.exe /X{4B45B12B-CD31-4235-9D44-03A368510635}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B65EC7C-A6A2-486D-8B96-8BF53730C965}] : (iPhone Backup Extractor.-.Reincubate Ltd) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{54D05374-2428-7BE0-58CD-CE8031163DE6}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5C6AFE98-08BF-086A-300D-18F77D284966}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5C757800-27E8-2AE3-889A-8B959AE689F8}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}] : (AMD Catalyst Control Center.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5D3EC645-B957-36A1-068A-FE8450963669}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{61B90A4D-8CC9-2FED-2495-AC8C9467C984}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7C5B13DA-6A68-86C7-ED29-610CA0F49555}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80680785-2EE1-053F-9CD3-4B2C904596EE}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A3806AB7-AB46-7672-A825-F9AE0DE6910A}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B079957C-3276-4B9F-DB08-D1CA8C090D9E}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B12BE177-DC00-5746-3AB9-91CD090AF555}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF5509A0-250A-25EA-0C19-61505E9EBA13}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EB766D4A-C56C-946D-F74D-43C78FE4521E}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED0D7699-1943-0C29-7465-6530F8DE2DA2}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F160DC17-081B-441E-80FD-7F628D19760E}_is1] : (DoNotSpy78.-.pXc-coding.com) -> "C:\Program Files (x86)\DoNotSpy78\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FDF2FE33-426D-45C2-4E70-76C162F1B790}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 

---------- | Ports 


---------- | Microsoft Specifications


---------- | CLSID (Whitelist)

[HKCR\CLSID\{15FD01A3-6E5D-4ECD-9EBD-1813CB3887A1}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{1CEBDE3E-6B91-484A-AF48-5E4F4ED6B1E1}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{2C5F9B72-7148-4D97-BFC9-68A0E076BEBD}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{2FE8F810-B2A5-11d0-A787-0000F803ABFC}] - (.-.) - C:\Windows\system32\dplayx.dll   
[HKCR\CLSID\{4062C116-0270-11D3-8BCB-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{4108FA85-3586-11D3-8BD7-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{4516EC43-8F20-11D0-9B6D-0000C0781BC3}] - (.-.) - C:\Windows\system32\d3dxof.dll   
[HKCR\CLSID\{4EE17959-931E-49E4-A2C6-977ECF3628F3}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{5DE7918B-BFD7-4C1E-B4E0-B16D0A3EA76B}] - (.-.) - C:\Windows\SysWOW64\AuthHostProxy.dll   
[HKCR\CLSID\{640167b4-59b0-47a6-b335-a6b3c0695aea}] - (.-.) - C:\Windows\system32\audiodev.dll   
[HKCR\CLSID\{79BA9E00-B6EE-11D1-86BE-00C04FBF8FEF}] - (.-.) - C:\Windows\System32\dmband.dll   
[HKCR\CLSID\{810B5013-E88D-11D2-8BC1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{A6098E79-9C50-4F87-8973-5FB4532C93D8}] - (.-.) - %windir%\system32\btpanui.dll   
[HKCR\CLSID\{A861C6E2-FCFC-11D2-8BC9-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{C64501F6-E6E6-451f-A150-25D0839BC510}] - (.-.) - C:\Windows\SysWOW64\speech\engines\tts\MSTTSEngine.dll   [21/11/2014 11:15:21]
[HKCR\CLSID\{C70EB77F-EFD4-4678-A27B-BF1648F30D04}] - (.-.) - C:\Windows\System32\dmscript.dll   
[HKCR\CLSID\{D1EB6D20-8923-11d0-9D97-00A0C90A43CB}] - (.-.) - C:\Windows\system32\dplayx.dll   
[HKCR\CLSID\{D2AC2894-B39B-11D1-8704-00600893B1BD}] - (.-.) - C:\Windows\System32\dmband.dll   
[HKCR\CLSID\{D3075F87-A7BD-4231-9F6A-60C5E07374A7}] - (.-.) - %windir%\system32\acppage.dll   
[HKCR\CLSID\{E4288337-873B-11D1-BAA0-00AA00BBB8C0}] - (.-.) - C:\Windows\SysWOW64\InputMethod\CHS\ChsIFEComp.dll   [21/11/2014 11:17:18]
[HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{e8cc4cbf-fdff-11d0-b865-00a0c9081c1d}] - (.-.) - C:\Program Files\Common Files\System\Ole DB\msdaora.dll   
[HKCR\CLSID\{EBF2320A-2502-11D3-8BD1-00600893B1B6}] - (.-.) - C:\Windows\System32\dmscript.dll   

