--------------- QuickDiag | g3n-h@ckm@n | V3_05.05.17.1 ---------------
----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 08/05/2017 08:08:16
Updated 05/05/2017 | 19.20 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[widen-finalis (Administrator)] - [YOUCAM8WAIT] (S-1-5-21-4183021106-2149456055-877251859-1000)
System: Microsoft Windows 7 Édition Starter - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Édition Starter |C:\Windows|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: AOD255 - Acer - IdNumber: LUSDG0D0170426EC0E1601 - UUID: 364EE69C-9C82-9CB1-2111-1C750822B622
Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N450 @ 1.66GHz
InsydeH2O Version V3.08(DDR2) - - Acer - S/N: LUSDG0D0170426EC0E1601 - V3.08(DDR2) - ACRSYS - 1
CoreTemp : 52 Celsius
----------| Extended
---------- | SoundDevice
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&350CB3CC&0&0001
---------- | Video
Intel(R) Graphics Media Accelerator 3150 - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&33FD14CA&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&33FD14CA&0&11 - AdapterCompatibility: Intel Corporation - RAM:
Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 - DriverVersion: 8.14.10.2117 - SpecificationVersion: 1025
---------- | Codecs
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK
c:\windows\system32\sirenacm.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48464 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\huffyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Disappearing Inc. - Status: OK
c:\windows\system32\lagarith.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 216064 - Manufacturer: - Status: OK
c:\windows\system32\x264vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 3613696 - Manufacturer: x264vfw project - Status: OK
c:\windows\system32\xvidvfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 282112 - Manufacturer: - Status: OK
c:\windows\system32\ff_vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 112128 - Manufacturer: - Status: OK
c:\windows\system32\ac3acm.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 122880 - Manufacturer: fccHandler - Status: OK
c:\windows\system32\lameacm.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 473088 - Manufacturer: http://www.mp3dev.org/ - Status: OK
c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 220672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
---------- | CPU
CPU #1 value:100 %
CPU #2 value:100 %
Total Overall CPU Usage value:100 %
---------- | Network
Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.20] : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] WiFi Link 1000 BGN : SENT:0 bytes/sec / RECVD:0 bytes/sec
Overall -> SEND Maxium:100 bytes/sec, / RECEIVE Maximum:0 bytes/sec
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) - Ethernet 802.3 - Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
RAS Async Adapter - - - Status: - PnPID :
Intel(R) WiFi Link 1000 BGN - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&6FF3C1D&0&00E1
Microsoft Teredo Tunneling Adapter - - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
---------- | Memory
RAM = Total (MB) : 1037 | Free (MB) : 197
Pagefile = Total (MB) : 2215 | Free (MB) : 393
Virtual = Total (MB) : 2097 | Free (MB) : 1946
Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: AD00000000000000 - PartNumber: 48594D503131325336344350362D53362020 - S/N: 53733B47
---------- | SID Users
Acronis Agent User : [S-1-5-21-4183021106-2149456055-877251859-1002]
Administrateur : [S-1-5-21-4183021106-2149456055-877251859-500]
Invité : [S-1-5-21-4183021106-2149456055-877251859-501]
widen-finalis : [S-1-5-21-4183021106-2149456055-877251859-1000]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de lÂ’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
Acronis Remote Users : [S-1-5-21-4183021106-2149456055-877251859-1001]
---------- | SystemAccounts
Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK
---------- | Drives
A:\ -> [Fixed] | [youcam 8 setup] | Total : 1.96 Go | Free : 1.88 Go -> NTFS [ATA]
C:\ -> [Fixed] | [Acer] | Total : 211.06 Go | Free : 165.01 Go -> NTFS [ATA]
D:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0 Go -> FAT32 [USB]
F:\ -> [Removable] | [LOUVRE] | Total : 59.5 Go | Free : 22.33 Go -> exFAT [USB]
G:\ -> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB]
I:\ -> [Removable] | [CARBIDE] | Total : 30.84 Go | Free : 30.46 Go -> FAT32 [USB]
J:\ -> [Removable] | [VAULT PRIVA] | Total : 3.48 Go | Free : 0 Go -> FAT32 [USB]
X:\ -> [Fixed] | [SYSTEM & ANDROID] | Total : 4.1 Go | Free : 1.64 Go -> NTFS [ATA]
Y:\ -> [Network] | [] | Total : 30.02 Go | Free : 0.06 Go ->
Z:\ -> [Fixed] | [youcam 8 programfiles] | Total : 2.77 Go | Free : 2.7 Go -> NTFS [ATA]
Disk Usage Information [5 total Physical Disks]
Physical Drive #0 [X:, C:, A:, Z:] : Read:472,070 bytes/sec, Written:0 bytes/sec Max Read:472,070 bytes/sec, Max Write:0 bytes/sec
Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #2 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #3 [J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Physical Drive #4 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
Overall - Read Maximum:472,070 bytes/sec, Write Maximum:0 bytes/sec
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : IDE\DISKHITACHI_HTS545025B9A300_________________PB2OC60F\4&1BE3E953&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0815\000000000004&0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\7&368B17D4&0
DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_ISTORAGE&PROD_DATASHUR&REV_1.00\20095032145150130849&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DTVAULTPRIVACY30&REV_CLVX\000FFEC697CDB0A0B000DF8F&0
---------- | Windows updates
Last detection : 2016-12-20 00:55:28
Downloaded last ones : 2016-12-21 15:45:07
Installed last ones : 2017-02-04 12:34:33
Next search : 2017-05-07 23:00:28
Test 1 : Windows Is Activated
---------- | Browsers
IE : 11.0.9600.17840 (© Microsoft Corporation. Tous droits réservés.)
Default : "C:\Program Files\Internet Explorer\iexplore.exe"
---------- | FlashPlayer
FlashPlayer ActiveX : 10.1.82.76
---------- | Security
AV : COMODO Antivirus Enabled
AS : Windows Defender Disabled
FW : COMODO Firewall Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running
---------- | Running processes
468 | [Owner : Système | Parent : 4(System) | 0.06 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.19135) = C:\Windows\System32\smss.exe [17/12/2016 07:02:51] CPU Usage:0 %
752 | [Owner : Système | Parent : 744() | 1.38 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 %
796 | [Owner : Système | Parent : 784() | 5.74 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 %
804 | [Owner : Système | Parent : 744() | 0.06 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:36:49] CPU Usage:0 %
852 | [Owner : Système | Parent : 784() | 0.43 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [17/12/2016 06:53:40] CPU Usage:0 %
920 | [Owner : Système | Parent : 804(wininit.exe) | 3.74 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [17/12/2016 07:01:23] CPU Usage:0 %
928 | [Owner : Système | Parent : 804(wininit.exe) | 5.04 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.19135) = C:\Windows\System32\lsass.exe [17/12/2016 07:02:51] CPU Usage:0 %
936 | [Owner : Système | Parent : 804(wininit.exe) | 1.32 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [14/12/2016 19:48:33] CPU Usage:0 %
1068 | [Owner : Système | Parent : 920(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:16 %
1152 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 3.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
1304 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 5.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
1344 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 7.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
1388 | [Owner : Système | Parent : 920(services.exe) | 24.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
1440 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 4.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
1472 | [Owner : Système | Parent : 920(services.exe) | 35.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:25 %
1824 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 3.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
2028 | [Owner : SERVICE LOCAL | Parent : 920(services.exe) | 0.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
616 | [Owner : Système | Parent : 920(services.exe) | 7.86 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.415) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [05/02/2017 13:49:13] CPU Usage:0 %
3148 | [Owner : Système | Parent : 920(services.exe) | 12.58 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [17/12/2016 07:07:00] CPU Usage:11 %
3292 | [Owner : SERVICE RÉSEAU | Parent : 920(services.exe) | 0.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 %
3256 | [Owner : widen-finalis | Parent : 1388(svchost.exe) | 2.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:24:23] CPU Usage:0 %
2456 | [Owner : widen-finalis | Parent : 852(winlogon.exe) | 7.51 Mo] - (.Microsoft Corporation - Gestionnaire des tâches de Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskmgr.exe [14/12/2016 19:46:40] CPU Usage:0 %
3600 | [Owner : widen-finalis | Parent : 3340() | 7.14 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.912) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [05/02/2017 13:48:52] CPU Usage:0 %
2988 | [Owner : Système | Parent : 920(services.exe) | 0.67 Mo] - (.SUPERAntiSpyware.com - Core Service.) - (6.0.0.1082) = C:\Program Files\SUPERAntiSpyware\SASCore.exe [31/01/2017 01:47:30] CPU Usage:0 %
3452 | [Owner : SERVICE LOCAL | Parent : 1388(svchost.exe) | 1.21 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe [18/12/2016 07:25:09] CPU Usage:0 %
2484 | [Owner : Système | Parent : 920(services.exe) | 21.28 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [28/12/2016 01:20:16] CPU Usage:0 %
2024 | [Owner : widen-finalis | Parent : 1068(svchost.exe) | 0.94 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe [14/07/2009 01:41:43] CPU Usage:0 %
2672 | [Owner : Système | Parent : 920(services.exe) | 2.91 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [14/12/2016 19:48:02] CPU Usage:0 %
3792 | [Owner : Système | Parent : 1068(svchost.exe) | 81.14 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe [28/12/2016 01:10:34] CPU Usage:0 %
1612 | [Owner : widen-finalis | Parent : 3984() | 57.33 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe [06/05/2017 21:16:17] CPU Usage:8 %
1796 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 1.77 Mo] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe [04/05/2017 13:41:47] CPU Usage:3 %
3772 | [Owner : widen-finalis | Parent : 2520() | 3.22 Mo] - (. - DTVaultPrivacy MFC Application.) - (3.0.0.6) = C:\Users\WIDEN-~1\AppData\Local\Temp\DTVaultPrivacy30-0256-G\DTVP30_Launcher.exe [25/09/2014 23:56:44] CPU Usage:0 %
1488 | [Owner : widen-finalis | Parent : 1068(svchost.exe) | 7.72 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe [14/07/2009 01:43:52] CPU Usage:0 %
3968 | [Owner : Système | Parent : 1068(svchost.exe) | 1.02 Mo] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe [28/12/2016 01:10:34] CPU Usage:0 %
2132 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 8.45 Mo] - (.PortableApps.com - Mozilla Firefox, Portable Edition.) - (2.0.4.1) = J:\PortableApps\FirefoxPortable\FirefoxPortable.exe [27/01/2017 06:26:20] CPU Usage:0 %
2308 | [Owner : widen-finalis | Parent : 2132(FirefoxPortable.exe) | 160.19 Mo] - (.Mozilla Corporation - Firefox.) - (51.0.1.6234) = J:\PortableApps\FirefoxPortable\App\Firefox\firefox.exe [25/01/2017 20:13:04] CPU Usage:0 %
2800 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 8.05 Mo] - (.Farbar - Aut2Exe.) - (3.3.12.0) = F:\Methode prélim mai 2017 usb réseau 2 pc forums\ListParts.exe [07/05/2017 20:32:40] CPU Usage:0 %
3644 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 28.68 Mo] - (.SosVirus - QuickDiag.) - (5.5.17.1) = F:\Methode prélim mai 2017 usb réseau 2 pc forums\quickdiag_3_05.05.17.1.exe [07/05/2017 20:32:40] CPU Usage:0 %
572 | [Owner : widen-finalis | Parent : 3364() | 16.54 Mo] - (. - .) - (1.0.1.0) = C:\Program Files\SEAF\SEAF.exe [17/10/2010 12:41:08] CPU Usage:0 %
1888 | [Owner : widen-finalis | Parent : 1612(explorer.exe) | 5.87 Mo] - (.Microsoft Corporation - Bloc-notes.) - (6.1.7600.16385) = C:\Windows\System32\notepad.exe [14/07/2009 01:41:04] CPU Usage:0 %
2680 | [Owner : SERVICE RÉSEAU | Parent : 1068(svchost.exe) | 9.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [14/12/2016 19:48:33] CPU Usage:0 %
---------- | MD5
[MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [14/12/2016 19:48:25] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 01:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 01:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.2362B7281A39807F1AA3550333A194BC] - [17/12/2016 07:02:56] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.19135) : C:\Windows\System32\Kernel32.dll
[MD5.7884C1EDF5BD21749C206E8C4B5DB409] - [17/12/2016 07:02:51] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\lsass.exe
