--------------- QuickDiag | g3n-h@ckm@n | V3_18.01.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 18/01/2017 16:33:50 Updated 18/01/2017 | 18.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Benjamin (Administrator)] - [BENJAMIN] (S-1-5-21-1793920283-211440705-2206316680) System: Microsoft Windows 10 Famille - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: Aspire E1-571G - Acer - IdNumber: NXM57EF00332524C0D3400 - UUID: 0C7BFA0A-FEC4-E211-B28B-2089847D5C8A Processor : X64 - 2395 Mhz - Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz V2.15 - - Insyde Corp. - S/N: NXM57EF00332524C0D3400 - V2.15 - ACRSYS - 1 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&6449DF9&0&0301 Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0269&SUBSYS_1025064B&REV_1001\4&6449DF9&0&0001 ---------- | Video Intel(R) HD Graphics 4000 - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_0166&SUBSYS_064B1025&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: -2110115840 NVIDIA GeForce 710M - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1140&SUBSYS_06911025&REV_A1\4&315EFEBD&0&0008 - AdapterCompatibility: NVIDIA - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 4000 - DriverVersion: 10.18.10.4276 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:3 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:3 % Total Overall CPU Usage value:0 % ---------- | Network Broadcom NetLink [TM] Gigabit Ethernet : SENT:0 bytes/sec / RECVD:0 bytes/sec Carte réseau sans fil Qualcomm Atheros AR5B125 : SENT:8,992 bytes/sec / RECVD:8,992 bytes/sec isatap.{B4FDDBBB-4658-432B-9732-0BD38F4C93DD} : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.wifi.univ-lorraine.fr : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:8,992 bytes/sec, / RECEIVE Maximum:8,992 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000 Broadcom NetLink (TM) Gigabit Ethernet - Ethernet 802.3 - Broadcom Corporation - Status: - PnPID : PCI\VEN_14E4&DEV_16B5&SUBSYS_06471025&REV_10\4&2B026579&0&00E0 Carte réseau sans fil Qualcomm Atheros AR5B125 - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0032&SUBSYS_E047105B&REV_01\4&1B6B0519&0&00E1 Microsoft ISATAP Adapter #4 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_3 Carte virtuelle directe Wi-Fi Microsoft - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&38F2C8C7&0&02 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Microsoft ISATAP Adapter - - - Status: - PnPID : WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH Microsoft ISATAP Adapter - - - Status: - PnPID : ---------- | Memory RAM = Total (MB) : 4005 | Free (MB) : 1562 Pagefile = Total (MB) : 4726 | Free (MB) : 1902 Virtual = Total (MB) : 4194 | Free (MB) : 3963 Physical Memory 2 : Capacity: 4294967296 - DIMM1 - Posit.: 2 - Manufacturer: Unknown - PartNumber: HMT451S6MFR8C-PB - S/N: 488076BF ---------- | SID Users Administrateur : [S-1-5-21-1793920283-211440705-2206316680-500] Benjamin : [S-1-5-21-1793920283-211440705-2206316680] DefaultAccount : [S-1-5-21-1793920283-211440705-2206316680-503] HomeGroupUser$ : [S-1-5-21-1793920283-211440705-2206316680-1006] Invité : [S-1-5-21-1793920283-211440705-2206316680-501] UpdatusUser : [S-1-5-21-1793920283-211440705-2206316680-1001] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-1793920283-211440705-2206316680-1005] WinRMRemoteWMIUsers__ : [S-1-5-21-1793920283-211440705-2206316680-1000] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [Acer] | Total : 448.73 Go | Free : 315.24 Go -> NTFS [SATA] E:\ -> [Removable] | [BENJAMIN] | Total : 14.4 Go | Free : 14.13 Go -> FAT32 [USB] F:\ -> [Removable] | [B_LEDOUX] | Total : 0.94 Go | Free : 0.41 Go -> FAT [USB] Disk Usage Information [3 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:911,853 bytes/sec Max Read:0 bytes/sec, Max Write:911,853 bytes/sec Physical Drive #2 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:911,853 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_ATA&PROD_WDC_WD5000LPVX-2\4&A134E8&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00\1C6F654CED3DFD81492C72B8&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\AF3BA433&0 ---------- | Windows updates No detected update !!! Windows Is Activated Possible Fixed Windows (Notification Mode) ---------- | Browsers IE : 11.0.14393.0 (© Microsoft Corporation. Tous droits réservés.) FF : 47.0.2.6148 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 55.0.2883.87 (Copyright 2016 Google Inc.) Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 24.0.0.194 FlashPlayer Plugin : 24.0.0.186 ---------- | Security AV : Windows Defender Disabled AS : Norton 360 Online Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 416 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 12:42:27] CPU Usage:0 % 716 | [Owner : | Parent : 612() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 12:42:27] CPU Usage:0 % 860 | [Owner : | Parent : 716(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.14393.479) = C:\Windows\System32\services.exe [25/12/2016 16:10:39] CPU Usage:0 % 868 | [Owner : | Parent : 716(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [18/10/2016 21:10:41] CPU Usage:0 % 984 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 8 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1044 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1064 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1092 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1312 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1408 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1556 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1564 | [Owner : | Parent : 860(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.54.) - (8.17.13.5354) = C:\Windows\System32\nvvsvc.exe [18/10/2016 13:49:59] CPU Usage:0 % 1900 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 1980 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 584 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2128 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe [27/10/2016 20:00:24] CPU Usage:0 % 2424 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2520 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2556 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2820 | [Owner : | Parent : 860(services.exe) | ?????] - (.Symantec Corporation - Norton 360.) - (13.1.2.9) = C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe [22/11/2016 18:27:50] CPU Usage:0 % 3040 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 2932 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 5660 | [Owner : | Parent : 860(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe [18/10/2016 21:10:53] CPU Usage:0 % 4160 | [Owner : | Parent : 2648() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.14393.594) = C:\Windows\System32\winlogon.exe [12/01/2017 16:53:38] CPU Usage:0 % 1948 | [Owner : | Parent : 1564(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 353.54.) - (8.17.13.5354) = C:\Windows\System32\nvvsvc.exe [18/10/2016 13:49:59] CPU Usage:0 % 6356 | [Owner : Benjamin | Parent : 1044(svchost.exe) | 22.47 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 12:42:09] CPU Usage:0 % 7424 | [Owner : Benjamin | Parent : 2820(n360.exe) | 83.35 Mo] - (.Symantec Corporation - Norton 360.) - (13.1.2.9) = C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe [22/11/2016 18:27:50] CPU Usage:0 % 3516 | [Owner : Benjamin | Parent : 860(services.exe) | 29.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 12:42:27] CPU Usage:0 % 3148 | [Owner : Benjamin | Parent : 7600() | 122.47 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.479) = C:\Windows\explorer.exe [25/12/2016 16:09:55] CPU Usage:0 % 2504 | [Owner : Benjamin | Parent : 1044(svchost.exe) | 18.69 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 12:42:36] CPU Usage:0 % 7720 | [Owner : Benjamin | Parent : 984(svchost.exe) | 46.89 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 12:42:05] CPU Usage:0 % 6612 | [Owner : Benjamin | Parent : 984(svchost.exe) | 3.46 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.594) = C:\Windows\System32\SettingSyncHost.exe [12/01/2017 16:53:19] CPU Usage:0 % 8332 | [Owner : | Parent : 1900(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 12:42:22] CPU Usage:0 % 2104 | [Owner : Benjamin | Parent : 984(svchost.exe) | 25.9 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe [16/07/2016 12:42:40] CPU Usage:0 % 4448 | [Owner : Benjamin | Parent : 3148(explorer.exe) | 137.06 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 6212 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 8.75 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 1736 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 9.18 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 304 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 46.76 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 7928 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 226.07 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 3876 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 42.04 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 3568 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 21.96 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 3372 | [Owner : Benjamin | Parent : 1368() | 7.68 Mo] - (.Symantec Corporation - Web Browser (Norton Identity Safe native host).) - (2015.8.1.3) = C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\conathst.exe [22/11/2016 18:27:50] CPU Usage:0 % 6664 | [Owner : Benjamin | Parent : 984(svchost.exe) | 8.96 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 12:42:27] CPU Usage:0 % 8888 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 87.24 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 5208 | [Owner : | Parent : 860(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe [20/04/2012 13:16:12] CPU Usage:0 % 5544 | [Owner : Benjamin | Parent : 984(svchost.exe) | 38.11 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [23/11/2016 09:04:08] CPU Usage:0 % 4412 | [Owner : | Parent : 860(services.exe) | ?????] - (.Dritek System INC. - RfBtnSvc Application.) - (1.5.8.30) = C:\Windows\RfBtnSvc64.exe [22/06/2013 22:41:54] CPU Usage:0 % 4168 | [Owner : | Parent : 860(services.exe) | ?????] - (.Dritek System Inc. - Dritek WMI Service.) - (3.7.0.3976) = C:\Program Files (x86)\Launch Manager\dsiwmis.exe [23/05/2013 06:05:39] CPU Usage:0 % 3396 | [Owner : Benjamin | Parent : 984(svchost.exe) | 53.93 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.693) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [12/01/2017 16:52:08] CPU Usage:0 % 2656 | [Owner : | Parent : 4168(dsiwmis.exe) | ?????] - (.Dritek System Inc. - Launch Manager utility process.) - (1.7.0.3976) = C:\Program Files (x86)\Launch Manager\LMutilps32.exe [23/05/2013 06:05:39] CPU Usage:0 % 2208 | [Owner : Benjamin | Parent : 4800() | 13.75 Mo] - (.Dritek System Inc. - Launch Manager.) - (7.0.10.3976) = C:\Program Files (x86)\Launch Manager\LManager.exe [23/05/2013 06:05:39] CPU Usage:0 % 6112 | [Owner : Benjamin | Parent : 2208(LManager.exe) | 10.37 Mo] - (.Dritek System Inc. - MMDx64Fx Application.) - (2.3.0.3976) = C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe [23/05/2013 06:05:39] CPU Usage:0 % 1744 | [Owner : Benjamin | Parent : 984(svchost.exe) | 6.13 Mo] - (.Intel Corporation - igfxext Module.) - (6.15.10.4276) = C:\Windows\System32\igfxext.exe [27/08/2015 18:20:10] CPU Usage:0 % 5020 | [Owner : | Parent : 860(services.exe) | ?????] - (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [22/06/2013 22:33:26] CPU Usage:0 % 9152 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 61.6 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 3564 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 60.56 Mo] - (.Google Inc. - Google Chrome.) - (55.0.2883.87) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [25/12/2013 01:23:37] CPU Usage:0 % 5836 | [Owner : Benjamin | Parent : 984(svchost.exe) | 89.03 Mo] - (.