---------- | Installer

[HKCR\Installer\Products\008757C58E723EA288A9B859A96E988F] : CCC Help Japanese -> C:\Windows\Installer\{5C757800-27E8-2AE3-889A-8B959AE689F8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\03F9C5828FB3B796DBD15343539EB487] : CCC Help Hungarian -> C:\Windows\Installer\{285C9F30-3BF8-697B-BD1D-353435E94B78}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\052B4603ACDE96E46AA2D43A22524EEB] : Morae Recorder
[HKCR\Installer\Products\0A9055FBA052AE52C0911605E5E9AB31] : CCC Help Chinese Standard -> C:\Windows\Installer\{BF5509A0-250A-25EA-0C19-61505E9EBA13}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\17341FEE42D2D2A5E02F2210D04BFC6A] : CCC Help Danish -> C:\Windows\Installer\{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\190ED401F4C69A5C6F91D5C669A52069] : CCC Help Chinese Traditional -> C:\Windows\Installer\{104DE091-6C4F-C5A9-F619-5D6C965A0296}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\33EF2FDFD6242C54E407671C261F7B09] : CCC Help English -> C:\Windows\Installer\{FDF2FE33-426D-45C2-4E70-76C162F1B790}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\357AE96CF3D0B84EC889F73601CD928B] : CCC Help German -> C:\Windows\Installer\{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\359B3A52324151F346E06B02DDF014A9] : Catalyst Control Center - Branding -> C:\Windows\Installer\{25A3B953-1423-3F15-640E-B620DD0F419A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3AB2EE4C5AEE0569680E4050CE5A2CC2] : CCC Help Thai -> C:\Windows\Installer\{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\47350D4582420EB785DCEC081361D36E] : CCC Help Russian -> C:\Windows\Installer\{54D05374-2428-7BE0-58CD-CE8031163DE6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\534BCA7E4B0E077477EDDE8388C71D33] : AMD Fuel -> C:\Windows\Installer\{E7ACB435-E0B4-4770-77DE-ED38887CD133}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\546CE3D5759B1A6360A8EF4805696396] : CCC Help Spanish -> C:\Windows\Installer\{5D3EC645-B957-36A1-068A-FE8450963669}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\587086081EE2F350C93DB4C2095469EE] : Catalyst Control Center InstallProxy -> C:\Windows\Installer\{80680785-2EE1-053F-9CD3-4B2C904596EE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\65BB5ADE4FAA9886DAE82EA571DB41B0] : CCC Help Czech -> C:\Windows\Installer\{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6E5FE3B4C2A9B1A06CC11BDF44B448CB] : ccc-utility64 -> C:\Windows\Installer\{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\771EB21B00CD6475A39B19DC90A05F55] : Catalyst Control Center Localization All -> C:\Windows\Installer\{B12BE177-DC00-5746-3AB9-91CD090AF555}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7BA6083A64BA27678A529FEAD06E19A0] : CCC Help Finnish -> C:\Windows\Installer\{A3806AB7-AB46-7672-A825-F9AE0DE6910A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\89EFA6C5FB80A68003D0817FD7829466] : CCC Help Swedish -> C:\Windows\Installer\{5C6AFE98-08BF-086A-300D-18F77D284966}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8F232070B8606FF15B4C8F3FE8907C1E] : CCC Help Turkish -> C:\Windows\Installer\{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\915F8B5953C801096AC3153B0EEED8E4] : CCC Help Dutch -> C:\Windows\Installer\{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\91E5B2D5333C9154D323AA8BEE9ECA4A] : AMD Catalyst Control Center -> C:\Windows\Installer\{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9967D0DE349192C0475656038FEDD22A] : CCC Help Polish -> C:\Windows\Installer\{ED0D7699-1943-0C29-7465-6530F8DE2DA2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\99796DDF2B73ECA97FC0BA1D9FF60DC4] : CCC Help Portuguese -> C:\Windows\Installer\{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A4D667BEC65CD6497FD4347CF84E25E1] : CCC Help Korean -> C:\Windows\Installer\{EB766D4A-C56C-946D-F74D-43C78FE4521E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\AD31B5C786A67C68DE9216C00A4F5955] : CCC Help French -> C:\Windows\Installer\{7C5B13DA-6A68-86C7-ED29-610CA0F49555}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B21B54B413DC5324D944303A86156053] : Avanquest MergeModules
[HKCR\Installer\Products\C759970B6723F9B4BD801DACC890D0E9] : CCC Help Greek -> C:\Windows\Installer\{B079957C-3276-4B9F-DB08-D1CA8C090D9E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C7A7699281E6DC19BB4EC9904F109E05] : CCC Help Italian -> C:\Windows\Installer\{29967A7C-6E18-91CD-BBE4-9C09F401E950}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D4A09B169CC8DEF24259CAC849769C48] : CCC Help Norwegian -> C:\Windows\Installer\{61B90A4D-8CC9-2FED-2495-AC8C9467C984}\ARPPRODUCTICON.exe

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  954G   No    No             1  953,525,167

---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
------------

The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
------------

Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
------------

The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
------------

Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
------------

The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
------------

Faulting application name: MOM.exe, version: 4.5.0.0, time stamp: 0x51891507
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xc10
Faulting application start time: 0x01d9955ab2aa445b
Faulting application path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 045d9adb-014e-11ee-8256-4c72b9f956a2
Faulting package full name: 
Faulting package-relative application ID: 
------------

Application: MOM.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Reflection.TargetInvocationException
Stack:
   at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
   at System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
   at ATI.ACE.MOM.EXE.MOM.Main(System.String[])

------------

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service GoodSync Server since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
------------

wuaueng.dll (900) SUS20ClientDataStore: The database engine is rejecting update operations due to low free disk space on the log disk.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.012 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.001 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.000 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.006 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.007 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.013 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.001 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------

svchost (1076) SRUJet: An attempt to write to the file "C:\Windows\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after 0.012 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
------------


----------( EOF)---------- - 5451 | 12:51:46