[MD5.7660F01D3B38ACA1747E397D21D790AF] - [14/12/2016 19:48:26] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 01:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [17/12/2016 07:01:23] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 01:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.F1DD3ACAEE5E6B4BBC69BC6DF75CEF66] - [14/12/2016 19:48:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [14/12/2016 19:46:38] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [17/12/2016 06:53:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - [18/12/2016 04:35:53] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.18264) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [17/12/2016 06:55:05] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [14/12/2016 19:43:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.F024449C97EC1E464AAFFDA18593DB88] - [14/12/2016 19:43:21] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [14/12/2016 19:42:58] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 01:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.D80AA0907748D7CC8EFAB3773F32629B] - [17/09/2010 09:03:52] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x86.) - [425.52 Ko] - (9.6.4.1002) : C:\Windows\System32\Drivers\iastor.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 01:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.E900BD16B9EE8F09609D7FBE2027B376] - [17/12/2016 07:02:53] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.E7C54812A2AAF43316EB6930C1FFA108] - [14/12/2016 19:48:19] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [17/12/2016 06:50:50] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [17/12/2016 05:56:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 01:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 01:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 01:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7E41209132B9CF084CCEA8593F61328] - [17/12/2016 07:04:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.B459575348C20E8121D6039DA063C704] - [14/12/2016 19:45:19] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [14/12/2016 19:48:20] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys
---------- | Locked Applications
---------- | Explorer.exe component call (Microsoft Files Whitelisted)
(.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll
(.Egis Technology Inc..-.PSD DragDrop Protection.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll
(.Egis Technology Inc..-.WinLocker System Environment Library.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll
(.Bad Ass Apps.-.Theme Resource Changer.) - (1.0.0.1) -- C:\SkinPack\ThemeResourceChanger.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\chext.dll
(..-..) - (0.0.0.0) -- C:\Program Files\Copy Handler\libchcore32u.dll
(.SQLite.-.SQLite.) - (3.11.1.0) -- C:\Program Files\Copy Handler\sqlite3_32.dll
(..-..) - (0.0.0.0) -- C:\Program Files\NiceCopier\NCHookDll.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll
(..-..) - (0.0.0.0) -- C:\Program Files\TeraCopy\TeraCopy.dll
(.Perigee Software.-.PerigeeCopy shell extension DLL.) - (1.6.0.0) -- C:\Program Files\PerigeeCopy\PerigeeCopy.dll
(.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files\KillSoft\KillCopy\killcopy.dll
(.Catchcopy.-.CatchCopy Shell Extension.) - (0.0.0.9) -- C:\Program Files\Ultracopier\PluginLoader\catchcopy-v0002\catchcopy32.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (16.4.0.0) -- C:\Program Files\7-Zip\7-zip.dll
(.Paramount Software UK Ltd.-.Reflect Shell Extension Context Menu.) - (6.1.865.0) -- C:\Program Files\Macrium\Reflect\RContextMenu.dll
---------- | Svchost.exe component call (Microsoft Files Whitelisted)
(.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll
---------- | ZeroAccess Check
[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
---------- | Startings up
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
EaseUS EverySync - (EaseUS EverySync.lnk [Startup]) - User: youcam8wait\widen-finalis
DriverMax_RESTART - ( [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis
SUPERAntiSpyware - (C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis
USBListener - (C:\Users\WIDEN-~1\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\...\Run]) - User: youcam8wait\widen-finalis
LManager - (C:\Program Files\Launch Manager\LManager.exe [HKLM\SOFTWARE\...\Run]) - User: Public
IAStorIcon - (C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [HKLM\SOFTWARE\...\Run]) - User: Public
PLFSetI - (C:\Windows\PLFSetI.exe [HKLM\SOFTWARE\...\Run]) - User: Public
UnlockerAssistant - ("C:\Program Files\Unlocker\UnlockerAssistant.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
vdcss - ("C:\Program Files\COMODO\COMODO Secure Shopping\vdcss.exe" -tray [HKLM\SOFTWARE\...\Run]) - User: Public
IseUI - (C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [HKLM\SOFTWARE\...\Run]) - User: Public
COMODO Internet Security - (C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
KeyScrambler - (C:\Program Files\KeyScrambler\keyscrambler.exe /a [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"DriverMax_RESTART"=
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [04/04/2017 21:01:59]
"USBListener"=C:\Users\WIDEN-~1\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe -autorun
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="F:\cyberlink youcam 8 essentials\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\processclose_1.0.0.3(5).exe"\1
"MRUList"=lkjbihgfedca
"b"=wordpad\1
"c"=C:\Users\widen-finalis\Desktop\rkill.exe\1
"d"=C:\Users\widen-finalis\Downloads\JRT.exe\1
"e"="F:\barrow 2 & widen 100% sécurisé\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\processclose_1.0.0.3 (1).exe"\1
"f"="F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - skinpack zune caus bug sp paper w7\SkinPacks_3140587355.exe"\1
"g"="F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 12 - skinpack zune caus bug sp paper w7\SkinPack zune.exe"\1
"h"="F:\anti-faux positif pre_scan - exe installers\advanced-systemcare-free_10-2-0-721_fr_403234.exe"\1
"i"="F:\Windows 10 Transformation Pack 7.0\Windows 10 Transformation Pack 7.0.exe"\1
"j"=notepad\1
"k"=C:\UsbFix\UsbFix.exe\1
"l"=C:\Users\widen-finalis\Downloads\processclose_2_08.01.17.1.exe\1
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DebugOptions"=2048
"Documents"=
"DosPrint"=no
"Load"=
"NetMessage"=no
"NullPort"=None
"Programs"=com exe bat pif cmd
"Device"=VivPDF Printer,winspool,Ne05:
"UserSelectedDefault"=1
[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [17/09/2010 09:18:29]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [17/09/2010 09:04:17]
"PLFSetI"=C:\Windows\PLFSetI.exe [12/12/2016 15:19:42]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe"
"vdcss"="C:\Program Files\COMODO\COMODO Secure Shopping\vdcss.exe" -tray
"IseUI"=C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [04/05/2017 08:30:42]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [28/12/2016 01:11:10]
"KeyScrambler"=C:\Program Files\KeyScrambler\keyscrambler.exe /a
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [05/02/2017 13:48:52]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{F791A188-699D-4FD4-955A-EB59E89B1907}"=Theme Resource Changer
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"GDIProcessHandleQuota"=10000
"ShutdownWarningDialogTimeout"=4294967295
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
""=mnmsrvc
"DeviceNotSelectedTimeout"=15
"Spooler"=yes
"TransmissionRetryTimeout"=90
"AppInit_DLLs"=
"LoadAppInit_DLLs"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
---------- | Win.ini :
---------- | System.ini :
---------- | Config.sys :
FILES=40
---------- | Tasks List
ASC10_SkipUac_widen-finalis
AupAvUpdate
Health-Check
Health-Check-deep
Moo0 System Monitor 1.76
MORE_ChatAppDailyScheduleTask
MORE_SIE1
PandaUSBVaccine
ReasonSecurityScheduledScan
ReasonSecurityStart
RunAsStdUser Task
SoftwareInformerService
UninstallMonitor
---------- | Startings up registry ? Folder
---------- | Other keys
[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv
"NotificationTimeOut"=0
"SnapshotMonitors"=1
"ProductVersion"=5.1
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"fDenyTSConnections"=1
"StartRCM"=0
"TSAdvertise"=0
"DeleteTempDirsOnExit"=1
"fSingleSessionPerUser"=1
"PerSessionTempDir"=0
"TSUserEnabled"=0
"InstanceID"=2b0d19ad-3c70-4812-9760-21d83bc
"fCredentialLessLogonSupported"=1
"fCredentialLessLogonSupportedTSS"=1
"fCredentialLessLogonSupportedKMRDP"=1
[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"ProcessorControl"=2
"ResourceTimeoutCount"=648000
"BootExecute"=autocheck autochk *
NaBootMir
"ExcludeFromKnownDlls"=
"ObjectDirectories"=\Windows
\RPC Control
"ProtectionMode"=1
"NumberOfInitialSessions"=2
"SetupExecute"=
"AutoChkTimeout"=5
[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=AcrSch2Svc
wuauserv
gpsvc
trustedinstaller
"WaitToKillServiceTimeout"=200
"CurrentUser"=USERNAME
"BootDriverFlags"=0
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0
"auditbasedirectories"=0
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"Bounds"=0x0030000000200000
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
"Authentication Packages"=msv1_0
"LsaPid"=928
"SecureBoot"=1
"ProductType"=11
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"restrictanonymous"=0
"restrictanonymoussam"=1
---------- | .LNK with Arguments
c:\program files\acer accessory store\acer boutique accessoire.lnk - Encrypted: False - Target: C:\Program Files\Acer Accessory Store\StartUrl.exe - Args: (hxxp://store.acer-euro.com/fr?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal) - Hidden: False - Status: OK
---------- | AppCertDlls
---------- | Dnsapi.dll
C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
---------- | Policies | Registry
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Control Panel\Desktop]
"ScreenSaveActive"=1
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"LeftOverlapChars"=3
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"SnapSizing"=1
"TileWallpaper"=0
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"ScreenSaveTimeOut"=600
"Wallpaper"=%windir%\web\wallpaper\windows\img0.jpg
"ScreenSaverIsSecure"=0
"WaitToKillAppTimeout"=200
"ForegroundLockTimeout"=0
"MenuShowDelay"=0
"AutoEndTasks"=1
"HungAppTimeout"=4000
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"HideSCAPower"=0
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
"NolowDiskSpaceChecks"=1
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000
"CleanShutdown"=0
"Browse For Folder Width"=347
"Browse For Folder Height"=288
"link"=0x00000000
"DesktopProcess"=1
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"ServerAdminUI"=0
"Hidden"=2
"ShowCompColor"=1
"HideFileExt"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"HideIcons"=0
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SuperHidden"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewShadow"=1
"StartMenuInit"=4
"TaskbarSizeMove"=0
"nonetcrawling"=1
"Start_TrackProgs"=1
"TaskbarSmallIcons"=0
"DesktopLivePreviewHoverTime"=0
"ExtendedUIHoverTime"=0
"ListviewAlphaSelect"=0
"TaskbarAnimations"=0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableLinkedConnections"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"CheckedValue"=1
"ValueName"=Hidden
"DefaultValue"=2
"HKeyRoot"=2147483649
"HelpID"=shell.hlp#51105
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"IconUnderline"=2
"GlobalAssocChangedCounter"=139
"Max Cached Icons"=2000
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s
---------- | Winlogon
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin
"BuildNumber"=7601
"FirstLogon"=0
"AutoRestartShell"=1
"ParseAutoexec"=1
"Shell"=expstart.exe
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1
"Shell"=explorer.exe
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit"=C:\Windows\system32\userinit.exe,
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"ShutdownWithoutLogon"=0
"WinStationsDisabled"=0
"DisableCAD"=1
"scremoveoption"=0
"ShutdownFlags"=7
"AutoAdminLogon"=0
"DefaultUserName"=widen-finalis
"allocatecdroms"=0
---------- | Associations
[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload
[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*
[HKLM\Software\Classes\.com]
""=comfile
[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.reg]
""=regfile
[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"
[HKLM\Software\Classes\.scr]
""=scrfile
[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S
[HKLM\Software\Classes\.bat]
""=batfile
[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.cmd]
""=cmdfile
[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.pif]
""=piffile
[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*
[HKLM\Software\Classes\.inf]
""=inffile
[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\Software\Classes\.url]
""=InternetShortcut
[HKLM\Software\Classes\.lnk]
""=lnkfile
[HKLM\Software\Classes\.hta]
"PerceivedType"=text
""=htafile
"Content Type"=application/hta
[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\System32\mshta.exe "%1" %*
[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"EditFlags"=2
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"EditFlags"=65536
"BrowserFlags"=4096
"FriendlyTypeName"=@dfshim.dll,-200
[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=
""=Application Reference
"IsShortcut"=
"EditFlags"=131072
"FriendlyTypeName"=@dfshim.dll,-201
[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeLayoutPatternForSearch"=alpha
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
""=Folder
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.ItemTypeText
[HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command]
""="C:\Program Files\Comodo\Dragon\dragon.exe"
[HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo]
"ReinstallCommand"="C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [18/12/2016 04:39:45]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall
---------- | AppcompatFlags
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\widen-finalis\Downloads\resizer-free\resizer-free.exe"=1
"F:\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\VivaldiPortable\VivaldiPortable.exe"=1
"F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1
"F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora_setup_full1084.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\KCinst.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-resource-pack.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\army.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\location filesync for 1 task of youcam 8 file-folder sync\everysync_trial.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-fashion-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-holiday-pack.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-80s-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-romantic-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\supercopier-windows-x86-1.2.1.0-setup.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\teracopy.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-summer-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\ultracopier-windows-x86_64-1.2.1.0-setup.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-spring-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\Unlocker1.9.2.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\chsetup-1.40.exe"=1