-.) - (1.0.1611.18000) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [23/11/2016 23:07:54] CPU Usage:0 % 4600 | [Owner : Benjamin | Parent : 984(svchost.exe) | 39.8 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.14393.82) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [18/10/2016 21:10:37] CPU Usage:0 % 8392 | [Owner : Benjamin | Parent : 984(svchost.exe) | 23.54 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.321) = C:\Windows\System32\smartscreen.exe [18/10/2016 21:12:55] CPU Usage:0 % 7892 | [Owner : Benjamin | Parent : 4448(chrome.exe) | 23.45 Mo] - (.SosVirus - QuickDiag.) - (18.1.17.1) = C:\Users\Benjamin\Downloads\QuickDiag.exe [18/01/2017 16:29:24] CPU Usage:0 % 8112 | [Owner : | Parent : 5660(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.206) = C:\Windows\System32\SearchProtocolHost.exe [18/10/2016 21:10:47] CPU Usage:0 % 4624 | [Owner : Système | Parent : 5660(SearchIndexer.exe) | 6.26 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.206) = C:\Windows\System32\SearchFilterHost.exe [18/10/2016 21:10:38] CPU Usage:0 % 4348 | [Owner : Benjamin | Parent : 3148(explorer.exe) | 30.25 Mo] - (.SosVirus - QuickDiag.) - (18.1.17.1) = C:\Users\Benjamin\Downloads\QuickDiag.exe [18/01/2017 16:29:24] CPU Usage:0 % ---------- | MD5 [MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - [25/12/2016 16:09:55] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4563.77 Ko] - (10.0.14393.479) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 12:42:36] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 12:42:16] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [18/10/2016 21:10:41] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 12:42:42] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.3C69CC28665854F1AAB4B4005005FA31] - [25/12/2016 16:10:39] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [443.94 Ko] - (10.0.14393.479) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [25/12/2016 16:09:51] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.917F081E2AB667C44F7D96DE1D16DFAE] - [12/01/2017 16:53:38] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [658 Ko] - (10.0.14393.594) : C:\WINDOWS\System32\Winlogon.exe [MD5.323AA1953ED9C01E23F740FA891FE064] - [27/10/2016 20:00:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.0D1D392ED2597F295956D058D33BD7C3] - [18/10/2016 21:11:33] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 12:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 12:41:54] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [18/10/2016 21:11:40] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.D5564FC81350458ED570528C4E3B1CCF] - [18/10/2016 21:10:43] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1153.84 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - [23/11/2016 09:03:30] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2202.84 Ko] - (10.0.14393.447) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 12:41:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 12:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 12:44:03] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.4F25E481124059CC593B4C68BC485640] - [27/10/2016 20:00:46] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2478.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 12:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 12:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA D3D Shim Driver, Version 353.54.) - (10.18.13.5354) -- C:\WINDOWS\SYSTEM32\nvumdshimx.dll (.NVIDIA Corporation.-.NVIDIA shim initialization dll, Version 353.54.) - (10.18.13.5354) -- C:\WINDOWS\system32\nvinitx.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.10.4276) -- C:\WINDOWS\system32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.10.4276) -- C:\WINDOWS\SYSTEM32\igdusc64.dll (.Symantec Corporation.-.Backup Shell.) - (10.3.0.24) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll (.Symantec Corporation.-.Symantec Library.) - (13.1.2.9) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\ccLib.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.Symantec Corporation.-.Symantec Extended File Attributes.) - (6.1.1.22) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\EFACli64.dll (..-..) - (1.3.246.1) -- C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll (.Symantec Corporation.-.Symantec Trust Validation Engine 64 bit.) - (13.1.2.9) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\ccVrTrst.dll (.Symantec Corporation.-.Symantec Settings Manager Engine.) - (13.1.2.9) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\ccSet.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 353.54.) - (10.18.13.5354) -- C:\WINDOWS\system32\nvapi64.dll (.Symantec Corporation.-.Symantec ccIPC Engine.) - (13.1.2.9) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\ccIPC.dll (.Symantec Corporation.-.Backup Common.) - (10.3.0.24) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buComm.dll (..-.Clearfishellext Dynamic Link Library.) - (1.0.0.0) -- C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll (.Symantec Corporation.-.Client SDK.) - (22.9.0.39) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\csdk.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll (.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4276) -- C:\WINDOWS\system32\igfxDTCM.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.1.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll (.Symantec Corporation.-.Norton Security Shell Extension Module.) - (22.8.1.14) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\NavShExt.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.5354) -- C:\WINDOWS\system32\nv3dappshext.dll (.Symantec Corporation.-.Symantec ccGenericEvent Engine.) - (13.1.2.9) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\ccGEvt.dll (.Symantec Corporation.-.CSDK Client Auxiliary Interface.) - (22.8.1.14) -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\csdkaux.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA D3D Shim Driver, Version 353.54.) - (10.18.13.5354) -- C:\WINDOWS\system32\nvumdshimx.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 353.54.) - (10.18.13.5354) -- C:\WINDOWS\system32\nvwgf2umx.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.10.4276) -- C:\WINDOWS\system32\igd10iumd64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Claire - (Claire.lnk [Startup]) - User: BENJAMIN\Benjamin Cleaner - (Cleaner.lnk [Startup]) - User: BENJAMIN\Benjamin Help - (Help.lnk [Startup]) - User: BENJAMIN\Benjamin Manual - (Manual.lnk [Startup]) - User: BENJAMIN\Benjamin CCleaner - ("C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin EPLTarget\P0000000000000001 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-402 403 405 406 Series" [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin OneDrive - ("C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin Spotify Web Helper - ("C:\Users\Benjamin\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin Spotify - ("C:\Users\Benjamin\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-1793920283-211440705-2206316680-1002\...\Run]) - User: BENJAMIN\Benjamin BackupRemind - (C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe [Common Startup]) - User: Public RTHDVCPL - (C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\...\Run]) - User: Public [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "IgfxTray"=0x060000000000000000000000 "HotKeysCmds"=0x060000000000000000000000 "Persistence"=0x060000000000000000000000 "SynTPEnh"=0x060000000000000000000000 "RTHDVCPL"=0x060000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"= "RadioController"="C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run "Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [15/08/2012 10:46:10] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce] ""= [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "BtvStack"="C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=25a7660e-a3f5-4562-bdf4-16e4e88 "GlassSessionId"=2 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\WINDOWS\system32\DRIVERS\SET53FE.tmp \??\C:\WINDOWS\system32\SET5450.tmp \??\C:\WINDOWS\system32\SET54A0.tmp \??\C:\Program Files\Synaptics\SynTP\SET5C59.tmp \??\C:\Program Files\Synaptics\SynTP\SET5E63.tmp [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=9 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=868 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u livessp ---------- | .LNK c:\users\benjamin\appdata\roaming\microsoft\internet explorer\quick launch\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://logiciens.com/go/10) - Hidden: False - Status: OK ---------- | AppCertDlls | AppInit_DLLs [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=C:\Windows\system32\nvinitx.dll,C:\WINDOWS\system32\nvinitx.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=C:\WINDOWS\SysWoW64\nvinit.dll ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"= "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "MouseMonitorEscapeSpeed"=0 [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=149 [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=1 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "Post81Update"=1 "StoreAppsOnTaskbar"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "DisableCAD"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "AllowLegacyWebView"=1 "AllowUnhashedWebView"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "DisableCAD"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "AllowLegacyWebView"=1 "AllowUnhashedWebView"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=150537606877 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "DisableCad"=1 "AutoAdminLogon"=0 "DefaultUserName"=MicrosoftAccount\benjamin.ledoux96@hotmail.fr "ShutdownWithoutLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 12:43:06] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 12:43:06] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X_VB6\Setup.exe"=1 [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\OEM\Preload\Command\AlaunchX\ALaunchX.exe"=0x534143500100000000000000070000002800000090921C00A4951C0001000000000000000000010673220000647CA60EA56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000009FAC1D00000000000100000001000000 "C:\Windows\System32\OEM\AlaunchX\AlaunchX.exe"=0x534143500100000000000000070000002800000048AE1A00A9CB1A0001000000000000000000020673220000647CA60EA56ACD010000000000000000 "C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe"=0x534143500100000000000000070000002800000000B202000000000001000000000000000000010673220000647CA60EA56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131212710332173972 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "ProductStatus"=0 "InstallTime"=0xE6AE602B8E6FCE01 "DisableAntiVirus"=1 "ManagedDefenderProductType"=0 "InstallLocation"=C:\Program Files\Windows Defender\ [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | @ [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\Windows\system32\blank.htm "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://acer13.msn.com "OperationalData"=1 "Default_Page_URL"=http://acer13.msn.com "DisableFirstRunCustomize"=1 [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "CertificateRevocation"=1 "EnableNegotiate"=1 "ZonesSecurityUpgrade"=0x510670FE8E6FCE01 "EmailName"=User@ "AutoConfigProxy"=wininet.dll "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "WarnOnPost"=0x01000000 "UseSchannelDirectly"=0x01000000 "EnableHttp1_1"=1 "UrlEncoding"=0 "WarnonZoneCrossing"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "DoNotTrack"=1 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | SIOI | SSODL | SEH | URLSH | STS [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded] - {4433A54A-1AC8-432F-90FC-85F045CF383C} -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [[22/11/2016 18:28:00]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending] - {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [[22/11/2016 18:28:00]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected] - {476D0EA3-80F9-48B5-B70B-05E677C9C148} -- C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [[22/11/2016 18:28:00]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:22:46]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:22:46]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:22:46]] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [[16/07/2016 12:42:17]] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:26:52]] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:26:52]] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [[15/11/2016 15:26:52]] ---------- | Toolbar [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=Norton Toolbar [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={095D2E3B-5E62-4651-955C-C9B8E684836B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=Norton Toolbar [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={095D2E3B-5E62-4651-955C-C9B8E684836B} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{095D2E3B-5E62-4651-955C-C9B8E684836B}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{095D2E3B-5E62-4651-955C-C9B8E684836B}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [13/12/2016 10:34:22] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] -> (Norton Identity Protection) : C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [22/11/2016 18:27:50] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/11/2016 15:26:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [13/12/2016 10:34:22] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] -> (Norton Identity Protection) : C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [22/11/2016 18:27:50] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [15/11/2016 15:26:52] ---------- | Chrome [HKLM\Software\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe] [HKLM\Software\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon\ [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon\ [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.186 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.186 Plugin) : C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=193.50.27.66 193.50.27.67 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1ac0e8a9-bff8-437e-bc29-a1dad21e7da8}] "DhcpNameServer"=193.50.27.66 193.50.27.67 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1ac0e8a9-bff8-437e-bc29-a1dad21e7da8}] "DhcpNameServer"=193.50.27.66 193.50.27.67 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) ---------- | Software [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Mine] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\OEM] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Piriform] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Policies] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-1793920283-211440705-2206316680-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Atheros] [HKLM\Software\ATI Technologies] [HKLM\Software\Clearfi] [HKLM\Software\Clients] [HKLM\Software\CyberLink] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\EA Games] [HKLM\Software\EPSON] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\GEAR Software] [HKLM\Software\Google] [HKLM\Software\IM Providers] [HKLM\Software\InstalledOptions] [HKLM\Software\Intel] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Norton] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\paint.net] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SonicFocus] [HKLM\Software\SRS Labs] [HKLM\Software\Symantec] [HKLM\Software\Synaptics] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WOW6432Node] [HKLM\Software\Volatile] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\Activision] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ATHEROS] [HKLM\Software\WOW6432Node\Bethesda Softworks] [HKLM\Software\WOW6432Node\Clearfi] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\Dritek] [HKLM\Software\WOW6432Node\DT Soft] [HKLM\Software\WOW6432Node\EA Games] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nero] [HKLM\Software\WOW6432Node\Norton] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OEM] [HKLM\Software\WOW6432Node\PowerPivot] [HKLM\Software\WOW6432Node\Qualcomm Atheros WiFi Driver Installation] [HKLM\Software\WOW6432Node\Qualcomm Atheros WLAN and Bluetooth Client Installation Program] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\SOSVirus] [HKLM\Software\WOW6432Node\Symantec] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\Texas Instruments] [HKLM\Software\WOW6432Node\Ubisoft] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\WafCX] [HKLM\Software\WOW6432Node\WildTangent] [HKLM\Software\WOW6432Node\WinRAR] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives E: F: ---------- | C: [23/11/2016 23:30:45] - |D| - [454221] - C:\$.RECYCLEBIN [22/08/2013 16:36:31] - |SHD| - [258] - C:\$Recycle.Bin [01/11/2016 11:39:40] - |D| - [5490191] - C:\AdwCleaner [MD5.A6799D0F42122C0D1E28655C10DB2707] - [10/06/2014 22:42:03] - |A| - (.-.) - [30] - (0.0.0.0) - C:\AVScanner.ini [MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 09:18:43] - |N| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [22/08/2013 15:45:52] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [18/10/2016 14:07:23] - |ASH| - (.-.) - [1640505344] - (0.0.0.0) - C:\hiberfil.sys [23/05/2013 05:40:00] - |D| - [1176676] - C:\Intel [MD5.CA6BE48E2593BA2D50DE6C41799B018E] - [11/01/2014 11:51:09] - |A| - (.-.) - [40] - (0.0.0.0) - C:\log.txt [28/12/2013 21:20:58] - |RHD| - [846075976] - C:\MSOCache [19/02/2016 16:25:44] - |D| - [4414] - C:\N360_BACKUP [11/08/2014 23:21:47] - |D| - [327680] - C:\NPE [23/05/2013 06:00:37] - |D| - [2110773941] - C:\OEM [16/01/2017 08:33:25] - |D| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2013 22:18:33] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys [16/07/2016 12:47:47] - |D| - [0] - C:\PerfLogs [16/07/2016 07:04:24] - |RD| - [5760386216] - C:\Program Files [16/07/2016 07:04:24] - |RD| - [38773336136] - C:\Program Files (x86) [16/07/2016 12:47:48] - |HD| - [3352879569] - C:\ProgramData [18/01/2017 16:32:50] - |D| - [262051] - C:\QuickDiag [MD5.2B8CD63DA0577C2622D6961CA7C23CD2] - [18/01/2017 16:33:50] - |A| - (.-.) - [111371] - (0.0.0.0) - C:\QuickDiag.txt [18/10/2016 14:45:18] - |SHD| - [971] - C:\Recovery [MD5.E8CE309167AD7D746A367296657DE540] - [09/04/2014 14:13:00] - |A| - (.Copyright © 2013 McAfee, Inc. - Security Scanner Startup DLL.) - [489064] - (3.8.150.0) - C:\SecurityScanner.dll [23/06/2013 08:12:50] - |HD| - [0] - C:\sources [MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2013 22:18:33] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [22/06/2013 22:18:32] - |SHD| - [7684700056] - C:\System Volume Information [04/06/2014 19:59:21] - |D| - [11972] - C:\temp [16/01/2017 20:42:44] - |AD| - [7027550] - C:\UsbFix [16/07/2016 07:04:24] - |RD| - [29756140615] - C:\Users [16/07/2016 07:04:24] - |D| - [60616694693] - C:\Windows [MD5.9C96A8C6CB9782369EC2974850E48285] - [20/06/2014 17:55:09] - |A| - (.-.) - [2880] - (0.0.0.0) - C:\{0BBCA920-D01D-438D-ABD7-DB4A105CEB5B} [MD5.0FFAB679B7CA8718FB192A07351922C3] - [11/08/2014 07:30:09] - |A| - (.-.) - [2736] - (0.0.0.0) - C:\{1970CD42-AEDA-48F2-BCD8-AA9973C55892} [MD5.95E34ECD79A69566AA755D6435960D65] - [27/03/2014 19:48:10] - |A| - (.-.) - [2408] - (0.0.0.0) - C:\{44C6929D-EE68-4B6F-945A-A2F08634DBB0} [MD5.1E60B0E1F3EF983840692B33C3352801] - [07/08/2014 19:59:11] - |A| - (.-.) - [2880] - (0.0.0.0) - C:\{4C1F75A4-81F3-449E-B791-191D9E7A1C70} [MD5.667F8963C4F8D152E719F622B0575D65] - [22/05/2015 18:30:22] - |A| - (.-.) - [3448] - (0.0.0.0) - C:\{5874832C-58FB-44F6-83BA-4C9764AFB3AB} [MD5.0637CD595A774C44CE534BD8AA807C10] - [29/04/2015 21:13:47] - |A| - (.-.) - [4168] - (0.0.0.0) - C:\{7157060A-C06F-4D0E-9564-FBAB80264B02} [MD5.2CA5C9E47132C668BEDC7F5313700E56] - [14/08/2014 22:06:21] - |A| - (.-.) - [1944] - (0.0.0.0) - C:\{9054D38F-34B6-4BEC-B5A7-B7FE60FFB1BE} [MD5.C6C6F4B8F16F5D210CB41D9C6D862CA1] - [27/03/2015 21:59:23] - |A| - (.-.) - [5120] - (0.0.0.0) - C:\{D65590D9-1230-411F-9088-B6BC0D48086E} [MD5.A4B8141AE487A4AC449FFBB1DD6842A5] - [20/01/2015 07:57:57] - |A| - (.-.) - [3664] - (0.0.0.0) - C:\{F08368BA-E7EB-495D-A97C-EB2932DD3B1F} [MD5.6F90058A7C20876D089DE807485F1013] - [27/09/2014 13:56:17] - |A| - (.-.) - [2960] - (0.0.0.0) - C:\{F1AAE789-F1F4-4FAB-B4AA-A752892ADC27} [MD5.6B47B9183F18690EF3EB6E0371133017] - [14/07/2015 21:26:39] - |A| - (.-.) - [3448] - (0.0.0.0) - C:\{F285B840-ACE7-478D-9820-5A5CD5F733C0} ---------- | C:\WINDOWS [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/05/2013 05:39:40] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\Acer.tag [16/07/2016 12:47:48] - |D| - [802] - C:\WINDOWS\addins [16/07/2016 12:47:48] - |D| - [10275491] - C:\WINDOWS\appcompat [16/07/2016 12:47:48] - |D| - [12471204] - C:\WINDOWS\AppPatch [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness [16/07/2016 12:47:47] - |RSD| - [998559863] - C:\WINDOWS\assembly [26/07/2012 09:12:59] - |D| - [0] - C:\WINDOWS\AUInstallAgent [16/07/2016 12:47:48] - |D| - [281160] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 12:42:16] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [16/07/2016 12:47:48] - |D| - [38116021] - C:\WINDOWS\Boot [MD5.8C2E5A582F6CD5A8894C3E98771FF15F] - [18/10/2016 13:47:58] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [16/07/2016 12:47:48] - |D| - [3715608] - C:\WINDOWS\Branding [16/07/2016 12:36:22] - |D| - [71369214] - C:\WINDOWS\CbsTemp [MD5.6A25CDBA332EB97320C405CBB4665E22] - [23/06/2013 08:17:56] - |A| - (.-.) - [29] - (0.0.0.0) - C:\WINDOWS\ChangeLang_Done.tag [MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [16/07/2016 23:46:34] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.2C24AC0867629F1AEEB5D753067A393E] - [14/06/2013 02:19:44] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.TXT [16/07/2016 12:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors [16/07/2016 12:47:48] - |D| - [4564883] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [18/10/2016 14:26:54] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [16/07/2016 12:47:48] - |D| - [4543876] - C:\WINDOWS\diagnostics [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [18/10/2016 14:26:54] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [16/07/2016 23:40:08] - |D| - [0] - C:\WINDOWS\DigitalLocker [22/06/2013 22:32:04] - |D| - [3805184] - C:\WINDOWS\Downloaded Installations [16/07/2016 12:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [16/07/2016 12:47:48] - |HD| - [68248] - C:\WINDOWS\ELAMBKUP [16/07/2016 23:40:08] - |D| - [0] - C:\WINDOWS\en-US [MD5.4E10FB1A015B49AC68F76C1A3F4D9C0F] - [25/12/2016 16:09:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4673304] - (10.0.14393.479) - C:\WINDOWS\explorer.exe [16/07/2016 12:47:48] - |RSD| - [397859484] - C:\WINDOWS\Fonts [16/07/2016 23:40:08] - |D| - [122368] - C:\WINDOWS\fr-FR [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [16/07/2016 12:47:48] - |D| - [20732976] - C:\WINDOWS\Globalization [16/07/2016 12:47:48] - |D| - [70344008] - C:\WINDOWS\Help [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 12:42:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 12:42:21] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [16/07/2016 12:47:48] - |D| - [173189928] - C:\WINDOWS\IME [16/07/2016 12:47:48] - |RD| - [6842480] - C:\WINDOWS\ImmersiveControlPanel [16/07/2016 12:45:54] - |D| - [104372021] - C:\WINDOWS\INF [16/07/2016 12:47:48] - |D| - [1082161303] - C:\WINDOWS\InfusedApps [16/07/2016 12:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod [16/07/2016 12:47:48] - |SHD| - [40422943632] - C:\WINDOWS\Installer [16/07/2016 12:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas [18/01/2017 10:32:32] - |D| - [2431512] - C:\WINDOWS\LastGood [MD5.F6298D45806A7B4500C7CC639A11692B] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [37376] - (12.1.0.20) - C:\WINDOWS\lfbmp12n.dll [MD5.2446FEC803DDD67F3D46170827C1EEB9] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [313856] - (12.1.0.20) - C:\WINDOWS\LFCMP12n.DLL [MD5.9981617DC7BD61AFC8A01E0C2429559D] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [78336] - (12.1.0.20) - C:\WINDOWS\lffax12n.dll [MD5.074B3454313C239FC28F23C7884E7C8E] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [109568] - (12.1.0.20) - C:\WINDOWS\lfjbg12n.dll [MD5.22D549F071127EA4A4077E987FA86736] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [32256] - (12.1.0.20) - C:\WINDOWS\lflmb12n.dll [MD5.C518EBEF6823FE1033156A9B9101B82A] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [33280] - (12.1.0.20) - C:\WINDOWS\lfpcx12n.dll [MD5.3D0917EB1D0652696F9B6F40CF73C870] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [190464] - (12.1.0.20) - C:\WINDOWS\lftif12n.dll [16/07/2016 12:47:48] - |D| - [8965256] - C:\WINDOWS\LiveKernelReports [MD5.66E4EFA6CACCC787604772D8F418CA4F] - [22/06/2013 22:38:21] - |A| - (.-.) - [184] - (0.0.0.0) - C:\WINDOWS\LMv7.UNI [16/07/2016 07:04:29] - |D| - [34003491] - C:\WINDOWS\Logs [MD5.DC01DE0348CB0B9B9E6FBE13DD2CAFC9] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [278528] - (12.1.0.20) - C:\WINDOWS\LTDIS12n.dll [MD5.0F92079224A82AF34E9A29F3827D7F7E] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [146944] - (12.1.0.20) - C:\WINDOWS\ltfil12n.DLL [MD5.32B88AE8CC83D4B49094E3BF8871258B] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [406016] - (12.1.0.20) - C:\WINDOWS\ltkrn12n.dll [MD5.54714AD6F8FCDB1416C4116DE88CFD6F] - [15/03/2013 11:27:22] - |A| - (.Copyright© 1991-2000 LEAD Technologies, Inc. - LEADTOOLS(r) DLL for Win32.) - [855040] - (12.1.0.20) - C:\WINDOWS\Ltwvc12n.dll [16/07/2016 12:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media [22/08/2013 16:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 12:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [16/07/2016 12:47:47] - |RD| - [819120081] - C:\WINDOWS\Microsoft.NET [16/07/2016 12:47:48] - |D| - [2563] - C:\WINDOWS\Migration [16/07/2016 12:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView [MD5.AD5E35589C218BFB54CA3671E33C79B3] - [08/02/2013 06:43:59] - |A| - (.