"F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-halloween-effect-pack.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\unlocker-setup.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\wood.exe"=1
"F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\xpsolive.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer_0.exe"=1
"C:\ProgramData\VideoDownloaderUltimateWinApp\tools\installhelper.exe"=1
"C:\ProgramData\VideoDownloaderUltimateWinApp\uninstall.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\SteganosPrivacySuite18.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\WebsiteX5Start13.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\PCmoverExpress.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\OODefragProfessional20ENU.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\Nero_TuneItUp_2.4.6.177_SN_FULL.exe"=1
"F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\musicrecorder-stub-xx-18001.exe"=1
"F:\Ad-Aware Personal Security\Adaware_Installer.exe"=1
"F:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\sosvirus SIMPLE\Drive D\UsbFix_Standard\UsbFix_Standard.exe"=1
"F:\anti-faux positif pre_scan - exe installers\DAEMONToolsUltra500-0540.exe"=1
"\\Livebox\CARBIDE\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1
"SIGN.MEDIA=924A210 Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1
"F:\Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1
"C:\Users\widen-finalis\Downloads\Macrium\v6.3.1665_reflect_setup_free_x86.exe"=1
"D:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1
"D:\barrow 3, widen 2 & 100% sécurisé finalis\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=1
"C:\Users\WIDEN-~1\AppData\Local\Temp\vdu_uninstall_181bd9.exe"=1
"C:\Users\widen-finalis\Downloads\mb3-setup-35891.35891-3.0.6.1469.exe"=1
"F:\barrow 3, widen 2 & 100% sécurisé finalis\lfs ultra & 100% sécurisé finalis part 20 ultimate ultra finale\cadeau rec lfsu100%sf alias 1er gotd après lfsu100%sf\Scardalia112-db39ma\Setup.exe"=1
"C:\Users\widen-finalis\Downloads\reason-core-security-setup.exe"=1
"F:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1
"F:\anti-faux positif pre_scan - exe installers\advanced-systemcare-free_10-2-0-721_fr_403234.exe"=1
"C:\Program Files\WinRAR\uninstall.exe"=1
"F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 16 - free explorers\uncomsetup3.57(build1215).exe"=1
"F:\Photodirector 9 & Youcam 8\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\jing.exe"=1
"F:\Photodirector 9 & Youcam 8\Tuto 'n' copy apps for yc8 & phd9\1 - Tutorials capture\wink20-1060\wink20.exe"=1
"SIGN.MEDIA=39879F dixmlsetup.exe"=1
"F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitSpellC_2.1.1.618.msi"=1
"C:\Users\WIDEN-~1\AppData\Local\Temp\is-5KO2P.tmp\CountInstallation.exe"=1
"C:\Windows\System32\msiexec.exe"=1
"F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitPhantomPDF83_L10N_Setup_S.exe"=1
"F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\cadeau pack 17 ~ EASE FILE LOCKER\EFL2.2_Setup.exe"=1
"F:\Photodirector 9 & Youcam 8\Ads By Youcam 8 & PhotoDirector 9\lfsu100%sf part F + pattaya\lfsu&100%sf part F\lfs u & 100% sec finalis part F Sigma\lfsu100%sf part F sigma ter\ambiance gite l'esperence\FoxitReader83_L10N_Setup_Prom.exe"=1
"F:\Photodirector 9 & Youcam 8\cameyo & thinapp forportabilise youcam 8 & photodir. 9 on youcam 8photod. 9 utilities\ThinAppPortable-5.2.2-4435715\ThinAppPortable\setup_capture.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\FileMenu Tools(1).exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-wipe.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-more_Y0MKRT988cAMK41.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-drive-defrag.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-convert-ost-to-pst.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-powerpoint.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-zip.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-mov.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-rar.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-outlook-backup-migrate.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-registry.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-android.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-privacy-cleaner-windows.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\tenorshare-igetting-audio-trial.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SyncBackTouch_Setup.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-shredder.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-repair-word.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-outlook-express-demo.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\remo-recover-windows-free.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\winja_3_6248_52517.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\trolcommander-0_9_7-setup.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\VivPDF Editor.exe"=1
"C:\Users\widen-finalis\Desktop\cadeaux jes-jes m-moulu st-j conr 17_3 & lfsu100%sf pt F Sigma\SkinPack Tango!.exe"=1
"SIGN.MEDIA=21E379EE Windows 10 Transformation Pack 7.0\Windows 10 Transformation Pack 7.0.exe"=1
"SIGN.MEDIA=188CA202 Windows 10 UX Pack 7.0\Windows 10 UX Pack 7.0.exe"=1
"SIGN.MEDIA=1947942 FastHTMLChecker30-db72so\Setup.exe"=1
"K:\wondershare-time-freeze-5131-jetelecharge.exe"=1
"SIGN.MEDIA=1654F3B1 wondershare-time-freeze-5131-jetelecharge.exe"=1
"C:\Users\widen-finalis\Downloads\windows.7.codec.pack.v4.1.7.setup.exe"=1
"C:\Users\widen-finalis\Downloads\klcp_update_1314_20170430.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0_VideoToAudio_v1.12_Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0_MultiDesktop_v1.17_Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 WindowMenuPlus v1.20 Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 TransparentMenu v1.20 Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 RightClicker v1.53 Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0 ImageSizer v1.22 Installer.exe"=1
"SIGN.MEDIA=441DD000 1 - moo0 apps\Moo0.VideoCutter.v1.07-Installer.exe"=1
---------- | IFEO
---------- | Mountpoints2
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\D] : D:\DTVP30_Launcher.exe (AutoRun)
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\G] : G:\DTVP30_Launcher.exe (AutoRun)
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{71a3e526-3099-11e7-a762-1c750822b622}] : D:\DTVP30_Launcher.exe (AutoRun)
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{71a3e5c8-3099-11e7-a762-1c750822b622}] : D:\DTVP30_Launcher.exe (AutoRun)
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{bee88473-eaff-11e6-aa90-1c750822b622}] : G:\DTVP30_Launcher.exe (AutoRun)
---------- | Windows
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"SwapMouseButtons"=#USR:Control Panel\Mouse
"Beep"=#USR:Control Panel\Sound
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"CoolSwitch"=USR:Control Panel\Desktop
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
---------- | Security center
[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920209537502489
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=1
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x876E8EAE8054D201
---------- | Safeboot
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\!SASCORE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
---------- | Winsock (Whitelist)
---------- | Ping
Envoi d'une requ?te 'ping' sur google.com [216.58.204.110] avec 32 octets de donn?es?:
R?ponse de 216.58.204.110?: octets=32 temps=102 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=43 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=43 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=44 ms TTL=55
Statistiques Ping pour 216.58.204.110:
Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
Minimum = 43ms, Maximum = 102ms, Moyenne = 58ms
---------- | @
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"AlwaysShowMenus"=0
"StatusBarWeb"=0
"Start Page"=http://www.google.fr/
"Default_Page_URL"=http://acer.msn.com
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"DisableFirstRunCustomize"=1
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C00000002000000030000000083FFFF0083FFFFFFFFFFFFFFFFFFFF70000000040000009003000030020000
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"OperationalData"=5
"ImageStoreRandomFolder"=mrqzngt
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"NoUpdateCheck"=1
"Use FormSuggest"=no
"Default Download Directory"=C:\Users\widen-finalis\Downloads
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"EnableNegotiate"=1
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0xA77C8F729F5BD201
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"MigrateProxy"=1
"ProxyEnable"=0
"GlobalUserOffline"=0
"MaxConnectionsPerServer"=10
"MaxConnectionsPer1_0Server"=10
[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://www.google.fr/
"Default_Page_URL"=http://www.google.fr/
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://www.google.fr/
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://www.google.fr/?q={searchTerms}
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE
[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"ProxyEnable"=0
"GlobalUserOffline"=0
---------- | Proxy
---------- | reparsepoint
---------- | Detection of offsets
---------- | Notify
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll
---------- | Execution FileExts
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snapdoc]
"ProgID"=SNAP.DOC
---------- | SIOI | SEH | URLSH
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncedOverlay] - {52103F52-9856-43F7-B5C4-A026FD84288C} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncFailedOverlay] - {A6D755FC-42D6-46BF-8A5D-1F810C3FCEA6} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EaseUSEverySyncingOverlay] - {0F45C9C8-E236-4CEC-A858-BFEB47D8CD3C} -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll [04/05/2017 13:41:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\egisPSDP] - {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll [27/05/2010 04:40:28]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=
---------- | Toolbar
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100000000000000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ITBar7Height"=0
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={96BBC430-9900-4299-9F5D-7951AB36EFDF}
"DownloadRetries"=0
"DefaultPackCorrection"=1
"KnownProvidersUpgradeTime"=0x1AB6121BA35BD201
"Version"=4
"UpgradeTime"=0x1347E745A35BD201
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{BFD9D8A8-57FF-488A-B919-065EC77CF82F}"=0x00
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
---------- | Extensions
---------- | SearchScopes
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} :
---------- | ElevationPolicy
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}] - (C:\Users\widen-finalis\AppData\Roaming\Spotify) - Spotify.exe :
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575}] - (C:\Program Files\Foxit Software\Foxit Reader\) - FoxitReader.exe : C:\Program Files\Foxit Software\Foxit Reader\plugins\FoxitReaderBrowserAx.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - Silverlight.Configuration.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : %SystemRoot%\system32\wucltux.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14A4F162-54C8-449c-8D0B-A8D92F949583}] - (C:\Program Files\Steganos Privacy Suite 18) - passwordmanageriebroker.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\System32) - msspellcheckingfacility.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - agcp.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254363DC-CC0E-47D3-B9F2-C4531366D4D1}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - wincomserver.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3214A3DF-F8D9-4A27-BF4D-FBBDE52E2E68}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - fdm.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39A895E9-93DD-4ffa-A4A3-2C14608B5B61}] - (C:\Windows\system32\Adobe\Shockwave 12) - SwHelper_1228198.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B477573-B0C2-4C66-AA40-2890F74B2408}] - (C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - NativeMessagingEXE.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files\Windows Live\Mail\) - wlmail.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0B7A7C-8ECF-422f-9448-0874C41D4532}] - (%ProgramFiles%\Common Files\Microsoft Shared\Windows Live) - WLLoginProxy.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68934FDE-CDB1-42CC-A38B-A44B43B0785C}] - (C:\Windows\system32\Adobe\Director) - SWDNLD.EXE :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B7FB824-0A43-4bc2-B58D-F6386FEEFD84}] - (Choice Guard) - CGuard.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] - (C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63) - OberonBroker.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8E307D0-1522-495E-A8A7-BA1441ECF670}] - (C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\) - FXC_ProxyProcess.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC155DD0-14EE-4F26-86AA-F974045CFE55}] - (C:\Program Files\Foxit Software\Foxit Reader\plugins\Creator) - FXC_ProxyProcess.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () - :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - () - dfsvc.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files\Windows Live\Messenger\) - msnmsgr.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files\Windows Live\Writer\) - WindowsLiveWriter.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}] - (c:\Program Files\McAfee\SiteAdvisor) - saUI.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\system32\Macromed\Flash) - FlashUtil10i_ActiveX.exe :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe :
---------- | Ext\Settings
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFD9D8A8-57FF-488A-B919-065EC77CF82F}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash10i.ocx
---------- | Ext\Stats
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\System32\mshtml.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] : : C:\Windows\System32\ieframe.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFD9D8A8-57FF-488A-B919-065EC77CF82F}] : : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\system32\Macromed\Flash\Flash10i.ocx