-.) - [2784] - (0.0.0.0) - C:\WINDOWS\MOD01OPK0400210001.enc [MD5.7F4879AB6B9CB70AED61FADD373FCAB1] - [05/01/2012 09:05:59] - |A| - (.-.) - [3544] - (0.0.0.0) - C:\WINDOWS\MOD01OPK0A00210001.enc [MD5.54C5B255F7E73EB8E383C7F8860CAC09] - [14/06/2013 02:19:53] - |A| - (.-.) - [2208] - (0.0.0.0) - C:\WINDOWS\MOD01SET00000001A6.enc [MD5.33472374FF9E3D9EE637D0271E307D95] - [23/05/2013 06:11:56] - |A| - (.-.) - [2232] - (0.0.0.0) - C:\WINDOWS\MOD01SET780020000H.enc [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs [23/06/2013 08:07:33] - |D| - [276314743] - C:\WINDOWS\NAPP_Dism_Log [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 12:43:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [MD5.BA3ACE2296612FCA6D0DF0A8B95F26E2] - [03/01/2017 09:29:31] - |A| - (.-.) - [6588] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt [16/07/2016 23:41:15] - |D| - [199472] - C:\WINDOWS\OCR [23/05/2013 05:49:17] - |D| - [0] - C:\WINDOWS\oem [16/07/2016 12:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [18/10/2016 14:45:12] - |DC| - [195411353] - C:\WINDOWS\Panther [12/11/2016 17:45:45] - |D| - [0] - C:\WINDOWS\PCHEALTH [16/07/2016 12:47:48] - |D| - [29361704] - C:\WINDOWS\Performance [MD5.E459EB466B454F8D76790AAEF7166E2A] - [25/12/2016 15:12:02] - |A| - (.-.) - [5264] - (0.0.0.0) - C:\WINDOWS\PFRO.log [16/07/2016 12:47:48] - |D| - [1136442] - C:\WINDOWS\PLA [16/07/2016 12:47:48] - |D| - [2656332] - C:\WINDOWS\PolicyDefinitions [18/10/2016 13:47:17] - |D| - [16106554] - C:\WINDOWS\Prefetch [16/07/2016 12:47:48] - |RD| - [2036530] - C:\WINDOWS\PrintDialog [16/07/2016 12:47:48] - |D| - [1415119] - C:\WINDOWS\Provisioning [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 12:42:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe [16/07/2016 12:47:48] - |D| - [1117876] - C:\WINDOWS\Registration [16/07/2016 12:47:48] - |D| - [7635890] - C:\WINDOWS\rescache [16/07/2016 12:47:48] - |D| - [4132667] - C:\WINDOWS\Resources [MD5.F61333867216EDE1A09A7C55FEDCB6A8] - [22/06/2013 22:41:54] - |A| - (.Copyright (C) 2012 Dritek system INC. - RfBtnSvc Application.) - [96880] - (1.5.8.30) - C:\WINDOWS\RfBtnSvc64.exe [MD5.2A7B78F4CFA0F1A5655891DDAACEFAD9] - [22/06/2013 22:43:41] - |A| - (.Copyright (C) 2012 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1706640] - (1.0.3.8) - C:\WINDOWS\RtlExUpd.dll [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\SchCache [16/07/2016 12:47:48] - |D| - [121229] - C:\WINDOWS\schemas [16/07/2016 12:47:48] - |D| - [3522560] - C:\WINDOWS\security [18/10/2016 14:41:27] - |D| - [307562438] - C:\WINDOWS\ServiceProfiles [16/07/2016 07:04:24] - |D| - [185830337] - C:\WINDOWS\servicing [16/07/2016 12:49:46] - |D| - [42] - C:\WINDOWS\Setup [MD5.FE83C84BDEEB2752A5F494A74EFB9999] - [25/12/2016 16:05:01] - |A| - (.-.) - [4788] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/12/2016 16:05:01] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [16/07/2016 12:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences [30/10/2015 20:03:03] - |D| - [66140] - C:\WINDOWS\ShellNew [16/07/2016 23:40:46] - |D| - [3070736] - C:\WINDOWS\SKB [22/06/2013 22:28:42] - |D| - [380147899] - C:\WINDOWS\SoftwareDistribution [16/07/2016 12:47:48] - |D| - [86039341] - C:\WINDOWS\Speech [16/07/2016 12:47:48] - |D| - [53541356] - C:\WINDOWS\Speech_OneCore [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [27/10/2016 20:00:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [MD5.C27F1EAE27B704D86873ADF7E944616D] - [22/06/2013 22:49:12] - |A| - (.-.) - [40] - (0.0.0.0) - C:\WINDOWS\spotify.preload [MD5.3AB1C8424154FE138DD552A67280A32E] - [18/01/2017 10:32:50] - |A| - (.-.) - [490] - (0.0.0.0) - C:\WINDOWS\Synaptics.log [MD5.3AB1C8424154FE138DD552A67280A32E] - [18/01/2017 10:32:50] - |A| - (.-.) - [490] - (0.0.0.0) - C:\WINDOWS\Synaptics.PD.log [16/07/2016 12:47:48] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 14:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [16/07/2016 07:04:24] - |D| - [5264145042] - C:\WINDOWS\System32 [16/07/2016 12:47:48] - |D| - [144046344] - C:\WINDOWS\SystemApps [16/07/2016 12:47:48] - |D| - [17529069] - C:\WINDOWS\SystemResources [16/07/2016 07:04:27] - |D| - [1498793927] - C:\WINDOWS\SysWOW64 [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\TAPI [22/08/2013 16:36:30] - |D| - [1272] - C:\WINDOWS\Tasks [16/07/2016 12:47:48] - |D| - [38706] - C:\WINDOWS\Temp [22/08/2013 16:36:30] - |RD| - [0] - C:\WINDOWS\ToastData [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\tracing [16/07/2016 12:47:48] - |D| - [37719453] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 12:43:52] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.6F01EF713D69332EA9C526A6D1298A87] - [23/05/2013 06:05:40] - |A| - (.Copyright (C) 2000-2012 Dritek System Inc. - Uninstall Application.) - [284016] - (2.7.11.9) - C:\WINDOWS\UNINSTLMv7.EXE [MD5.F43386EB8318C8261FD9E765BD572A1D] - [22/06/2013 22:41:52] - |A| - (.Copyright (C) 2000-2012 Dritek System Inc. - Uninstall Application.) - [284240] - (2.6.4.20) - C:\WINDOWS\UnInstRfBtn.EXE [MD5.44FB50F9428D1E50D91B094628D8B7E4] - [22/06/2013 22:41:54] - |A| - (.-.) - [186] - (0.0.0.0) - C:\WINDOWS\UnInstRfBtn.UNI [22/08/2013 16:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins [16/07/2016 12:47:48] - |D| - [12420] - C:\WINDOWS\Vss [16/07/2016 12:47:48] - |D| - [17426821] - C:\WINDOWS\Web [MD5.E711DE76EF8430545C6052E2B98B81C0] - [26/07/2012 06:26:52] - |A| - (.-.) - [199] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 12:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [14/12/2016 08:26:08] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 12:42:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [16/07/2016 07:04:24] - |D| - [7677992323] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 12:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 12:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [06/09/2016 19:01:06] - C:\WINDOWS\Installer\10bf52.msi : (Live Updater - Acer Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/12/2016 10:51:07] - C:\WINDOWS\Installer\15e8ab6a.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/06/2013 22:32:04] - C:\WINDOWS\Installer\1e4e0.msi : (Broadcom Card Reader Driver Installer - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/06/2014 21:00:26] - C:\WINDOWS\Installer\3382fbe6.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/04/2012 13:23:42] - C:\WINDOWS\Installer\3a906.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [31/10/2012 02:40:08] - C:\WINDOWS\Installer\3a912.msi : (Install/UnInstall PhysX Driver + Engines: 2.7.1/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/09/2016 03:43:00] - C:\WINDOWS\Installer\41a831b.msi : (Epson Software Updater - SEIKO EPSON CORPORATION) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/11/2014 18:47:32] - C:\WINDOWS\Installer\43b08863.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/09/2016 22:56:12] - C:\WINDOWS\Installer\44e72dc4.msi : ( - dotPDN LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [07/02/2013 09:46:10] - C:\WINDOWS\Installer\69bc3.msi : (Blank Project Template - CyberLink Corp.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/08/2012 10:48:18] - C:\WINDOWS\Installer\71759.msi : (Norton Online Backup Installer - Symantec Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2013 18:19:22] - C:\WINDOWS\Installer\b9553ce.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2013 18:15:28] - C:\WINDOWS\Installer\b9553d6.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/01/2014 16:49:40] - C:\WINDOWS\Installer\da0ffb0.msi : (Blank Project Template - Qualcomm Atheros Communications) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [16/07/2016 12:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [21/12/2015 01:06:37] - [1948854] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 12:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 12:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [16/07/2016 12:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [16/07/2016 12:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | [Benjamin] [25/12/2013 00:24:26] - |D| - [4778400] - C:\Users\Benjamin\AppData\Roaming\Adobe [13/08/2014 20:23:45] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\AnkamaCertificates [04/06/2014 22:37:55] - |D| - [5103] - C:\Users\Benjamin\AppData\Roaming\app [30/12/2013 23:22:57] - |D| - [1544149157] - C:\Users\Benjamin\AppData\Roaming\Apple Computer [02/01/2014 17:25:24] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Atheros [07/10/2016 13:23:38] - |D| - [3052] - C:\Users\Benjamin\AppData\Roaming\Bio-Rad [04/07/2016 09:02:59] - |D| - [6361] - C:\Users\Benjamin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [25/01/2014 23:40:14] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\CyberLink [13/08/2014 20:22:51] - |A| - [121] - C:\Users\Benjamin\AppData\Roaming\D2Info0 [25/12/2013 00:47:06] - |D| - [1435828] - C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Pro [13/08/2014 20:22:51] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Dofus [15/08/2014 10:54:42] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Dofus-2 [15/08/2014 22:44:24] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Dofus-3 [13/08/2014 20:22:51] - |D| - [551793] - C:\Users\Benjamin\AppData\Roaming\Dofus2 [13/08/2014 20:22:51] - |A| - [8] - C:\Users\Benjamin\AppData\Roaming\DofusAppId0_1 [15/08/2014 10:54:42] - |A| - [8] - C:\Users\Benjamin\AppData\Roaming\DofusAppId0_2 [15/08/2014 22:44:25] - |A| - [8] - C:\Users\Benjamin\AppData\Roaming\DofusAppId0_3 [27/01/2015 22:11:54] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\EPSON [30/12/2013 15:08:45] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Identities [25/12/2013 00:24:23] - |D| - [1541932] - C:\Users\Benjamin\AppData\Roaming\lm [25/12/2013 01:07:32] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Macromedia [18/10/2016 13:53:45] - |SD| - [60540858] - C:\Users\Benjamin\AppData\Roaming\Microsoft [03/01/2014 00:14:59] - |D| - [31029097] - C:\Users\Benjamin\AppData\Roaming\Mozilla [01/07/2014 19:34:40] - |D| - [244210] - C:\Users\Benjamin\AppData\Roaming\Notepad++ [04/07/2016 09:53:59] - |D| - [17891] - C:\Users\Benjamin\AppData\Roaming\NVIDIA [04/06/2014 22:37:59] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Reg [20/06/2014 22:37:53] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\RegLocal [22/01/2014 14:32:39] - |RHD| - [5984] - C:\Users\Benjamin\AppData\Roaming\SecuROM [20/08/2014 20:22:44] - |D| - [61919402] - C:\Users\Benjamin\AppData\Roaming\Skype [03/04/2016 08:57:16] - |D| - [116075918] - C:\Users\Benjamin\AppData\Roaming\Spotify [25/12/2013 00:23:24] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Synaptics [04/04/2015 18:47:39] - |D| - [24110] - C:\Users\Benjamin\AppData\Roaming\TI ProgramEditor [04/07/2016 09:08:16] - |D| - [6071673] - C:\Users\Benjamin\AppData\Roaming\uTorrent [28/12/2013 00:16:55] - |D| - [313] - C:\Users\Benjamin\AppData\Roaming\WildTangent [30/04/2014 20:14:13] - |D| - [12] - C:\Users\Benjamin\AppData\Roaming\WinRAR [08/01/2017 19:18:50] - |D| - [973259] - C:\Users\Benjamin\AppData\Roaming\Wondershare [16/01/2017 20:54:33] - |D| - [3072597] - C:\Users\Benjamin\AppData\Roaming\ZHP [21/12/2015 13:36:59] - |D| - [0] - C:\Users\Benjamin\AppData\Local\ActiveSync [11/06/2014 20:55:33] - |D| - [1030794] - C:\Users\Benjamin\AppData\Local\Adobe [04/06/2014 19:54:52] - |D| - [1836238270] - C:\Users\Benjamin\AppData\Local\Ankama [30/12/2013 23:21:06] - |D| - [57078150] - C:\Users\Benjamin\AppData\Local\Apple [30/12/2013 23:22:57] - |D| - [39738644] - C:\Users\Benjamin\AppData\Local\Apple Computer [18/10/2016 13:53:45] - |SHD| - [126583567715] - C:\Users\Benjamin\AppData\Local\Application Data [25/12/2013 01:09:10] - |D| - [1655563] - C:\Users\Benjamin\AppData\Local\Apps [18/10/2016 15:50:38] - |D| - [114350] - C:\Users\Benjamin\AppData\Local\assembly [03/04/2016 08:59:26] - |D| - [0] - C:\Users\Benjamin\AppData\Local\CEF [25/12/2013 12:58:13] - |D| - [15145140] - C:\Users\Benjamin\AppData\Local\clear.fi [21/12/2015 13:36:41] - |D| - [31958457] - C:\Users\Benjamin\AppData\Local\Comms [18/10/2016 15:23:07] - |D| - [1395494] - C:\Users\Benjamin\AppData\Local\ConnectedDevicesPlatform [15/01/2014 17:12:20] - |D| - [3618344] - C:\Users\Benjamin\AppData\Local\CrashDumps [30/12/2013 22:48:48] - |D| - [108176] - C:\Users\Benjamin\AppData\Local\Cyberlink [18/10/2016 15:50:31] - |D| - [0] - C:\Users\Benjamin\AppData\Local\Deployment [25/12/2013 