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll
---------- | Browser Helper Objects
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}] -> () :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [22/01/2009 16:41:30]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] -> (Foxit PhantomPDF Create PDF ToolBar Helper) : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [31/03/2017 16:40:26]
---------- | Chrome
[HKLM\Software\Google\Chrome\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci]
---------- | Opera
---------- | Firefox
[HKLM\Software\mozilla\Firefox\Extensions]
"{00F0643E-B367-4779-B45D-7046EBA37A88}"=C:\Program Files\Steganos Privacy Suite 18\spmplugin3
"FFExtnHTML2PDF@foxitsoftware.com"=C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
[HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\Windows\system32\Adobe\Director\np32dsw_1228198.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
---------- | DNS
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
---------- | ActiveX
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - ->
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] - (.NET Framework) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - (Disable SSL3) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -DisableSSL3
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - ->
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - ->
---------- | Applications
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe] : "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
---------- | DCOMApplications
Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA}
Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}
Name: eDSPSDProtect - AppID: {023ED001-BA16-4467-B0D9-D098191C17A9}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488}
Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df}
Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323}
Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: DTSLimiterDLL - AppID: {24E79C19-1F52-43CC-8684-BFA13340E72C}
Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F}
Name: ShredderContextMenu - AppID: {253C5D8C-536F-4140-9103-55F5B5442921}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: DTSVoiceClarityDLL - AppID: {272EFD2A-90BE-4E48-8557-3D9CEA0530A0}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: ConvertToPDFShellExtension - AppID: {2EAE6086-084B-4C42-B2CA-B30549B3D047}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B}
Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B}
Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0}
Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
Name: EEL32A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: igfxcfg - AppID: {3D62E9A1-D243-11D2-B561-00A0C92E6848}
Name: StarBurnXLib - AppID: {3DD7EA49-B5E1-4493-895D-C73562138FC0}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a}
Name: McNAReg - AppID: {4743AB3F-566B-42ED-9F55-B561577663D2}
Name: EEG32A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: ComProxy - AppID: {536BF835-F397-46D3-AD11-92642F8CABD9}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B}
Name: EED32A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}
Name: Odyssey - AppID: {5F8FD45A-D58C-4AAD-8EDE-B9B78F02B959}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: McAlertHst - AppID: {66AEAB5B-1AC2-4504-B28D-667C2529858F}
Name: DTSNeoPCDLL - AppID: {68976842-77A6-447F-83E8-97DF7A83A970}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: PDFPreviewHandlerHost - AppID: {6B127CFD-C642-4338-BC8C-472DF61E5A14}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: SUPERAntiSpywareContextMenuExtension - AppID: {746C91D0-C4A9-460A-B841-851A2B6F2C4B}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: DTSBassEnhancementDLL - AppID: {7E70FA0D-5DFA-4BA6-98C6-F10BBAAF7410}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: IPS - AppID: {86F9F754-EB88-4A94-A092-721F013CB10B}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: CavWp - AppID: {895A8A5F-FE77-4089-AF43-354D81EF1099}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: DTSSymmetryDLL - AppID: {91953DA9-4AB8-473A-BF6D-462FA2E58025}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44}
Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: chext - AppID: {9D4C4C5F-EE90-4a6b-9245-244C369E4FAE}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134}
Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: DTSBoostDLL - AppID: {A5900CCC-3E28-4F96-8410-C43BF113C279}
Name: AIMPlugin - AppID: {A72B23B6-A76F-4E17-AEE0-50F10A9B5C9B}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: ContextHandler - AppID: {A805009D-B902-439A-8E64-26EE3507A12E}
Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: AudialsPlayerApp - AppID: {AC34A1CE-3D65-4bf5-9055-F64BF4C71F70}
Name: SwHelper_1228198 - AppID: {AF551664-D2DF-4E34-85DE-46320B13A0B4}
Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: DTSGainCompensatorDLL - AppID: {B3D43A87-E6C7-4EC8-8546-CEB9EE9BD936}
Name: KeyScrambler - AppID: {B4E5C8E2-DB42-48FA-9423-AAA706BCE970}
Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA}
Name: EASendMailObj - AppID: {B68B03DD-C8C4-49A6-9ACD-D427E9325754}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: DTSS2HeadphoneDLL - AppID: {BA291C7C-39AC-4331-9592-B694DA24BC89}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: FoxitPrevHndlr - AppID: {BD5BDF7D-9849-4FEF-AC02-28EE2E7C7C46}
Name: ShellExtBridge118 - AppID: {BDED339F-DD12-48FB-A96D-24F690CBC085}
Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497}
Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83}
Name: ConvertToPDFShellExtension_RD - AppID: {C88D8F9A-04DA-4008-B535-375F38366DDA}
Name: McNASvc - AppID: {C8A49047-AFB0-4931-9314-ABAAC93E662B}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: DTSS2SpeakerDLL - AppID: {CF3C79C7-8096-4BF2-9684-9F6B832FAC23}
Name: McSvHVer - AppID: {CFE68DFE-E6A3-48FC-A16B-0AE991E23576}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: sfFTPLib - AppID: {D6625767-E42E-491C-A919-9A71641572A4}
Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}
Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400}
Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: EAGetMailObj - AppID: {DE73C9C2-1C57-4306-99B9-CBFF7A423DA6}
Name: FoxitThumbnailHndlr - AppID: {E1084781-9CA9-42EF-AC67-140D37CCD97E}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: McNAVer - AppID: {EC57D58E-0F20-4253-8C14-BD2B37BE5884}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: SWDNLD - AppID: {ED372EB0-5B14-484F-A27C-05FF89B6DF25}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: MyPrivilegedObject - AppID: {F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: Microsoft.Aspnet.Snapin.AspNetManagementUtility.4 - AppID: {F75B6772-91E4-4D2F-9D44-61A447109C2B}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: DefenderShellExt - AppID: {FF2EA936-C1E1-428D-9572-F4285AFC4F48}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F3D3A6E1-385A-4A4D-A9D3-071FA9FE5500}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
---------- | SvcHost (Whitelist)
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
---------- | SvcHost - Netsvcs (Whitelist)
Term - :
---------- | Software
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\2BrightSparks]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\7-Zip]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Acer]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Admin Arsenal]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Adobe]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Aiseesoft Studio]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AOMEI]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AppDataLow]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Ashampoo]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Bitdefender]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\BugSplat]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Canneverbe Limited]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Caphyon]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Chromium]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Code Sector]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Codyssey]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Comodo]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ComodoGroup]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Cygnus Solutions]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Disc Soft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Dritek]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Dropbox]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DropboxUpdate]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DVDVideoSoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\EaseUS]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Elantech]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Encrypt4allSoftware]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Foxit Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\FreeDownloadManager.ORG]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Gabest]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\giveawayoftheday.com]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Glarysoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\GNU]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Google]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\HissenITMasterdata]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icaros]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icecream]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Informer Technologies, Inc.]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\InfraRecorder]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Innovative Solutions]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Insyde Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Intel]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\IrisTech]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\IvoSoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\KillSoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Laplink]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Licenses]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LiteManager]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Locky]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LopeSoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\macrium]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Macromedia]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Malwarebytes]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Marmiton]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Max Diesel]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MediaInfo]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Moo0]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Mozilla]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MPC-HC]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Netscape]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\NetVoyage]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\nkN2QX8XUF]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\O&O]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Obsidium]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\OEM]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Opera Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Panda Security]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Paramount Software (UK) Ltd.]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\PCurVersion]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Perigee Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Policies]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\QFX Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\RapidSolution]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Realtek]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Reason]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Remo Software]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Safer Networking Limited]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sanwhole]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Scadarlia]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\SharewareOnSale]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ShellExtBridge110]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sonix]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Spearit]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\StackDocklet]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Steganos]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\SUPERAntiSpyware.com]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\sysinternals]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\techPowerUp]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Thingamahoochie]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Trolltech]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\undefined]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix Standard]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Viv]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Vivaldi]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VOS]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WebTweakTools]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows 8 - Codec Pack]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows X]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WinRAR]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Wondershare]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Xilisoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ZHP]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\2BrightSparks]
[HKLM\Software\7-Zip]
[HKLM\Software\Acer]
[HKLM\Software\Acer Incorporated]
[HKLM\Software\ACLEngine]
[HKLM\Software\Acronis]
[HKLM\Software\Admin Arsenal]
[HKLM\Software\Adobe]
[HKLM\Software\America Online]
[HKLM\Software\AppDataLow]
[HKLM\Software\Ashampoo]
[HKLM\Software\Atheros Communications Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVC3]
[HKLM\Software\Bitdefender]
[HKLM\Software\Canneverbe Limited]
[HKLM\Software\Caphyon]
[HKLM\Software\Chicony Electronics Co.,Ltd.]