01:06:12] - |D| - [0] - C:\Users\Benjamin\AppData\Local\Diagnostics [25/12/2013 01:31:53] - |D| - [0] - C:\Users\Benjamin\AppData\Local\ElevatedDiagnostics [21/05/2014 22:26:20] - |SHD| - [0] - C:\Users\Benjamin\AppData\Local\EmieSiteList [21/05/2014 22:26:20] - |SHD| - [0] - C:\Users\Benjamin\AppData\Local\EmieUserList [25/12/2013 01:10:18] - |D| - [375772769] - C:\Users\Benjamin\AppData\Local\Google [30/06/2015 20:39:01] - |D| - [71] - C:\Users\Benjamin\AppData\Local\GWX [18/10/2016 13:53:45] - |SHD| - [130] - C:\Users\Benjamin\AppData\Local\Historique [18/10/2016 15:38:35] - |AH| - [193134] - C:\Users\Benjamin\AppData\Local\IconCache.db [25/06/2014 16:04:29] - |D| - [0] - C:\Users\Benjamin\AppData\Local\Macromedia [18/10/2016 13:53:45] - |D| - [504243433] - C:\Users\Benjamin\AppData\Local\Microsoft [25/12/2013 13:40:45] - |D| - [13238] - C:\Users\Benjamin\AppData\Local\Microsoft Corporation [28/12/2013 19:42:38] - |D| - [279604] - C:\Users\Benjamin\AppData\Local\Microsoft Help [27/12/2015 15:36:42] - |D| - [0] - C:\Users\Benjamin\AppData\Local\MicrosoftEdge [08/07/2015 12:11:18] - |D| - [456] - C:\Users\Benjamin\AppData\Local\MiTAC_International_Corpo [03/01/2014 00:14:59] - |D| - [15961384] - C:\Users\Benjamin\AppData\Local\Mozilla [08/06/2014 22:51:09] - |D| - [0] - C:\Users\Benjamin\AppData\Local\MusicPlayer [21/12/2015 13:43:08] - |D| - [0] - C:\Users\Benjamin\AppData\Local\NetworkTiles [11/08/2014 23:16:42] - |D| - [11972199] - C:\Users\Benjamin\AppData\Local\NPE [25/12/2013 00:22:57] - |D| - [789257442] - C:\Users\Benjamin\AppData\Local\Packages [27/09/2016 17:41:59] - |D| - [5800] - C:\Users\Benjamin\AppData\Local\paint.net [31/01/2014 19:45:27] - |D| - [0] - C:\Users\Benjamin\AppData\Local\Programs [21/12/2015 13:38:54] - |D| - [109972] - C:\Users\Benjamin\AppData\Local\Publishers [03/01/2017 08:49:55] - |A| - [7607] - C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg [25/12/2013 19:20:53] - |D| - [562208] - C:\Users\Benjamin\AppData\Local\SKIDROW [20/08/2014 20:22:53] - |D| - [0] - C:\Users\Benjamin\AppData\Local\Skype [03/04/2016 08:59:26] - |D| - [7487774499] - C:\Users\Benjamin\AppData\Local\Spotify [18/10/2016 13:53:45] - |D| - [25613064] - C:\Users\Benjamin\AppData\Local\Temp [18/10/2016 13:53:45] - |SHD| - [20700416] - C:\Users\Benjamin\AppData\Local\Temporary Internet Files [21/12/2015 13:35:24] - |D| - [11952128] - C:\Users\Benjamin\AppData\Local\TileDataLayer [25/12/2013 00:23:16] - |D| - [680462] - C:\Users\Benjamin\AppData\Local\VirtualStore [01/06/2014 21:14:51] - |D| - [82] - C:\Users\Benjamin\AppData\Local\Wondershare [25/12/2013 00:24:30] - |ASH| - [174] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [18/10/2016 13:53:45] - |SHD| - [38807] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [18/10/2016 13:53:45] - |RD| - [38807] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [04/07/2016 09:08:46] - |A| - [2741] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk [18/10/2016 13:53:45] - |RD| - [3888] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [18/10/2016 13:53:45] - |RD| - [2929] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [14/10/2014 18:09:24] - |D| - [1239] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Activision [25/12/2013 00:24:31] - |RD| - [174] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/10/2016 15:23:33] - |ASH| - [174] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/08/2014 19:50:43] - |D| - [2584] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dofus2 [27/12/2015 10:51:47] - |A| - [1051] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [27/12/2013 00:48:02] - |D| - [0] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [18/10/2016 13:53:45] - |D| - [170] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [28/12/2013 13:43:46] - |D| - [1336] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [17/12/2016 10:51:55] - |A| - [2458] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [03/04/2016 08:59:21] - |A| - [1893] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [25/12/2013 00:24:31] - |RD| - [3012] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [18/10/2016 13:53:45] - |RD| - [6376] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [18/10/2016 13:53:45] - |RD| - [7238] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [30/04/2014 20:14:04] - |D| - [4285] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [23/11/2016 23:30:47] - |A| - [765] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Claire.lnk [23/11/2016 23:30:47] - |A| - [657] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cleaner.lnk [25/12/2013 00:24:31] - |ASH| - [174] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [23/11/2016 23:30:47] - |A| - [763] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Help.lnk [23/11/2016 23:30:47] - |A| - [653] - C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Manual.lnk ---------- | [Public] ---------- | [UpdatusUser] [18/10/2016 13:53:46] - |SD| - [26695] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft [18/10/2016 13:53:46] - |SHD| - [49345857] - C:\Users\UpdatusUser\AppData\Local\Application Data [18/10/2016 13:53:46] - |SHD| - [0] - C:\Users\UpdatusUser\AppData\Local\Historique [18/10/2016 13:53:46] - |D| - [4485987] - C:\Users\UpdatusUser\AppData\Local\Microsoft [18/10/2016 13:53:46] - |D| - [0] - C:\Users\UpdatusUser\AppData\Local\Temp [18/10/2016 13:53:46] - |SHD| - [0] - C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files [18/10/2016 13:53:46] - |SHD| - [19158] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [18/10/2016 13:53:46] - |D| - [19158] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [18/10/2016 13:53:46] - |RD| - [3888] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [18/10/2016 13:53:46] - |RD| - [1486] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [18/10/2016 13:53:46] - |D| - [170] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [18/10/2016 13:53:46] - |RD| - [6376] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [18/10/2016 13:53:46] - |RD| - [7238] - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | C:\ProgramData [20/06/2014 16:52:08] - |D| - [5862] - C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [23/05/2013 05:49:22] - |D| - [233972504] - C:\ProgramData\Acer [04/06/2014 20:05:57] - |D| - [223994] - C:\ProgramData\Adobe [30/12/2013 23:18:56] - |D| - [116273072] - C:\ProgramData\Apple [30/12/2013 23:22:02] - |D| - [204707] - C:\ProgramData\Apple Computer [18/10/2016 14:30:52] - |SHD| - [34400260975] - C:\ProgramData\Application Data [02/01/2014 17:25:25] - |D| - [26] - C:\ProgramData\Atheros [07/10/2016 13:23:38] - |D| - [595] - C:\ProgramData\Bio-Rad [22/06/2013 22:58:35] - |D| - [4236380] - C:\ProgramData\boost_interprocess [25/12/2013 06:17:16] - |SHD| - [340] - C:\ProgramData\Bureau [22/06/2013 23:02:30] - |D| - [266] - C:\ProgramData\CLSK [16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms [22/06/2013 23:02:53] - |D| - [19056] - C:\ProgramData\CyberLink [25/12/2013 00:45:31] - |D| - [1774] - C:\ProgramData\DAEMON Tools Pro [18/10/2016 14:30:52] - |SHD| - [25883526] - C:\ProgramData\Documents [30/12/2013 15:03:21] - |D| - [6692242] - C:\ProgramData\EPSON [17/04/2016 09:22:19] - |D| - [62800] - C:\ProgramData\HP [22/06/2013 23:01:21] - |D| - [159293] - C:\ProgramData\install_clap [22/06/2013 22:22:38] - |D| - [259420] - C:\ProgramData\Intel [23/05/2013 05:45:55] - |D| - [3616] - C:\ProgramData\McAfee [25/12/2013 06:17:16] - |SHD| - [146660] - C:\ProgramData\Menu Démarrer [16/07/2016 12:47:48] - |SD| - [1667075616] - C:\ProgramData\Microsoft [28/12/2013 19:42:33] - |D| - [15064] - C:\ProgramData\Microsoft Help [18/10/2016 15:27:43] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [25/12/2013 06:17:16] - |SHD| - [0] - C:\ProgramData\Modèles [03/01/2014 00:14:48] - |D| - [37353] - C:\ProgramData\Mozilla [23/05/2013 05:49:46] - |AD| - [2616] - C:\ProgramData\Nero [22/06/2013 22:57:59] - |D| - [1014325738] - C:\ProgramData\Norton [22/06/2013 22:57:57] - |D| - [8324718] - C:\ProgramData\NortonInstaller [18/10/2016 13:50:05] - |D| - [123134074] - C:\ProgramData\NVIDIA [18/10/2016 13:49:44] - |D| - [4526819] - C:\ProgramData\NVIDIA Corporation [22/06/2013 22:55:14] - |D| - [0] - C:\ProgramData\OEM [25/12/2013 00:24:40] - |D| - [28] - C:\ProgramData\OEM_YAHOO [11/03/2014 19:36:48] - |D| - [7926] - C:\ProgramData\Origin [12/02/2016 23:15:02] - |D| - [0] - C:\ProgramData\PCSettings [23/05/2013 05:26:56] - |D| - [40160] - C:\ProgramData\PRICache [22/06/2013 22:35:56] - |D| - [44475] - C:\ProgramData\Qualcomm Atheros [04/07/2016 09:53:22] - |D| - [1705] - C:\ProgramData\regid.1986-12.com.adobe [16/07/2016 12:47:48] - |AD| - [2068] - C:\ProgramData\regid.1991-06.com.microsoft [17/03/2014 22:44:43] - |D| - [155] - C:\ProgramData\RELOADED [22/01/2014 14:29:53] - |SHD| - [7708] - C:\ProgramData\SecuROM [20/08/2014 20:22:20] - |D| - [145235968] - C:\ProgramData\Skype [16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution [27/08/2014 22:17:33] - |D| - [600565] - C:\ProgramData\Steam [22/06/2013 22:58:34] - |D| - [135170] - C:\ProgramData\Symantec [23/05/2013 05:50:47] - |D| - [447312] - C:\ProgramData\Temp [16/07/2016 12:47:48] - |D| - [5633] - C:\ProgramData\USOPrivate [18/10/2016 15:42:58] - |D| - [3223552] - C:\ProgramData\USOShared [23/05/2013 05:43:35] - |D| - [546396] - C:\ProgramData\WildTangent [01/06/2014 21:14:40] - |D| - [24145442] - C:\ProgramData\Wondershare [08/01/2017 19:34:10] - |D| - [0] - C:\ProgramData\wsr ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [22/06/2013 22:58:35] - |A| - [2133] - C:\ProgramData\Microsoft\Windows\Start Menu\Norton Online Backup.lnk [25/12/2013 06:17:16] - |SHD| - [144353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [16/07/2016 12:47:48] - |RD| - [144353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 12:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [16/07/2016 12:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [23/05/2013 05:49:16] - |D| - [3992] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [16/07/2016 12:47:48] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/12/2013 23:21:04] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [09/07/2014 14:47:56] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arena [19/04/2016 22:36:18] - |D| - [967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [23/05/2013 05:52:53] - |RD| - [4438] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 [16/07/2016 12:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/12/2013 14:06:43] - |D| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [05/01/2014 14:58:34] - |D| - [6978] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [25/10/2016 12:53:26] - |D| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [23/05/2013 05:43:38] - |RD| - [95] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [25/12/2013 01:23:38] - |A| - [2274] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [16/07/2016 12:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [22/06/2013 22:22:38] - |RD| - [122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [16/07/2016 12:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [22/01/2014 14:30:16] - |D| - [1265] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [28/12/2013 21:25:08] - |RD| - [53245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [18/06/2015 15:33:05] - |D| - [2342] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [16/07/2016 12:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [03/01/2014 00:14:48] - |A| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [12/02/2016 23:27:59] - |RD| - [2419] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [27/09/2016 17:43:36] - |A| - [1144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk [16/07/2016 12:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [27/08/2014 22:10:13] - |A| - [862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row IV.lnk [25/12/2013 19:20:00] - |D| - [2640] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row The Third [16/07/2016 12:47:48] - |RD| - [1923] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [16/07/2016 12:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [18/10/2016 14:03:24] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [30/04/2014 20:14:05] - |D| - [4213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [01/06/2014 21:14:43] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [08/01/2017 19:35:23] - |A| - [1749] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BackupRemind.lnk [16/07/2016 12:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [23/05/2013 05:49:16] - |D| - [4842992] - C:\Program Files (x86)\Acer [14/10/2014 17:45:58] - |D| - [10496872028] - C:\Program Files (x86)\Activision [04/06/2014 20:05:56] - |D| - [83067] - C:\Program Files (x86)\Adobe [30/12/2013 23:21:03] - |AD| - [2428606] - C:\Program Files (x86)\Apple Software Update [25/12/2013 19:09:44] - |D| - [9125544376] - C:\Program Files (x86)\Black_Box [30/12/2013 23:19:55] - |AD| - [631077] - C:\Program Files (x86)\Bonjour [16/07/2016 07:04:24] - |D| - [520455968] - C:\Program Files (x86)\Common Files [23/05/2013 05:51:52] - |D| - [169343701] - C:\Program Files (x86)\CyberLink [16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [01/06/2014 21:14:40] - |HD| - [1432064] - C:\Program Files (x86)\Dr.Fone_Temp [25/12/2013 13:59:51] - |D| - [7023143179] - C:\Program Files (x86)\EA Games [05/01/2014 14:59:49] - |D| - [8847290] - C:\Program Files (x86)\epson [05/01/2014 14:46:30] - |D| - [10236692] - C:\Program Files (x86)\EPSON Software [11/06/2016 16:37:01] - |D| - [168] - C:\Program Files (x86)\GameSpy Arcade [25/12/2013 01:10:23] - |D| - [403675650] - C:\Program Files (x86)\Google [23/05/2013 05:52:51] - |HD| - [244947871] - C:\Program Files (x86)\InstallShield Installation Information [15/01/2014 02:20:10] - |D| - [177675516] - C:\Program Files (x86)\Intel [16/07/2016 12:47:48] - |D| - [1990271] - C:\Program Files (x86)\Internet Explorer [22/06/2013 22:38:18] - |AD| - [29853645] - C:\Program Files (x86)\Launch Manager [28/12/2013 21:21:13] - |D| - [103148255] - C:\Program Files (x86)\Microsoft Analysis Services [22/01/2014 14:27:02] - |D| - [5930908] - C:\Program Files (x86)\Microsoft Games for Windows - LIVE [22/06/2013 22:57:17] - |D| - [96872395] - C:\Program Files (x86)\Microsoft Office [18/06/2015 15:31:58] - |AD| - [42890830] - C:\Program Files (x86)\Microsoft Silverlight [28/12/2013 21:24:21] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server [30/03/2014 13:13:07] - |D| - [979309] - C:\Program Files (x86)\Microsoft WSE [16/07/2016 12:47:48] - |AD| - [8855615] - C:\Program Files (x86)\Microsoft.NET [08/07/2015 12:02:13] - |D| - [1334] - C:\Program Files (x86)\Mio Technology [23/11/2016 23:34:24] - |AD| - [97196577] - C:\Program Files (x86)\Mozilla Firefox [03/01/2014 00:14:46] - |D| - [295885] - C:\Program Files (x86)\Mozilla Maintenance Service [18/10/2016 14:39:47] - |D| - [25757] - C:\Program Files (x86)\MSBuild [12/02/2016 23:27:59] - |AD| - [537639033] - C:\Program Files (x86)\Norton 360 [22/06/2013 22:58:04] - |AD| - [21096234] - C:\Program Files (x86)\Norton Online Backup ARA [22/06/2013 22:57:57] - |D| - [45814435] - C:\Program Files (x86)\NortonInstaller [01/07/2014 19:34:40] - |D| - [90258] - C:\Program Files (x86)\Notepad++ [18/10/2016 13:49:32] - |D| - [76636790] - C:\Program Files (x86)\NVIDIA Corporation [22/06/2013 22:37:07] - |AD| - [88283191] - C:\Program Files (x86)\Qualcomm Atheros [22/06/2013 22:41:53] - |D| - [426289] - C:\Program Files (x86)\RadioController [22/06/2013 22:43:41] - |D| - [3375865] - C:\Program Files (x86)\Realtek [18/10/2016 14:39:47] - |D| - [38450433] - C:\Program Files (x86)\Reference Assemblies [27/08/2014 21:57:57] - |AD| - [9145064893] - C:\Program Files (x86)\Saints Row IV [22/06/2013 22:58:34] - |D| - [8780328] - C:\Program Files (x86)\Symantec [22/06/2013 22:43:41] - |HD| - [0] - C:\Program Files (x86)\Temp [18/10/2016 13:49:56] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [23/05/2013 05:43:35] - |D| - [0] - C:\Program Files (x86)\WildTangent Games [16/07/2016 12:47:48] - |D| - [1941504] - C:\Program Files (x86)\Windows Defender [16/07/2016 12:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [16/07/2016 12:47:48] - |D| - [3275928] - C:\Program Files (x86)\Windows Media Player [16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [16/07/2016 12:47:48] - |D| - [7584962] - C:\Program Files (x86)\Windows NT [16/07/2016 12:47:48] - |D| - [5424832] - C:\Program Files (x86)\Windows Photo Viewer [16/07/2016 12:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [16/07/2016 12:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [16/07/2016 12:47:48] - |D| - [3240833] - C:\Program Files (x86)\WindowsPowerShell [30/04/2014 20:14:00] - |AD| - [5083138] - C:\Program Files (x86)\WinRAR [08/01/2017 19:18:43] - |D| - [8212803] - C:\Program Files (x86)\Wondershare ---------- | C:\Program Files [04/07/2016 09:34:14] - |AD| - [4739199] - C:\Program Files\Adobe [30/12/2013 23:19:55] - |AD| - [613967] - C:\Program Files\Bonjour [22/06/2013 22:32:06] - |D| - [3336605] - C:\Program Files\Broadcom [19/04/2016 22:36:16] - |AD| - [18626824] - C:\Program Files\CCleaner [16/07/2016 07:04:24] - |D| - [532696491] - C:\Program Files\Common Files [16/07/2016 12:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini [04/04/2015 17:14:34] - |D| - [677952] - C:\Program Files\DIFX [25/12/2013 06:17:16] - |SHD| - [532696491] - C:\Program Files\Fichiers communs [18/10/2016 13:48:52] - |D| - [37922562] - C:\Program Files\Intel [16/07/2016 12:47:47] - |D| - [2582634] - C:\Program Files\Internet Explorer [28/12/2013 21:21:13] - |D| - [120350535] - C:\Program Files\Microsoft Analysis Services [28/12/2013 21:21:05] - |AD| - [1414623117] - C:\Program Files\Microsoft Office [18/06/2015 15:31:58] - |AD| - [55721038] - C:\Program Files\Microsoft Silverlight [28/12/2013 21:23:48] - |D| - [35280] - C:\Program Files\Microsoft SQL Server [08/05/2014 22:54:19] - |D| - [679616] - C:\Program Files\Microsoft.NET [18/10/2016 14:39:46] - |D| - [25757] - C:\Program Files\MSBuild [18/10/2016 13:49:32] - |D| - [1082244311] - C:\Program Files\NVIDIA Corporation [27/09/2016 17:43:05] - |AD| - [59943707] - C:\Program Files\paint.net [18/10/2016 13:50:07] - |D| - [33820500] - C:\Program Files\Realtek [18/10/2016 14:39:46] - |D| - [36850857] - C:\Program Files\Reference Assemblies [18/10/2016 13:49:12] - |D| - [129602615] - C:\Program Files\Synaptics [26/07/2012 08:22:18] - |HD| - [0] - C:\Program Files\Uninstall Information [16/07/2016 12:47:47] - |RD| - [14913860] - C:\Program Files\Windows Defender [16/07/2016 12:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail [16/07/2016 12:47:47] - |D| - [4989628] - C:\Program Files\Windows Media Player [16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [16/07/2016 12:47:47] - |D| - [7849154] - C:\Program Files\Windows NT [16/07/2016 12:47:47] - |D| - [6223552] - C:\Program Files\Windows Photo Viewer [16/07/2016 12:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices [16/07/2016 12:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar [16/07/2016 12:47:47] - |HD| - [2181397319] - C:\Program Files\WindowsApps [16/07/2016 12:47:47] - |D| - [3661506] - C:\Program Files\WindowsPowerShell [01/06/2014 21:14:40] - |D| - [0] - C:\Program Files\Wondershare ---------- | C:\Program Files (x86)\Common Files [04/07/2016 09:25:06] - |AD| - [106738272] - C:\Program Files (x86)\Common Files\Adobe [04/06/2014 20:05:56] - |AD| - [49035776] - C:\Program Files (x86)\Common Files\Adobe AIR [30/12/2013 23:18:56] - |D| - [0] - C:\Program Files (x86)\Common Files\Apple [02/01/2014 16:50:40] - |D| - [94363] - C:\Program Files (x86)\Common Files\Atheros [11/03/2014 19:29:30] - |HD| - [916270] - C:\Program Files (x86)\Common Files\EAInstaller [22/06/2013 22:43:39] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield [18/10/2016 13:48:41] - |D| - [106847645] - C:\Program Files (x86)\Common Files\Intel [16/07/2016 12:47:48] - |AD| - [236084821] - C:\Program Files (x86)\Common Files\Microsoft Shared [22/06/2013 22:33:26] - |D| - [193596] - C:\Program Files (x86)\Common Files\postureAgent [02/01/2014 16:49:49] - |D| - [681368] - C:\Program Files (x86)\Common Files\QCA_Bluetooth [16/07/2016 12:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [28/12/2013 18:53:03] - |D| - [654304] - C:\Program Files (x86)\Common Files\Symantec Shared [16/07/2016 12:47:48] - |D| - [9989419] - C:\Program Files (x86)\Common Files\System [04/04/2015 17:14:16] - |AD| - [0] - C:\Program Files (x86)\Common Files\TI Shared [01/06/2014 21:14:51] - |D| - [7110868] - C:\Program Files (x86)\Common Files\Wondershare ---------- | C:\Program Files\Common files [23/07/2015 22:07:40] - |D| - [14166872] - C:\Program Files\Common files\AV [28/12/2013 21:24:40] - |AD| - [14488] - C:\Program Files\Common files\DESIGNER [30/12/2013 15:03:25] - |D| - [151648] - C:\Program Files\Common files\EPSON [16/07/2016 12:47:47] - |AD| - [507231272] - C:\Program Files\Common files\microsoft shared [16/07/2016 12:47:47] - |D| - [2702] - C:\Program Files\Common files\Services [12/02/2016 23:37:39] - |D| - [346906] - C:\Program Files\Common files\Symantec Shared [16/07/2016 12:47:47] - |D| - [10782603] - C:\Program Files\Common files\System ---------- | Tasks [MD5.0DA1368D015D61C89F7B87EF33D3FAA9] - [10/06/2014 22:18:52] - |A| - [1002] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [18/10/2016 14:13:12] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.3F8231311ADD56D6963AB1A19C0E5BD7] - [15/01/2014 02:20:31] - |A| - [264] - C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job [MD5.002DF3051B36338C5F28F79804386E00] - [30/10/2016 14:13:38] - |A| - [3988] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.EAB647C7A92F6BF718DEC12E6EB4EFDC] - [17/12/2016 10:53:19] - |A| - [3462] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00C3593364D207AF12C3D3F89F9FB88F] - [17/12/2016 10:53:19] - |A| - [3586] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [472606] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [23/11/2016 08:33:09] - |D| - [9974] - C:\WINDOWS\System32\Tasks\Norton 360 [MD5.279DE5A5C9E48BCC8757ABE8BD458037] - [23/11/2016 08:27:45] - |A| - [3376] - C:\WINDOWS\System32\Tasks\Norton WSC Integration : "C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\WSCStub.exe" [MD5.B6B192AD8C5BFD9070C2DAAF57A70A59] - [17/12/2016 10:52:40] - |A| - [3282] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.A65084A816FE0D05CC2A7DD58B38D50D] - [18/10/2016 15:45:57] - |A| - [4168] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9F4DE33F-52D0-427B-9547-EBD953E823A8} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [16/07/2016 12:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{4A010CC2-0B71-4A9D-A477-CFEA83D17CE6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (UDP-Out) (Benjamin)|Desc=Allow µTorrent network traffic| "{827C948C-C3E4-488A-B155-F0943CA78BE8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Benjamin)| "{F1E09F28-892F-4D64-9939-73449DF80605}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Benjamin)| "{3F294C94-9D9B-47F7-97D6-331FFA9AD131}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (UDP-In) (Benjamin)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{47BC5364-7A39-48ED-AC45-D539166AF511}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (TCP-Out) (Benjamin)|Desc=Allow µTorrent network traffic| "{298809CF-6CC1-46A0-B7F8-EC45390138AC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Benjamin\AppData\Roaming\uTorrent\uTorrent.exe|Name=μTorrent (TCP-In) (Benjamin)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{4AE906DB-38FD-41CE-B5DF-7CD9BA2E1867}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "{7953094C-ECB6-4B7B-9853-C271811E43E0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name='Firefox' (C:\Program Files (x86)\Mozilla Firefox)| "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ| "{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ| "{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ| "{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ| "{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7908B2AF-3A8F-42E0-9BAA-B888646AEFAF}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1793920283-211440705-2206316680-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F0C889A3-E93E-468C-9640-D0A090DD4C16}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Mozilla Firefox| "{2D5AC52D-20A8-413C-9EB6-B69707FE590C}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Mozilla Firefox| "{0BC6060D-AD64-4D03-9EB3-B2A37275D0F0}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Mozilla Firefox| "{DCAEAF0A-1B73-474D-B45E-D270FFF1670B}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Mozilla Firefox| "UDP Query User{18FF669E-DA64-4D2C-B4D6-9BE1E832E986}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe|Name=Need for Speed™ Most Wanted|Desc=Need for Speed™ Most Wanted|Defer=User| "TCP Query User{10B32897-BDA2-4604-9F2D-9E5622A03F80}C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\ea games\need for speed most wanted\nfs13.exe|Name=Need for Speed™ Most Wanted|Desc=Need for Speed™ Most