[HKLM\Software\Clients]
[HKLM\Software\Code Sector]
[HKLM\Software\COMODO]
[HKLM\Software\ComodoGroup]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\DebugMode]
[HKLM\Software\Disc Soft]
[HKLM\Software\Dritek]
[HKLM\Software\DTS]
[HKLM\Software\DVDVideoSoft]
[HKLM\Software\EaseUS]
[HKLM\Software\EgisTec]
[HKLM\Software\EgisTec IPS]
[HKLM\Software\EgisTec Shredder]
[HKLM\Software\Foxit Software]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Gabest]
[HKLM\Software\GNU]
[HKLM\Software\Google]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hummingbird]
[HKLM\Software\Icaros]
[HKLM\Software\Ignis]
[HKLM\Software\Innovative Solutions]
[HKLM\Software\Insyde Software]
[HKLM\Software\Intel]
[HKLM\Software\Interwoven]
[HKLM\Software\IObit]
[HKLM\Software\JavaSoft]
[HKLM\Software\KillSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Laplink]
[HKLM\Software\LAV]
[HKLM\Software\Lavasoft]
[HKLM\Software\LiteManagerTeam]
[HKLM\Software\macrium]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\Media Player - Codec Pack]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\MozillaPlugins-BackupByVivaldiPortable]
[HKLM\Software\MSNSett]
[HKLM\Software\muCommander]
[HKLM\Software\Nero]
[HKLM\Software\Notepad++]
[HKLM\Software\Oberon Media]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\OemSetup]
[HKLM\Software\OOBEOffer]
[HKLM\Software\Panda Security]
[HKLM\Software\PeaZip]
[HKLM\Software\PeaZip_additional]
[HKLM\Software\Policies]
[HKLM\Software\QFX Software]
[HKLM\Software\RapidSolution]
[HKLM\Software\Realtek]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Reason]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Remo Software]
[HKLM\Software\Runtime Software]
[HKLM\Software\Shadow Defender]
[HKLM\Software\Simply Super Software]
[HKLM\Software\Skype]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sony Corporation]
[HKLM\Software\SOSVirus]
[HKLM\Software\Spearit]
[HKLM\Software\SRS Labs]
[HKLM\Software\Start Menu Reviver]
[HKLM\Software\Steganos]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\sysinternals]
[HKLM\Software\TechSmith]
[HKLM\Software\Thingamahoochie]
[HKLM\Software\trolCommander]
[HKLM\Software\TVInstallTemp]
[HKLM\Software\WafCX]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows 8 - Codec Pack]
[HKLM\Software\Windows X]
[HKLM\Software\WinRAR]
[HKLM\Software\Wondershare]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xilisoft]
[HKLM\Software\Xiph.Org]
[HKLM\SOFTWARE\AppDataLow\Software\Adobe]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Help]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
---------- | FeatureControl
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"VideoDownloaderUltimate.exe"="11001"
"Notifier.exe"="11001"
"ServiceProvider.exe"="8000"
"burningstudio2017.exe"="11001"
"softinfo.exe"="11000"
"ashsnap.exe"="11001"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801]
"burningstudio2017.exe"="1"
"ashsnap.exe"="1"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
"burningstudio2017.exe"="1"
"ashsnap.exe"="1"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
"softinfo.exe"="0"
"burningstudio2017.exe"="1"
"ashsnap.exe"="1"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"burningstudio2017.exe"="10"
"ashsnap.exe"="10"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"burningstudio2017.exe"="10"
"ashsnap.exe"="10"
[HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"burningstudio2017.exe"="1"
"ashsnap.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"="8"
"sllauncher.exe"="8000"
"Filmora.exe"="9999"
"AudialsNotifier.exe"="11000"
"Audials.exe"="11000"
"Scadarlia"="11001"
"softinfo.exe"="11000"
"FoxitReader.exe"="11000"
"AcqWeb.exe"="11001"
"FoxitPhantomPDF.exe"="11000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"iexplore.exe"="1"
"*"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGuiIT.exe"="0"
"SAPGUI.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"sllauncher.exe"="0"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING]
"softinfo.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"sllauncher.exe"="1"
"wlmail.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
"iexplore.exe"="10"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"winmail.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"sllauncher.exe"="1"
"WindowsLiveWriter.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
"wlmail.exe"="1"
---------- | The Created last ones ? Modified
[MD5.00000000000000000000000000000000] - [04/05/2017 13:48:38] - |D| - [110679484] - C:\Program Files\2BrightSparks
[MD5.00000000000000000000000000000000] - [04/05/2017 16:54:45] - |D| - [3631890] - C:\Program Files\7-Zip
[MD5.00000000000000000000000000000000] - [04/05/2017 13:59:41] - |D| - [26483846] - C:\Program Files\Admin Arsenal
[MD5.00000000000000000000000000000000] - [04/05/2017 13:55:17] - |D| - [114964283] - C:\Program Files\Aiseesoft Studio
[MD5.00000000000000000000000000000000] - [04/05/2017 13:31:22] - |D| - [178921790] - C:\Program Files\AOMEI PE Builder 1.5
[MD5.00000000000000000000000000000000] - [04/05/2017 14:31:48] - |D| - [3072443] - C:\Program Files\AxBx
[MD5.00000000000000000000000000000000] - [04/05/2017 13:39:30] - |D| - [3896388] - C:\Program Files\BatteryCare
[MD5.00000000000000000000000000000000] - [04/05/2017 14:57:36] - |D| - [5568913] - C:\Program Files\Bitdefender
[MD5.00000000000000000000000000000000] - [05/05/2017 10:15:18] - |D| - [214674689] - C:\Program Files\Caphyon
[MD5.00000000000000000000000000000000] - [04/05/2017 17:19:53] - |D| - [19783313] - C:\Program Files\CDBurnerXP
[MD5.00000000000000000000000000000000] - [04/05/2017 17:41:48] - |D| - [0] - C:\Program Files\Classic Shell
[MD5.00000000000000000000000000000000] - [04/05/2017 14:16:05] - |D| - [2922805] - C:\Program Files\Codyssey
[MD5.00000000000000000000000000000000] - [04/05/2017 15:25:45] - |D| - [9889635] - C:\Program Files\DebugMode
[MD5.00000000000000000000000000000000] - [04/05/2017 14:36:06] - |D| - [2334479] - C:\Program Files\DIY DataRecovery CHK-Mate
[MD5.00000000000000000000000000000000] - [04/05/2017 14:27:20] - |D| - [109326462] - C:\Program Files\DVDVideoSoft
[MD5.00000000000000000000000000000000] - [05/05/2017 09:02:40] - |D| - [660444] - C:\Program Files\Easy File Locker
[MD5.00000000000000000000000000000000] - [06/05/2017 19:31:41] - |D| - [2296753] - C:\Program Files\Encrypt4all Software
[MD5.00000000000000000000000000000000] - [04/05/2017 11:57:47] - |D| - [2397966] - C:\Program Files\Eyes Relaxing And Focusing 3.0
[MD5.00000000000000000000000000000000] - [04/05/2017 15:07:17] - |D| - [5333899] - C:\Program Files\Fast File Copy by Daanav.com
[MD5.00000000000000000000000000000000] - [06/05/2017 19:58:12] - |D| - [23167086] - C:\Program Files\Fast HTML Checker
[MD5.00000000000000000000000000000000] - [04/05/2017 13:48:01] - |D| - [4256380] - C:\Program Files\FastStone Photo Resizer
[MD5.00000000000000000000000000000000] - [04/05/2017 11:53:52] - |D| - [12054580] - C:\Program Files\FolderIco
[MD5.00000000000000000000000000000000] - [06/05/2017 19:53:40] - |D| - [66514695] - C:\Program Files\FolderViewer
[MD5.00000000000000000000000000000000] - [05/05/2017 08:03:41] - |D| - [2912439] - C:\Program Files\Foolish IT
[MD5.00000000000000000000000000000000] - [05/05/2017 08:44:28] - |D| - [854004164] - C:\Program Files\Foxit Software
[MD5.00000000000000000000000000000000] - [04/05/2017 14:35:06] - |D| - [20641460] - C:\Program Files\FreeCodecPack
[MD5.00000000000000000000000000000000] - [04/05/2017 19:32:05] - |D| - [39677851] - C:\Program Files\Glary Utilities 5
[MD5.00000000000000000000000000000000] - [04/05/2017 14:21:52] - |D| - [0] - C:\Program Files\Google
[MD5.00000000000000000000000000000000] - [04/05/2017 13:29:07] - |D| - [3272674] - C:\Program Files\GPU-Z
[MD5.00000000000000000000000000000000] - [04/05/2017 17:04:30] - |D| - [3114284] - C:\Program Files\Greenshot
[MD5.00000000000000000000000000000000] - [04/05/2017 15:09:32] - |D| - [6502962] - C:\Program Files\GridinSoft Anti-Ransomware
[MD5.00000000000000000000000000000000] - [04/05/2017 14:20:39] - |D| - [98286679] - C:\Program Files\GUM66A5.tmp
[MD5.00000000000000000000000000000000] - [04/05/2017 11:33:09] - |D| - [160193397] - C:\Program Files\HissenITMasterdata
[MD5.00000000000000000000000000000000] - [04/05/2017 15:01:42] - |D| - [86290573] - C:\Program Files\Icecream Screen Recorder
[MD5.00000000000000000000000000000000] - [05/05/2017 10:42:12] - |D| - [31687763] - C:\Program Files\iGetting Audio
[MD5.00000000000000000000000000000000] - [04/05/2017 17:16:14] - |D| - [14092247] - C:\Program Files\InfraRecorder
[MD5.00000000000000000000000000000000] - [04/05/2017 17:27:37] - |D| - [64165780] - C:\Program Files\Innovative Solutions
[MD5.00000000000000000000000000000000] - [04/05/2017 21:26:43] - |D| - [82139237] - C:\Program Files\K-Lite Codec Pack
[MD5.00000000000000000000000000000000] - [04/05/2017 11:46:13] - |D| - [110319158] - C:\Program Files\Kotobee Author
[MD5.00000000000000000000000000000000] - [04/05/2017 11:48:37] - |D| - [106722852] - C:\Program Files\Kotobee Publisher
[MD5.00000000000000000000000000000000] - [04/05/2017 11:47:41] - |D| - [78140732] - C:\Program Files\Kotobee Reader
[MD5.00000000000000000000000000000000] - [04/05/2017 12:06:03] - |D| - [27155131] - C:\Program Files\LiteManager Pro - Server
[MD5.00000000000000000000000000000000] - [04/05/2017 12:02:17] - |D| - [45912271] - C:\Program Files\LiteManager Pro - Viewer
[MD5.00000000000000000000000000000000] - [05/05/2017 10:19:18] - |D| - [15151271] - C:\Program Files\LopeSoft
[MD5.00000000000000000000000000000000] - [06/05/2017 20:01:26] - |D| - [3455030] - C:\Program Files\MetroTextual
[MD5.00000000000000000000000000000000] - [04/05/2017 20:47:56] - |D| - [109212603] - C:\Program Files\Microsoft VS Code
[MD5.00000000000000000000000000000000] - [04/05/2017 15:21:55] - |D| - [91562365] - C:\Program Files\MiniCopier
[MD5.00000000000000000000000000000000] - [08/05/2017 08:19:29] - |D| - [110566380] - C:\Program Files\Moo0
[MD5.00000000000000000000000000000000] - [04/05/2017 13:47:40] - |D| - [11412989] - C:\Program Files\muCommander
[MD5.00000000000000000000000000000000] - [04/05/2017 14:18:09] - |D| - [16158791] - C:\Program Files\MultiCommander
[MD5.00000000000000000000000000000000] - [04/05/2017 15:15:08] - |D| - [17198723] - C:\Program Files\NiceCopier
[MD5.00000000000000000000000000000000] - [04/05/2017 17:00:29] - |D| - [7158928] - C:\Program Files\Notepad++
[MD5.00000000000000000000000000000000] - [04/05/2017 14:41:37] - |D| - [0] - C:\Program Files\Opera
[MD5.00000000000000000000000000000000] - [04/05/2017 15:21:04] - |D| - [2130609] - C:\Program Files\Panda USB Vaccine