Wanted|Defer=User| "{573E4A50-A4D9-4F1C-9E31-C6D89036A359}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{B137BABB-AFD5-4995-B86A-2707200FB599}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{07288305-F321-4D34-9115-43D43F275938}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{BAFEC17C-92BA-48D1-B74C-1D39482D26BE}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{663FE561-9FBA-4539-9F51-26BD284CB4DA}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe|Name=Daemonu.exe| "{CA085B48-F792-44B6-BB51-BE6ED9FD2BE2}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe|Name=Daemonu.exe| "{1E465962-7479-486D-BE7D-6FF8BD654A54}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe|Name=Daemonu.exe| "{2F55E09F-7DE1-4CC4-A5F0-C16121D2ADEA}"=v2.20|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe|Name=Daemonu.exe| "{5EA2F50C-F557-48C9-84F0-496E0F65DF62}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1793920283-211440705-2206316680-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{E7985E1D-C36F-4787-80A8-6350D07E9266}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{808F1451-4108-46FD-ADBB-F17324B5F0BD}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{B8754E6F-7017-414D-BEC5-36F5A678A8A8}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ| "{1C5CA9F3-A2C5-4D04-91BB-C92C72F3F66E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{CEBDE4F3-6EF4-4A95-9948-9792AA6661D9}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ| "{34A1CA1E-FA1F-4F2F-BF50-B999C06E1AC2}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9FC36FBE-84FA-4551-AFA3-5F791265E8E4}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ| "{33BB302A-D002-480D-B50F-3F150421EA54}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2EB72F76-7BBD-4282-A393-6AA6DD06744F}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ| "{1F92A4A2-D785-4CD6-9AC9-4D30CB52EF19}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6D1E9978-A343-462C-98C7-D7A5FEB50C67}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{E91434C3-5D8E-463E-9C81-BAF911FA7D27}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{3FF7698B-2D27-4A5D-BCD1-9B6F579B4CAE}C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe|Name=Saints Row: the Third|Desc=Saints Row: the Third|Defer=User| "UDP Query User{097E616B-6B9C-4338-BEBF-F9EC4A924BBD}C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe|Name=Saints Row: the Third|Desc=Saints Row: the Third|Defer=User| "{C0B03BDD-0EEF-4CF6-83CA-4EBF1D87E7D1}"=v2.22|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe|Name=Saints Row: the Third|Desc=Saints Row: the Third| "{965A61A8-C78D-4A4A-9D19-3364F7A85818}"=v2.22|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\black_box\saints row the third\saintsrowthethird.exe|Name=Saints Row: the Third|Desc=Saints Row: the Third| "TCP Query User{858B6BB0-05AD-4545-A6B4-744BCD9A6F2F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files (x86)\symantec\norton online backup\nobuclient.exe|Name=Norton Online Backup Service|Desc=Norton Online Backup Service|Defer=User| "UDP Query User{2831DFCD-29A7-403E-B791-05D8D9F49A9D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\symantec\norton online backup\nobuclient.exe|Name=Norton Online Backup Service|Desc=Norton Online Backup Service|Defer=User| "{8D063750-AD2F-41BB-95CB-A9F96ACC1918}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{854D6423-9614-4479-BC59-6A6C940AC99C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)| "{35967AA3-A6D2-49B9-BBC2-09C0012831EA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{9999083D-D959-4D2C-AD59-638D5C34E20A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{3A21850E-6689-461F-B5B4-D04E9D8C41B7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{99A467FF-50AA-42E5-AA90-3C9FDFAC0423}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{7C661CBE-838C-4A19-9EF1-98AD60EB8A28}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{66092B2F-FAC4-4DA4-96F6-90BA0E273FD4}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{938DE069-12C3-479A-9707-39DDB97201B6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{3F1A0B7E-6030-4C1E-8BD7-B5F0B9ADB14B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{925423DB-5D80-46AF-BF5B-3A16E410CE83}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ| "{6EB7050D-43C4-4005-902F-C296DB9BAB6E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{FF269ED0-CF64-4070-B4EE-78CA9943720C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{49385C49-CC06-4396-BDC5-0D2A5B0F160E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{76EF019A-574A-4A27-BA1F-DDBC539B2D5A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{50131AB1-375A-40C8-969B-1DD986FCDB32}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{CF94190E-4D8D-4026-B65A-9BA3BCF402F9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1B129E38-E865-4129-B26B-F5BBAE6B9187}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{5808757A-5CA9-4C7E-A525-8C20045CD69B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{BB872C2B-CE6C-4451-A45F-8E70737BB6DF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6EAE7DC3-6B1A-4C32-8D87-838962EBE496}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Desc=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{64B4F817-FD17-440C-92BC-742ED8C33A3C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Desc=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{C35BD091-B55E-4CD4-85CB-168CDF4A72F7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{8A60BDBD-FBBA-4129-8F77-452946DC8C3B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{E6A8D9F0-2523-451D-BCC1-353AA2C90D64}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ| "{8E8D1EC6-6E3E-4771-93AC-3A66EF520500}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Social Jogger|Desc=SNS_Metro|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-735506871-1950234619-4217917677-3343989752-710767753-48281256-969624558|EmbedCtxt=Social Jogger|Platform=2:6:2|Platform2=GTEQ| "{C79C1AD2-6A58-4A65-A7B8-9800F061C225}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Acer Crystal Eye|Desc=Acer Crystal Eye|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1804362688-992308185-2949125125-2659517757-3535517529-224013454-2655092833|EmbedCtxt=Acer Crystal Eye|Platform=2:6:2|Platform2=GTEQ| "{8C7C1025-F319-439C-A81D-EDE9D4171E59}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Acer Explorer|Desc=AcerExplorer|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-4064078117-538652333-2642387017-2477701237-3887694816-3370591880-4054822867|EmbedCtxt=Acer Explorer|Platform=2:6:2|Platform2=GTEQ| "{FCE65912-9073-493E-9374-1E7D411D0BDE}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Acer Explorer|Desc=AcerExplorer|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-4064078117-538652333-2642387017-2477701237-3887694816-3370591880-4054822867|EmbedCtxt=Acer Explorer|Platform=2:6:2|Platform2=GTEQ| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "{58D9E205-E9E5-4D27-8CD6-08477D178D8D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{AD513AC3-852D-49A0-8EE6-F96F64782D8C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|Desc=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3261124336-967904692-548716175-2724082555-235625598-1533749622-1468861831|EmbedCtxt=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{74F6D4B3-E978-4E65-96C6-28AC98D389E3}C:\program files (x86)\saints row iv\saintsrowiv.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\saints row iv\saintsrowiv.exe|Name=Saints Row IV|Desc=Saints Row IV|Defer=User| "UDP Query User{7D5D780B-A908-482F-ACA7-9C99CA75E806}C:\program files (x86)\saints row iv\saintsrowiv.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\saints row iv\saintsrowiv.exe|Name=Saints Row IV|Desc=Saints Row IV|Defer=User| "{5E04688D-A7D8-4E09-92F5-2A54D3D8D93B}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\saints row iv\saintsrowiv.exe|Name=Saints Row IV|Desc=Saints Row IV| "{A174394D-D2B2-450D-B289-F17155A37F4D}"=v2.26|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\saints row iv\saintsrowiv.exe|Name=Saints Row IV|Desc=Saints Row IV| "{E97502BA-6056-4ADA-B55C-C424CD1140AE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ| "{D9C64DCC-D575-44B8-BCA2-E9E7B3DAEBB8}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{1F67DAAD-5D91-4BF2-B6C8-5D92E62AEC54}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{FDB96703-39BF-460B-BFED-E30D6B22AA4B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{7A721158-68CB-4B3F-BA71-4AA2B3A363D0}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Desc=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-253023354-1127976746-3906962265-362626003-4127939218-3835539868-2341249685|EmbedCtxt=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Platform=2:6:2|Platform2=GTEQ| "{B4B8DBA0-C903-4500-AB73-13EF679294CE}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Desc=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-253023354-1127976746-3906962265-362626003-4127939218-3835539868-2341249685|EmbedCtxt=@{Microsoft.WindowsReadingList_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsReadingList/resources/appPackageName}|Platform=2:6:2|Platform2=GTEQ| "{9AA6F25D-C8A8-4EDB-90B0-DCD1C4A99D47}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Desc=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-778011547-1096124574-1799322564-3972718560-253206704-1472347756-15051174|EmbedCtxt=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{839DA067-5A01-40D6-BBD7-F36351AD66A5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Desc=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-778011547-1096124574-1799322564-3972718560-253206704-1472347756-15051174|EmbedCtxt=@{Microsoft.OneConnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{B0D20742-F505-4B3B-8063-E3A86D3ABDC0}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{C57AD202-9DEF-424D-B897-344FC49DD711}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{DA361D11-864D-415C-B1D8-5BE4312D59C9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{526B4B3C-1AD4-4D02-B1B1-373D8A6FC823}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{66607167-FD34-4DFB-B202-48297E76E4DD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{EB9D6305-0058-4FD3-8C5E-72976B1BEE9C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{EABE03A8-D218-4FD7-9118-F853C00D0280}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{16EAB287-ACAC-4094-B732-FEC0B2157B57}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{7ADB061F-36E3-414B-AA3E-A9B5283176B1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{EEC65125-ACB9-464C-ADE0-20DD4017BBF9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{19D9B6E0-0561-4F55-9493-F05A1C1EEA7D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{F527A272-A9FC-46BB-9E7C-39BA907987F3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{5C1411F6-BEB7-4925-999B-0E47C87788BD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ| "{DCFCD8F2-9397-4FD3-AA7B-017AFFD341E8}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{7DF9F6E9-D8CE-495A-A36B-FE7819AE4DF9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{407675B2-4750-4C7D-913D-6CE2483304A0}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{8EC54C77-A6E7-4B8A-9F29-FE8290AD8A9E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{D84CD2F4-25E6-4B61-81F9-496736A0A2CC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{E3C886DA-D95F-4B4E-94C0-AA0B8143E0AF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{6732E050-1580-4290-89A2-D1BE6338CECF}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{08568E8B-0468-41EC-B647-2512B318687D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{71F36F47-9F98-4A92-AC16-5D5263939AB6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{E38F735A-E490-488B-B953-55C24353BF19}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{C8EF9CD7-E538-4488-ACE7-DFA2FEA3A466}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{BCD660E4-CFE7-4AB1-8E81-496A647AB22A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{11E68D6C-6A9E-456A-9094-71079A512C4F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{7A879C3D-F05E-4DFD-A201-8E1C6D9D7886}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{5585CB69-20EC-4A13-B7FD-3D71162944DA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2EFEF6A1-D466-4C66-84C2-B69781611AB4}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{EE961C76-81C5-4B42-87F2-D8B5A3E0609B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{3805C14D-5205-4A60-AA3A-E67D69E5D83D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Desc=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-599759058-3479938838-1253218824-33263930-1483063708-2104800716-3218279855|EmbedCtxt=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{8C0103FC-65CB-4AFF-B71C-1234518D825A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Desc=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-599759058-3479938838-1253218824-33263930-1483063708-2104800716-3218279855|EmbedCtxt=@{Microsoft.WindowsFeedbackHub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{5528B4B8-368A-44A2-8E87-B8FFB9F60C64}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{C64F91C2-14A8-4FC2-B4E0-DDCFECBDD036}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2598A5AF-2438-4C14-BFD5-F8840D126717}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{24BCE0F5-7230-437A-AF0E-8241A6AF3AF8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{CD368F14-10A6-4CC8-A2C8-1B1A0E1C3E8A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{1A296841-0036-4B6B-838C-3E0B63D8F7D7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{FDA5D4C2-5AFC-4EF6-B9ED-2A615DE60F23}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{C6B7E7EE-BD67-4750-8491-B4F3575706C7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1793920283-211440705-2206316680-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem15.inf,%ClassName%;Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4532C9EB-FEF9-43AC-83DA-D5DE1F9A2BFF}] : (nvpciflt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{59F44B03-CCD2-460B-ACD8-53CBF375D174}] : (GEARAspiWDM) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem29.inf,%WDC_SAM_ClassName%;WD