[MD5.00000000000000000000000000000000] - [04/05/2017 17:34:02] - |D| - [27786479] - C:\Program Files\PeaZip
[MD5.00000000000000000000000000000000] - [04/05/2017 15:27:31] - |D| - [1800193] - C:\Program Files\PerigeeCopy
[MD5.00000000000000000000000000000000] - [06/05/2017 20:04:15] - |D| - [2312029] - C:\Program Files\Remembr
[MD5.00000000000000000000000000000000] - [05/05/2017 10:21:07] - |D| - [82126198] - C:\Program Files\Remo Convert OST to PST
[MD5.00000000000000000000000000000000] - [05/05/2017 10:21:57] - |D| - [22447993] - C:\Program Files\Remo Drive Defrag
[MD5.00000000000000000000000000000000] - [05/05/2017 10:22:37] - |D| - [30643031] - C:\Program Files\Remo Drive Wipe
[MD5.00000000000000000000000000000000] - [05/05/2017 10:28:26] - |D| - [35232570] - C:\Program Files\Remo File Eraser 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 10:24:39] - |D| - [61179303] - C:\Program Files\Remo MORE
[MD5.00000000000000000000000000000000] - [05/05/2017 10:26:49] - |D| - [31269429] - C:\Program Files\Remo Outlook Backup & Migrate
[MD5.00000000000000000000000000000000] - [05/05/2017 10:27:14] - |D| - [28695814] - C:\Program Files\Remo Privacy Cleaner
[MD5.00000000000000000000000000000000] - [05/05/2017 10:29:25] - |D| - [68037905] - C:\Program Files\Remo Recover for Android 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 10:29:13] - |D| - [64948427] - C:\Program Files\Remo Recover FREE Edition
[MD5.00000000000000000000000000000000] - [05/05/2017 10:26:39] - |D| - [21847932] - C:\Program Files\Remo Repair MOV 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 10:26:56] - |D| - [21449796] - C:\Program Files\Remo Repair PowerPoint 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 10:28:50] - |D| - [20989402] - C:\Program Files\Remo Repair RAR 2.0
[MD5.00000000000000000000000000000000] - [05/05/2017 10:28:30] - |D| - [56330078] - C:\Program Files\Remo Repair Registry
[MD5.00000000000000000000000000000000] - [05/05/2017 10:28:40] - |D| - [21088550] - C:\Program Files\Remo Repair ZIP 2.0
[MD5.00000000000000000000000000000000] - [04/05/2017 15:08:38] - |D| - [844689] - C:\Program Files\Roadkil.Net
[MD5.00000000000000000000000000000000] - [05/05/2017 07:20:30] - |D| - [3868027] - C:\Program Files\Runtime Software
[MD5.00000000000000000000000000000000] - [04/05/2017 11:31:33] - |D| - [68501856] - C:\Program Files\Sanwhole
[MD5.00000000000000000000000000000000] - [08/05/2017 08:03:32] - |D| - [505707] - C:\Program Files\SEAF
[MD5.00000000000000000000000000000000] - [04/05/2017 13:57:58] - |D| - [3877191] - C:\Program Files\Shadow Defender
[MD5.00000000000000000000000000000000] - [04/05/2017 14:47:25] - |D| - [2245603] - C:\Program Files\ShadowExplorer
[MD5.00000000000000000000000000000000] - [04/05/2017 14:25:00] - |D| - [6222274] - C:\Program Files\Spybot Anti-Beacon
[MD5.00000000000000000000000000000000] - [06/05/2017 20:08:21] - |D| - [9908224] - C:\Program Files\SUPERAntiSpyware
[MD5.00000000000000000000000000000000] - [06/05/2017 20:02:30] - |D| - [8989134] - C:\Program Files\System Ninja
[MD5.00000000000000000000000000000000] - [04/05/2017 19:13:57] - |D| - [65780407] - C:\Program Files\TeamViewer
[MD5.00000000000000000000000000000000] - [05/05/2017 05:01:00] - |D| - [11373214] - C:\Program Files\TechSmith
[MD5.00000000000000000000000000000000] - [04/05/2017 14:35:30] - |D| - [19791548] - C:\Program Files\Trojan Remover
[MD5.00000000000000000000000000000000] - [04/05/2017 13:49:29] - |D| - [36830654] - C:\Program Files\trolCommander
[MD5.00000000000000000000000000000000] - [06/05/2017 20:12:12] - |D| - [125854142] - C:\Program Files\UX Pack
[MD5.00000000000000000000000000000000] - [04/05/2017 16:22:54] - |D| - [124966006] - C:\Program Files\VideoLAN
[MD5.00000000000000000000000000000000] - [05/05/2017 10:57:38] - |D| - [32295800] - C:\Program Files\VivPDF Editor
[MD5.00000000000000000000000000000000] - [04/05/2017 17:20:01] - |D| - [8484844] - C:\Program Files\WinMerge
[MD5.00000000000000000000000000000000] - [04/05/2017 17:14:03] - |D| - [4867889] - C:\Program Files\WinRAR
[MD5.00000000000000000000000000000000] - [05/05/2017 09:49:27] - |D| - [32256] - C:\Program Files\WiPS Golden 2.1
[MD5.00000000000000000000000000000000] - [04/05/2017 13:53:32] - |D| - [379806596] - C:\Program Files\Xilisoft
[MD5.00000000000000000000000000000000] - [04/05/2017 16:02:17] - |D| - [6458985] - C:\Program Files\Xiph.Org
[MD5.E7EDA9CE45F0E63CC811A3568F3D26DC] - [04/05/2017 13:58:20] - |A| - [64] - C:\Windows\diskpt.crt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - [0] - C:\Windows\diskpt.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - [0] - C:\Windows\diskptex.dat
[MD5.CD2200309CF3272C1E4CE018F3B0F443] - [07/05/2017 08:57:00] - |A| - [48114] - C:\Windows\driveicon.ico
[MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - |A| - [2616320] - C:\Windows\explorer.exe
[MD5.4116CE62E6CBBBD7D0D5B4A20B89FB59] - [07/05/2017 09:06:44] - |A| - [916480] - C:\Windows\expstart.exe
[MD5.D6F717B7F6F2D38BFAC991D7D02D9C86] - [06/05/2017 20:31:19] - |A| - [1996] - C:\Windows\hosts
[MD5.8D132E1FF8BD600905DD81FC24E985E4] - [07/05/2017 18:01:49] - |A| - [188226985] - C:\Windows\MEMORY.DMP
[MD5.00000000000000000000000000000000] - [07/05/2017 18:02:06] - |D| - [145424] - C:\Windows\Minidump
[MD5.3C553D61A2270FB53DB6DA0A9FB54A55] - [07/05/2017 15:02:42] - |A| - [512] - C:\Windows\MirDetected.bin
[MD5.00000000000000000000000000000000] - [06/05/2017 21:16:17] - |D| - [3567104] - C:\Windows\UXBackup
[MD5.2BF7CEA794A8450B03159A2854A15511] - [06/05/2017 20:14:17] - |A| - [352256] - C:\Windows\uxpack.icons
[MD5.7255732B7ED89086BEA8DD5C4014E57B] - [06/05/2017 20:14:18] - |A| - [2413056] - C:\Windows\UxStyle_Core_Jul13_x86.msi
[MD5.22A43F0783307C94C79478FD4078A7E0] - [04/05/2017 10:19:04] - |A| - [6634] - C:\Windows\W7Patcher_x86_Uninstall.log
[MD5.72F2D357120F95C1E725C22915FE95E1] - [04/05/2017 14:19:35] - |A| - [193] - C:\Windows\WORDPAD.INI
[MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 09:02:57] - |A| - [36] - C:\Windows\xlkfs.log
[MD5.5ACF52CA9954686443AC53099E5008A4] - [04/05/2017 13:49:17] - |A| - [40435712] - C:\Windows\Installer\1373ae6.msi
[MD5.7BA30BB7E15475F6027E86E86EA973CE] - [04/05/2017 20:41:00] - |A| - [3354624] - C:\Windows\Installer\543e7ea.msi
[MD5.0D433FA036476D588447453E44BD3D9A] - [05/05/2017 09:12:27] - |A| - [315478016] - C:\Windows\Installer\543e7ef.msi
[MD5.A53B41AE0580EE5443CC5BE38855B343] - [06/05/2017 19:55:24] - |A| - [417792] - C:\Windows\Installer\ccfeab2.msi
[MD5.D10EE23BCF5C43838AC77213984E72A8] - [06/05/2017 21:53:21] - |A| - [17419] - C:\Windows\Installer\MSI40F7.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 14:01:56] - |A| - [0] - C:\Windows\Installer\wix{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}.SchedServiceConfig.rmi
[MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2}
[MD5.00000000000000000000000000000000] - [04/05/2017 12:02:22] - |D| - [366816] - C:\Windows\Installer\{5686E484-7136-4674-A4B2-508C7B26DCA4}
[MD5.00000000000000000000000000000000] - [05/05/2017 10:17:21] - |D| - [269673] - C:\Windows\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011}
[MD5.00000000000000000000000000000000] - [04/05/2017 14:01:33] - |D| - [355574] - C:\Windows\Installer\{5BD113FE-B8D8-4E7A-9BA1-17C649432B3E}
[MD5.00000000000000000000000000000000] - [04/05/2017 11:31:39] - |D| - [825906] - C:\Windows\Installer\{600C936B-7684-42F0-9FBF-04726F3D45E2}
[MD5.00000000000000000000000000000000] - [04/05/2017 12:06:07] - |D| - [313872] - C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C}
[MD5.00000000000000000000000000000000] - [05/05/2017 09:24:31] - |D| - [2603292] - C:\Windows\Installer\{78A42908-2050-11E7-94A8-000C2992F709}
[MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{84875F6F-2996-4469-BF1D-F59A85C5C702}
[MD5.00000000000000000000000000000000] - [06/05/2017 19:55:23] - |D| - [12374833] - C:\Windows\Installer\{8751AE19-FF09-42CB-8316-C9615DDD02AC}
[MD5.00000000000000000000000000000000] - [05/05/2017 05:01:14] - |D| - [316416] - C:\Windows\Installer\{8C784F8B-89D0-4A59-A000-7EEF129E1574}
[MD5.00000000000000000000000000000000] - [04/05/2017 10:22:22] - |D| - [764030] - C:\Windows\Installer\{DAC390BA-1387-4DF8-A9BC-683E81E77E86}
[MD5.FC726DD94F4DD4028A976FCC4DBF0C43] - [07/05/2017 15:44:00] - |A| - [122880] - C:\Windows\system32\ac3acm.acm
[MD5.00000000000000000000000000000000] - [04/05/2017 16:55:12] - |D| - [35569591] - C:\Windows\system32\Adobe
[MD5.28936CBC6C4459D9AB656FB894E3090E] - [06/05/2017 21:16:50] - |A| - [1795584] - C:\Windows\system32\authui.dll
[MD5.67C1B58706B47EEBA4E117AC197289E6] - [06/05/2017 21:16:59] - |A| - [740864] - C:\Windows\system32\batmeter.dll
[MD5.F977BE7B8C5462087374364EAFB3C15B] - [06/05/2017 21:17:05] - |A| - [10752] - C:\Windows\system32\browseui.dll
[MD5.E62EE6F1EFC85CB36D62AB779DB6E4EC] - [06/05/2017 20:14:37] - |A| - [517120] - C:\Windows\system32\CLWCP.exe
[MD5.5CB2886338C82E388F68557E2745200F] - [06/05/2017 21:17:11] - |A| - [1498624] - C:\Windows\system32\ExplorerFrame.dll
[MD5.0554D656B9DCAE7E3DA72659DFACB67A] - [07/05/2017 15:43:55] - |A| - [112128] - C:\Windows\system32\ff_vfw.dll
[MD5.335A224416BA985EAFA71D15C004F702] - [07/05/2017 15:44:00] - |A| - [39936] - C:\Windows\system32\huffyuv.dll
[MD5.0E5AE41049351ED936A11FE3AFB729E4] - [06/05/2017 21:17:18] - |A| - [28063232] - C:\Windows\system32\imageres.dll
[MD5.ACAA3955AEF5BE4B3A1035566A34CD7D] - [04/05/2017 08:30:44] - |A| - [236792] - C:\Windows\system32\iseguard32.dll
[MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - [07/05/2017 15:44:00] - |A| - [216064] - C:\Windows\system32\lagarith.dll
[MD5.2B24DB82C3C6A590591039153536183A] - [07/05/2017 15:44:00] - |A| - [473088] - C:\Windows\system32\lameACM.acm
[MD5.671FEF5266B8AA14C0B69B38C24BD8BD] - [07/05/2017 15:44:01] - |A| - [415] - C:\Windows\system32\lame_acm.xml
[MD5.B13BC3C4BBA6A405613D0B24EB259B29] - [07/05/2017 15:06:51] - |A| - [131072] - C:\Windows\system32\MirDisk.cfg
[MD5.57024392A88E8BAEC1FD86CBE246B46C] - [07/05/2017 15:08:44] - |A| - [51200] - C:\Windows\system32\MirFolder.cfg
[MD5.F749878A7974CF018B5AE2E10C7D8358] - [07/05/2017 17:05:01] - |A| - [2621440000] - C:\Windows\system32\MirSwap
[MD5.FD8E9EEBFF89AE09091C714A4221421F] - [07/05/2017 15:06:51] - |A| - [131072] - C:\Windows\system32\mkdw48.acy
[MD5.DC5705DEA815444A11EF32D71060B898] - [06/05/2017 20:11:35] - |A| - [69632] - C:\Windows\system32\moveex.exe
[MD5.B83967E8E83318C36A2D4EF76EBD1D3B] - [07/05/2017 08:51:53] - |A| - [76288] - C:\Windows\system32\moveex.x64
[MD5.AECB4512F0F4CFB959BB74422B8DE571] - [07/05/2017 15:03:34] - |A| - [21464] - C:\Windows\system32\NaBootMir.exe
[MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - [04/05/2017 14:32:34] - |A| - [71096] - C:\Windows\system32\NMSAccessU.exe
[MD5.0C100E0085F62A51E3202EB8F5997687] - [06/05/2017 20:11:36] - |A| - [7680] - C:\Windows\system32\PEChecksum.exe
[MD5.82B36D39067C90E20114AE1F87C2BEBB] - [07/05/2017 08:51:53] - |A| - [15872] - C:\Windows\system32\PEChecksum.x64
[MD5.00000000000000000000000000000000] - [04/05/2017 14:25:32] - |D| - [30455] - C:\Windows\system32\PolicyDefinitions
[MD5.63933941E56CBA2B65BDF51F72D4A341] - [04/05/2017 12:06:28] - |A| - [323520] - C:\Windows\system32\ROMwln.dll
[MD5.F5C5B3A75783BEFF7257EABA026783CA] - [05/05/2017 10:21:26] - |A| - [7963240] - C:\Windows\system32\rsror32.dll
[MD5.3FE1177C731A499D875FFD2555C0EED1] - [05/05/2017 10:21:27] - |A| - [2451048] - C:\Windows\system32\rsrorx32.dll
[MD5.00000000000000000000000000000000] - [08/05/2017 08:40:37] - |D| - [7102464] - C:\Windows\system32\ShellExtBridge
[MD5.B71EDD2C82F513AACCD3059635F483EA] - [04/05/2017 14:30:05] - |A| - [692224] - C:\Windows\system32\SyncBackPro.dll
[MD5.7321B7749A743F14E16648B7C103B90D] - [06/05/2017 20:14:27] - |A| - [196662] - C:\Windows\system32\uxstartup.bmp
[MD5.9D54CFACA40A430B78191CF3071FFA7B] - [07/05/2017 15:43:59] - |A| - [3613696] - C:\Windows\system32\x264vfw.dll
[MD5.9F46C6AFDA41FAB966914EEFAC86A6BC] - [07/05/2017 15:43:58] - |A| - [674816] - C:\Windows\system32\xvidcore.dll
[MD5.98137DD9449C4F2FEA17F641F0893D3C] - [07/05/2017 15:43:58] - |A| - [282112] - C:\Windows\system32\xvidvfw.dll
[MD5.242189D5C420C14F4BE70E26175C2927] - [04/05/2017 13:58:14] - |A| - [351600] - C:\Windows\system32\Drivers\diskpt.sys
[MD5.899D9A335D58EA818936B6D7439C2394] - [07/05/2017 14:58:46] - |A| - [37016] - C:\Windows\system32\Drivers\FolderHK.sys
[MD5.EE7A27F531CBD33928059F8BB0E31E34] - [06/05/2017 21:46:52] - |A| - [1956] - C:\Windows\system32\Drivers\fvstore.dat
[MD5.B653E03B1479ADCF69D164BB6DD65562] - [04/05/2017 15:30:42] - |A| - [29968] - C:\Windows\system32\Drivers\gsars.sys
[MD5.07DE3E7A109069B56059BF910FB55CF6] - [04/05/2017 15:45:48] - |A| - [33552] - C:\Windows\system32\Drivers\gsinspect.sys
[MD5.C2C0BB2CEC7218280018AA26C2AF4636] - [07/05/2017 14:58:48] - |A| - [33896] - C:\Windows\system32\Drivers\HKDirFlt.sys
[MD5.048C878140F1DA2C560820EBFB541EB8] - [04/05/2017 08:30:45] - |A| - [40952] - C:\Windows\system32\Drivers\isedrv.sys
[MD5.CBF574D0FE60DD69E12ABF8D3BB68A3B] - [07/05/2017 14:58:48] - |A| - [28648] - C:\Windows\system32\Drivers\MirDisk.sys
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/05/2017 16:08:34] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[MD5.CF30D43BD112080BAF33667651CBD1B0] - [05/05/2017 10:28:42] - |A| - [49424] - C:\Windows\system32\Drivers\rsblk.sys
[MD5.B8EAC99B14772BDC36CA963AED109FA2] - [05/05/2017 10:23:35] - |A| - [22312] - C:\Windows\system32\Drivers\rsdrv.sys
---------- | Drives
A:
D:
[11/04/2017 08:38:33] - |A| - (. - .) - [552] - (0.0.0.0) - D:\COMODO TrustConnect (VPN).lnk
[13/04/2017 19:00:45] - |A| - (. - .) - [1107968] - (0.0.0.0) - D:\RSIT.exe
[23/03/2017 22:37:48] - |H| - (. - .) - [16] - (0.0.0.0) - D:\AUTORUN.INF
F:
G:
[25/09/2014 23:56:44] - |R| - (.Copyright (C) 2014 - DTVaultPrivacy MFC Application.) - [1173840] - (3.0.0.6) - G:\DTVP30_Launcher.exe
[19/10/2013 01:18:27] - |R| - (. - .) - [71] - (0.0.0.0) - G:\autorun.inf
I:
[07/05/2017 23:34:48] - |A| - (.© 2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4555968] - (3.17.0.10) - I:\DriveD.exe
J:
[05/02/2017 21:47:15] - |A| - (. - .) - [552] - (0.0.0.0) - J:\COMODO TrustConnect (VPN).lnk
[02/03/2016 17:57:54] - |A| - (.© 2005-2015 ClevX, LLC - Removable Media Antivirus.) - [4555968] - (3.17.0.10) - J:\DriveD.exe
[05/02/2017 21:47:13] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - J:\rkill.exe
[15/02/2017 05:05:46] - |A| - (. - .) - [77103600] - (12.0.0.58851) - J:\pcmover_fr_10.exe
[24/03/2017 08:52:43] - |H| - (. - .) - [16] - (0.0.0.0) - J:\AUTORUN.INF
X:
[30/09/2016 07:06:18] - |A| - (. - .) - [410] - (0.0.0.0) - X:\ampa.ini
Y:
[08/02/2017 02:00:00] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [10640704] - (3.7.14.264) - Y:\SophosClean.exe
[26/01/2017 02:00:00] - |A| - (. - .) - [1836] - (0.0.0.0) - Y:\a2settings.ini
Z:
---------- | C:
[14/07/2009 04:36:15] - |SHD| - [129] - C:\$Recycle.Bin
[21/12/2016 23:46:44] - |D| - [103561309] - C:\AdwCleaner
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 04:04:04] - |A| - (. - .) - [24] - (0.0.0.0) - C:\autoexec.bat
[12/12/2016 23:00:34] - |RD| - [2136042861] - C:\Backup
[05/12/2016 11:13:31] - |AD| - [86054683] - C:\book
[17/09/2010 09:22:05] - |SHD| - [185285658] - C:\Boot
[MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [17/09/2010 09:22:06] - |RASH| - (. - .) - [383562] - (0.0.0.0) - C:\bootmgr
[MD5.117A26124A6997CB68A7984E2EA6ECCE] - [17/09/2010 09:22:07] - |RASH| - (. - .) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 04:04:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys
[14/07/2009 06:53:55] - |SHD| - [0] - C:\Documents and Settings
[10/12/2016 18:43:28] - |D| - [1478656] - C:\ESD
[22/12/2016 05:14:29] - |D| - [0] - C:\EverySync
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/12/2016 11:07:11] - |ASH| - (. - .) - [796729344] - (0.0.0.0) - C:\hiberfil.sys
[17/09/2010 08:58:43] - |D| - [0] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\IO.SYS
[04/05/2017 14:47:36] - |D| - [920997] - C:\MARMITON
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\MSDOS.SYS
[17/09/2010 09:16:45] - |D| - [2596616670] - C:\OEM
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/12/2016 14:59:09] - |ASH| - (. - .) - [1372729344] - (0.0.0.0) - C:\pagefile.sys
[14/07/2009 04:37:05] - |D| - [0] - C:\PerfLogs
[06/12/2016 05:41:40] - |D| - [86564150] - C:\Pre_Scan
[MD5.4A05452D6D1BB76283349BA16F876649] - [07/12/2016 15:15:57] - |A| - (. - .) - [6590] - (0.0.0.0) - C:\Pre_Scan.txt
[14/07/2009 04:37:05] - |RD| - [10327091782] - C:\Program Files
[14/07/2009 04:37:05] - |HD| - [5240466328] - C:\ProgramData
[06/12/2016 05:50:01] - |D| - [262067] - C:\QuickDiag
[MD5.A428D446A34CD13DDB7A7DBB55EFD5EE] - [08/05/2017 08:08:16] - |A| - (. - .) - [215939] - (0.0.0.0) - C:\QuickDiag.txt
[12/12/2016 16:02:56] - |SHD| - [260722604] - C:\Recovery
[MD5.4E0E6588697C22A5D2E6C9F2F699EE4D] - [06/12/2016 09:15:11] - |A| - (. - .) - [301898] - (0.0.0.0) - C:\Reflect_Install.log
[MD5.70A86849D2637DC3D597351A2F62834A] - [17/09/2010 09:10:23] - |A| - (. - .) - [2089] - (0.0.0.0) - C:\RHDSetup.log
[07/12/2016 13:49:08] - |D| - [0] - C:\rsit
[05/12/2016 19:53:59] - |D| - [0] - C:\SauvegardePersonnelle
[04/05/2017 10:16:17] - |D| - [59502164] - C:\SkinPack
[05/12/2016 11:07:11] - |SHD| - [0] - C:\System Volume Information
[04/05/2017 23:46:48] - |RD| - [130802992] - C:\Unreal Commander
[15/12/2016 08:09:08] - |D| - [28759887] - C:\UsbFix
[14/07/2009 04:37:05] - |RD| - [11724503102] - C:\Users
[06/05/2017 21:47:31] - |HD| - [0] - C:\VTRoot
[04/05/2017 10:19:05] - |HD| - [24770560] - C:\W7P_Backups
[12/07/2007 03:48:01] - |D| - [18216082000] - C:\Windows
---------- | C:\Windows
[MD5.065919847CF1C1C0A1C5F63C488EB54B] - [17/09/2010 09:26:45] - |A| - (. - .) - [33] - (0.0.0.0) - C:\Windows\0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/09/2010 08:57:00] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\Acer.tag
[04/02/2017 18:41:27] - |D| - [0] - C:\Windows\Acronis
[14/07/2009 06:52:30] - |D| - [802] - C:\Windows\addins
[14/07/2009 04:37:05] - |D| - [112290] - C:\Windows\AppCompat
[14/07/2009 04:37:05] - |D| - [9913976] - C:\Windows\AppPatch
[14/07/2009 04:37:05] - |RSD| - [866539318] - C:\Windows\assembly
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [14/12/2016 19:44:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[14/07/2009 04:37:06] - |D| - [18304606] - C:\Windows\Boot
[MD5.E14C43046B4F7D7A108B668EB176A521] - [14/07/2009 06:57:37] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 04:37:06] - |D| - [3233280] - C:\Windows\Branding
[MD5.6FBB766EB79F9EED3684194EEAF838DF] - [12/12/2016 23:50:28] - |A| - (. - .) - [11453] - (0.0.0.0) - C:\Windows\ChangeLang_Done.tag
[MD5.3A12D0855904754EB55D5A05BD301683] - [17/09/2010 03:45:55] - |A| - (. - .) - [10] - (0.0.0.0) - C:\Windows\CSUP.TXT
[14/07/2009 04:37:06] - |D| - [4853400] - C:\Windows\Cursors
[14/07/2009 06:34:21] - |D| - [0] - C:\Windows\debug
[06/10/2009 04:29:32] - |AD| - [254527] - C:\Windows\DeployWinRE2
[MD5.337F31202C81C9DC45F52600F41EF046] - [12/12/2016 15:21:00] - |A| - (. - .) - [14947] - (0.0.0.0) - C:\Windows\devices.txt
[14/07/2009 06:52:30] - |D| - [3042330] - C:\Windows\diagnostics
[14/07/2009 06:56:48] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.E7EDA9CE45F0E63CC811A3568F3D26DC] - [04/05/2017 13:58:20] - |A| - (. - .) - [64] - (0.0.0.0) - C:\Windows\diskpt.crt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\diskpt.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/05/2017 22:14:11] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\diskptex.dat
[MD5.3B3E3D81B9F4FAB89AC0B2769ABE17D3] - [14/12/2016 07:08:12] - |A| - (. - .) - [64] - (0.0.0.0) - C:\Windows\dm.dmap
[17/09/2010 09:17:21] - |D| - [52941297] - C:\Windows\Downloaded Installations
[14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files
[MD5.CD2200309CF3272C1E4CE018F3B0F443] - [07/05/2017 08:57:00] - |A| - (. - .) - [48114] - (0.0.0.0) - C:\Windows\driveicon.ico
[MD5.E7CCB395344AF1C555C45E55C149A773] - [17/09/2010 09:18:36] - |A| - (.Copyright (C) 2004 - EMCRI DLL.) - [361808] - (1.0.0.3) - C:\Windows\EMCRI_E.dll
[MD5.40D777B7A95E00593EB1568C68514493] - [06/05/2017 21:16:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2616320] - (6.1.7601.17514) - C:\Windows\explorer.exe
[MD5.4116CE62E6CBBBD7D0D5B4A20B89FB59] - [07/05/2017 09:06:44] - |A| - (. - .) - [916480] - (0.0.0.0) - C:\Windows\expstart.exe
[MD5.F38B53088F3200BC9B8037DBA400F0AA] - [12/12/2016 15:19:41] - |A| - (. - .) - [113264] - (0.0.0.0) - C:\Windows\FixUVC.exe
[14/07/2009 04:37:06] - |RSD| - [358395035] - C:\Windows\Fonts
[12/12/2016 23:44:18] - |D| - [142336] - C:\Windows\fr-FR
[MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 04:37:06] - |D| - [83144388] - C:\Windows\Globalization
[14/07/2009 04:37:06] - |D| - [38934178] - C:\Windows\Help
[MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 02:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 02:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[MD5.D6F717B7F6F2D38BFAC991D7D02D9C86] - [06/05/2017 20:31:19] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\hosts
[14/07/2009 04:37:06] - |D| - [143547244] - C:\Windows\IME
[14/07/2009 04:37:06] - |D| - [129607680] - C:\Windows\inf
[17/09/2010 09:17:22] - |SHD| - [1706682985] - C:\Windows\Installer
[14/07/2009 04:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[14/07/2009 04:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[MD5.EF3024328398C07DE0BDF35B67ABEC68] - [17/09/2010 08:57:27] - |A| - (. - .) - [172] - (0.0.0.0) - C:\Windows\LMv4.UNI
[14/07/2009 04:37:06] - |D| - [901205] - C:\Windows\Logs
[14/07/2009 04:37:06] - |RSD| - [20259763] - C:\Windows\Media
[MD5.8D132E1FF8BD600905DD81FC24E985E4] - [07/05/2017 18:01:49] - |A| - (. - .) - [188226985] - (0.0.0.0) - C:\Windows\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:55:01] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 04:37:07] - |D| - [401494084] - C:\Windows\Microsoft.NET
[14/12/2016 11:04:34] - |D| - [1496] - C:\Windows\Migration
[07/05/2017 18:02:06] - |D| - [145424] - C:\Windows\Minidump
[MD5.3C553D61A2270FB53DB6DA0A9FB54A55] - [07/05/2017 15:02:42] - |A| - (. - .) - [512] - (0.0.0.0) - C:\Windows\MirDetected.bin
[MD5.A8BF8A76DA1BDCAEFB65F2F987BCA8C5] - [23/04/2009 06:44:23] - |A| - (. - .) - [2572] - (0.0.0.0) - C:\Windows\MOD01OPK04000H0001.enc
[MD5.1162C16DCAF8288ADF7CB74DE472A107] - [17/09/2010 03:46:01] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\MOD01SET00000000MU.enc
[MD5.E551DAEAF6F19A8FCFA8E0D689870CD3] - [17/09/2010 09:21:10] - |A| - (. - .) - [2008] - (0.0.0.0) - C:\Windows\MOD01SET5K000G0002.enc
[MD5.448CA8C1E3F648FFEF53645B511C5F74] - [06/10/2009 22:46:28] - |A| - (. - .) - [2476] - (0.0.0.0) - C:\Windows\MOD01SET74FR0H0003.enc
[MD5.013985963D7C6010B033A70E452292BA] - [17/09/2010 09:21:10] - |A| - (. - .) - [2048] - (0.0.0.0) - C:\Windows\MOD01SET75000H0005.enc
[MD5.24D9E3329D9625546EDD7EEB46B33E9A] - [17/09/2010 09:21:10] - |A| - (. - .) - [2168] - (0.0.0.0) - C:\Windows\MOD01SET78000G0018.enc
[14/07/2009 04:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:04:57] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[12/12/2016 23:35:29] - |D| - [10136198] - C:\Windows\NAPP_Dism_Log
[MD5.D0B21C17A8FD3C4D452016AB5E640A58] - [06/10/2009 04:29:32] - |A| - (. - .) - [741] - (0.0.0.0) - C:\Windows\NewDeployWinRE.cmd
[MD5.D378BFFB70923139D6A4F546864AA61C] - [14/07/2009 01:41:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7600.16385) - C:\Windows\notepad.exe
[MD5.31D60373127C06FD2B41C28A11A66341] - [05/02/2017 12:14:42] - |A| - (. - .) - [87784] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[17/09/2010 09:31:33] - |D| - [229807] - C:\Windows\oem
[17/09/2010 09:36:37] - |D| - [499712] - C:\Windows\OEMTemp
[14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[17/09/2010 09:13:51] - |D| - [0] - C:\Windows\Options
[12/07/2007 03:49:28] - |D| - [1381781] - C:\Windows\Panther
[MD5.ACA81BF682ED2907FCEDF4A359BB8E1B] - [17/09/2010 09:37:39] - |A| - (. - .) - [70] - (0.0.0.0) - C:\Windows\patch.loag
[12/12/2016 15:32:00] - |D| - [0] - C:\Windows\PCHEALTH
[14/07/2009 06:52:30] - |D| - [62073347] - C:\Windows\Performance
[MD5.A7DDCDBFF307FC1BCE867C53EB49F638] - [04/02/2017 17:37:55] - |A| - (. - .) - [32342] - (0.0.0.0) - C:\Windows\PFRO.log
[MD5.C4929C7C4BE57AF744E315B239F61F07] - [12/12/2016 15:19:42] - |A| - (. - .) - [302] - (0.0.0.0) - C:\Windows\PidList_C.ini
[14/07/2009 04:37:07] - |D| - [1132015] - C:\Windows\PLA
[MD5.EADCEB89DD46DA2A5560CA2AF016A6A6] - [12/12/2016 15:19:42] - |A| - (.Copyright (C) 2007 - DefaultSettingEXE MFC Application.) - [206208] - (1.1.0.1) - C:\Windows\PLFSetI.exe
[14/07/2009 04:37:07] - |D| - [2859777] - C:\Windows\PolicyDefinitions
[17/09/2010 08:23:21] - |D| - [22954842] - C:\Windows\Prefetch
[MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 01:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 04:37:07] - |D| - [21544] - C:\Windows\Registration
[14/07/2009 04:37:07] - |D| - [5270451] - C:\Windows\Resources
[MD5.C8717886B101DFEF52EBC243C1706801] - [17/09/2010 09:10:23] - |A| - (.Copyright (C) 2010 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1251944] - (1.0.2.4) - C:\Windows\RtlExUpd.dll
[14/07/2009 04:37:07] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 04:37:07] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 04:37:07] - |D| - [5267914] - C:\Windows\security
[14/07/2009 06:34:13] - |D| - [53751631] - C:\Windows\ServiceProfiles
[14/07/2009 04:37:07] - |D| - [66240790] - C:\Windows\servicing
[14/07/2009 06:34:16] - |D| - [457] - C:\Windows\Setup
[MD5.FE2E55FD2205FFEDE360DE9B0EB11233] - [04/02/2017 16:09:43] - |A| - (. - .) - [11400] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/02/2017 16:09:43] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[MD5.0D0D3F885589CDEA678C3B17ABB70DC7] - [24/10/2014 10:12:04] - |A| - (.Copyright (C) 1998-2014 - ArchiCrypt Live Engine.) - [117848] - (19.1.1.0) - C:\Windows\SleeN1964.sys
[12/12/2016 15:02:19] - |D| - [552866041] - C:\Windows\SoftwareDistribution
[14/07/2009 04:37:07] - |D| - [70586312] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:48:09] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\suite.vssMgr.exe
[14/07/2009 04:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:04:23] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini
[12/07/2007 03:51:11] - |D| - [5485093652] - C:\Windows\System32
[14/07/2009 04:37:09] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 04:37:09] - |D| - [11532] - C:\Windows\Tasks
[14/07/2009 04:37:09] - |D| - [70801941] - C:\Windows\Temp
[14/07/2009 04:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 06:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [14/12/2016 19:45:00] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.B38882E54F783A2C37946C27091DC8B4] - [17/09/2010 09:18:30] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\Windows\UNINSTLMv4.EXE
[MD5.3D571A3CBF127E9555EAD2F8598F425F] - [13/07/2009 01:07:48] - |A| - (.Copyright (C) 2009 - Unsigned Themes Service.) - [21096] - (0.0.2.0) - C:\Windows\UnsignedThemesSvc.exe
[06/05/2017 21:16:17] - |D| - [3567104] - C:\Windows\UXBackup
[MD5.2BF7CEA794A8450B03159A2854A15511] - [06/05/2017 20:14:17] - |A| - (. - .) - [352256] - (0.0.0.0) - C:\Windows\uxpack.icons
[MD5.7255732B7ED89086BEA8DD5C4014E57B] - [06/05/2017 20:14:18] - |A| - (. - .) - [2413056] - (0.0.0.0) - C:\Windows\UxStyle_Core_Jul13_x86.msi
[14/07/2009 04:37:09] - |D| - [12420] - C:\Windows\Vss
[MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\vssMgr.exe
[MD5.22A43F0783307C94C79478FD4078A7E0] - [04/05/2017 10:19:04] - |A| - (. - .) - [6634] - (0.0.0.0) - C:\Windows\W7Patcher_x86_Uninstall.log
[14/07/2009 04:37:09] - |D| - [50922096] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:04:23] - |A| - (. - .) - [403] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:41:57] - |RAH| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.BCD4D802DBFA0AFA2D2C63B6CBC156C3] - [04/02/2017 17:40:46] - |A| - (. - .) - [1390264] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 22:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[14/07/2009 04:37:09] - |D| - [7705994148] - C:\Windows\winsxs
[MD5.360A166B4DD11DFD897F73F5410FDEE2] - [17/04/2010 02:28:46] - |A| - (.© 2008 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\Windows\WLXPGSS.SCR
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 23:34:23] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.72F2D357120F95C1E725C22915FE95E1] - [04/05/2017 14:19:35] - |A| - (. - .) - [193] - (0.0.0.0) - C:\Windows\WORDPAD.INI
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 01:41:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.603896977C69A2EC9FBE37C7C1A232D8] - [05/05/2017 09:02:57] - |A| - (. - .) - [36] - (0.0.0.0) - C:\Windows\xlkfs.log
[MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [12/12/2016 15:33:59] - |A| - (. - .) - [20] - (0.0.0.0) - C:\Windows\xö“
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 23:30:30] - |A| - (. - .) - [707] - (0.0.0.0) - C:\Windows\_default.pif
---------- | Systemroot\System
[14/07/2009 01:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[14/07/2009 01:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 23:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 23:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 22:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[14/07/2009 01:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[14/07/2009 01:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[14/07/2009 01:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 23:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 23:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 23:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 23:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 22:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 23:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 23:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 23:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[14/07/2009 00:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 23:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 23:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 22:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 23:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 23:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)
---------- | Systemroot\Installer (Microsoft Files Whitelisted)
[04/05/2017 13:49:17] - C:\Windows\Installer\1373ae6.msi : (PDQ Deploy - Admin Arsenal) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/07/2010 04:28:52] - C:\Windows\Installer\13ccf3.msi : (MSI Database - Insyde) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:42:22] - C:\Windows\Installer\1d5cdf2.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/12/2016 15:22:38] - C:\Windows\Installer\20566370.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2014 05:01:52] - C:\Windows\Installer\330278.msi : (UxStyle Core Beta - The Within Network, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/12/2016 07:18:09] - C:\Windows\Installer\34edd0.msi : (COMODO Secure Shopping - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/11/2016 19:50:16] - C:\Windows\Installer\34edd9.msi : (Acronis Backup Agent - Acronis) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2010 09:17:21] - C:\Windows\Installer\3c5f1.msi : (eSobi - esobi Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/09/2015 15:21:54] - C:\Windows\Installer\473c1c2.msi : (Jing - TechSmith Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/04/2017 07:55:22] - C:\Windows\Installer\4cb55b.msi : (COMODO Secure Shopping - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/05/2017 20:41:00] - C:\Windows\Installer\543e7ea.msi : (FileOpen - Foxit Software Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]