Drive Management devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem16.inf,%ClassName%;Android USB Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [22/11/2016 18:28:23] - (6.1.1.20) - (Symantec Corporation - Symantec Extended File Attributes) - C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [13/07/2015 20:45:08] - (10.18.13.5354) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 353.54) - C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [22/06/2013 22:58:05] - (12.0.0.106) - (Symantec Corporation - Common Client Settings Driver) - C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [22/11/2016 18:28:22] - (13.1.1.11) - (Symantec Corporation - Common Client Settings Driver) - C:\WINDOWS\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [22/11/2016 18:28:22] - (6.1.2.9) - (Symantec Corporation - Iron Driver) - C:\WINDOWS\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [12/02/2016 23:37:40] - (14.0.3.8) - (Symantec Corporation - Symantec Event Library) - C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [22/11/2016 18:27:51] - (15.0.10.29) - (Symantec Corporation - Symantec AutoProtect) - C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [22/11/2016 18:28:23] - (15.0.10.21) - (Symantec Corporation - Symantec AutoProtect) - C:\WINDOWS\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [22/11/2016 18:28:23] - (15.2.1.51) - (Symantec Corporation - Network Security Driver) - C:\WINDOWS\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [15/02/2016 21:23:30] - (116.1.0.62) - (Symantec Corporation - Symantec Eraser Control Driver) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [05/10/2016 20:24:26] - (116.1.0.62) - (Symantec Corporation - Symantec Eraser Utility Driver) - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/01/2017 07:19:49] - (11.0.0.357) - (Symantec Corporation - BASH Driver) - C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170112.001\BHDrvx64.sys [15/01/2014 16:50:58] - (9.0.0.9) - (The OpenVPN Project - TAP-Windows Virtual Network Driver) - C:\WINDOWS\System32\drivers\tap0901.sys [13/07/2015 20:45:08] - (10.18.13.5354) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 353.54) - C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [22/06/2013 22:41:52] - (2.2.1.1069) - (Dritek System Inc. - PS/2 KB to HID Device Driver) - C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [23/05/2013 06:07:37] - (19.1.3.6) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys [30/12/2013 23:22:45] - (2.2.3.0) - (GEAR Software Inc. - CD DVD Filter) - C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [23/05/2013 06:07:35] - (16.3.4.0) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [02/01/2014 16:51:17] - (8.0.0.220) - (Qualcomm Atheros - Qualcomm Atheros BUS driver) - C:\WINDOWS\System32\drivers\btath_bus.sys [11/06/2016 16:22:11] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\DRIVERS\atksgt.sys [11/06/2016 16:22:10] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\DRIVERS\lirsgt.sys [16/07/2016 12:41:50] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys [18/01/2017 10:05:26] - (16.0.0.1712) - (Symantec Corporation - IDS Core Driver) - C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170117.001\IDSvia64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - nvpciflt () -> system32\DRIVERS\nvpciflt.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - SymEFASI (Symantec Extended File Attributes (SI)) -> system32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SymELAM (Symantec ELAM Driver) -> system32\drivers\N360x64\1608010.00E\SymELAM.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BHDrvx64 (BHDrvx64) -> \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20170112.001\BHDrvx64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ccSet_N360 (N360 Settings Manager) -> \SystemRoot\system32\drivers\N360x64\1608010.00E\ccSetx64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ccSet_NARA (NARA Settings Manager) -> \SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - eeCtrl (Symantec Eraser Control driver) -> \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - IDSVia64 (IDSVia64) -> \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20170117.001\IDSvia64.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - SRTSP (Symantec Real Time Storage Protection x64) -> \SystemRoot\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SRTSPX (Symantec Real Time Storage Protection (PEL) x64) -> \SystemRoot\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SymIRON (Symantec Iron Driver) -> \SystemRoot\system32\drivers\N360x64\1608010.00E\Ironx64.SYS - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SymNetS (Symantec Network Security WFP Driver) -> \SystemRoot\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - atksgt (atksgt) -> system32\DRIVERS\atksgt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lirsgt (lirsgt) -> system32\DRIVERS\lirsgt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 12:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 12:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 12:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 12:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 12:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.138DBAE80F390B22297ACD861BDA996E] - [22/06/2013 22:41:52] - (.Copyright c 2005-2012 - PS/2 KB to HID Device Driver.) - [26.11 Ko] - (2.2.1.1069) - C:\WINDOWS\System32\Drivers\aPs2Kb2Hid.sys [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 12:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.835E2C1A3D32492E2B90BD4FE5527CB6] - [16/07/2016 12:41:50] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4134.5 Ko] - (3.0.2.201) - C:\WINDOWS\System32\Drivers\athw8x.sys [MD5.09149D03629A44F4773E621C432D1D89] - [11/06/2016 16:22:11] - (.-.) - [305.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\atksgt.sys [MD5.0630C8915B747E88E825CE7F73B66A5D] - [13/08/2012 09:59:42] - (.Copyright (c) 2010 Broadcom Corp. - Broadcom xD Picture Card Bus Driver.) - [70.59 Ko] - (1.1.16.0) - C:\WINDOWS\System32\Drivers\b57xdbd.sys [MD5.CA8457E528E13B38F8DC3B86B6BA4C6B] - [13/08/2012 09:59:42] - (.Copyright (c) 2010 Broadcom Corp. - Broadcom xD Picture Card Miniport Driver.) - [20.59 Ko] - (1.1.16.0) - C:\WINDOWS\System32\Drivers\b57xdmp.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 12:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 12:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.0E9B28782D0E5DE7C25207432B791B33] - [18/06/2012 15:20:52] - (.Copyright (c) 2009-2011 Broadcom Corportation - Broadcom Memory Stick Driver.) - [54.09 Ko] - (1.0.4.0) - C:\WINDOWS\System32\Drivers\bScsiMSa.sys [MD5.8F62F985BDD2F333A3EE34D54894363D] - [14/08/2012 10:15:36] - (.Copyright (c) 2010-2011 Broadcom Corportation - Broadcom SD 3.0 Driver.) - [69.09 Ko] - (1.0.0.243) - C:\WINDOWS\System32\Drivers\bScsiSDa.sys [MD5.C6978F7EBA6F37D626482AC6B9390630] - [02/01/2014 16:51:17] - (.Copyright (C) Qualcomm Atheros Solutions 2008 - Qualcomm Atheros BUS driver.) - [33.58 Ko] - (8.0.0.220) - C:\WINDOWS\System32\Drivers\btath_bus.sys [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 12:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 12:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 12:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 12:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 12:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.8E98D21EE06192492A5671A6144D092F] - [30/12/2013 23:22:45] - (.Copyright (C) GEAR Software Inc. 1997-2012 - CD DVD Filter.) - [32.46 Ko] - (2.2.3.0) - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MD5.772A1DEEDFDBC244183B5C805D1B7D85] - [23/05/2013 06:06:52] - (.Copyright © 2006-2011, Intel Corporation. - Intel(R) Management Engine Interface.) - [61.31 Ko] - (8.1.0.1263) - C:\WINDOWS\System32\Drivers\HECIx64.sys [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 12:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 12:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 12:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 12:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 12:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 12:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 12:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.6C024B3AE192D72B216166802AF345DD] - [22/06/2013 22:30:52] - (.Copyright(C) Intel Corporation 1994-2012 - Intel Rapid Storage Technology driver - x64.) - [630.81 Ko] - (11.5.4.1001) - C:\WINDOWS\System32\Drivers\iaStorA.sys [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 12:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 12:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.CEFA6BDB4789F3DA003ACBDCC64F5877] - [27/08/2015 18:20:10] - (.Copyright (c) 1998-2012 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [3708.42 Ko] - (10.18.10.4276) - C:\WINDOWS\System32\Drivers\igdkmd64.sys [MD5.87871AB7AC797F922A6F3D4C874CED96] - [21/08/2015 11:50:48] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [452.26 Ko] - (6.16.0.3154) - C:\WINDOWS\System32\Drivers\IntcDAud.sys [MD5.B1F193AB8FB72E9FC34B3A39314ED872] - [29/07/2015 20:23:26] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [49.06 Ko] - (4.5.65.0) - C:\WINDOWS\System32\Drivers\intelaud.sys [MD5.DD1F43B86AD84E53203F92FD3EF3AEB6] - [29/07/2015 20:23:26] - (.Copyright © 2013-2013, Intel Corporation. - Intel® WiDi Solution.) - [38.06 Ko] - (4.5.65.0) - C:\WINDOWS\System32\Drivers\iwdbus.sys [MD5.8438B8A45E16258064C19FBEC4EE069F] - [16/07/2016 12:41:53] - (.Copyright 2000-2011, Broadcom Corporation. - Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver..) - [436 Ko] - (15.6.1.3) - C:\WINDOWS\System32\Drivers\k57nd60a.sys [MD5.5EA407821BB3104C31A705175AB4F309] - [11/06/2016 16:22:10] - (.-.) - [42.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\lirsgt.sys [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 12:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [18/10/2016 21:12:55] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 12:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 12:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.EE00C544C025958AF50C7B199F3C8595] - [25/07/2013 16:53:46] - (.Copyright (C) 2009 Apple Inc. - Apple Mobile Device Ethernet.) - [22.5 Ko] - (1.8.5.1) - C:\WINDOWS\System32\Drivers\netaapl64.sys [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 12:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys [MD5.AEEA2EC9CEEB8ADE8284583BBB98AB0D] - [13/07/2015 20:45:08] - (.(C) 2015 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 353.54.) - [10878.14 Ko] - (10.18.13.5354) - C:\WINDOWS\System32\Drivers\nvlddmkm.sys [MD5.96C8DE2AE83B2633B937D7121EC9A96F] - [13/07/2015 20:45:08] - (.(C) 2015 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 353.54.) - [30.82 Ko] - (10.18.13.5354) - C:\WINDOWS\System32\Drivers\nvpciflt.sys [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 12:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 12:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 12:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.9CC645EB9697AA4F2D5A39835C80A0A2] - [22/06/2013 22:43:44] - (.Copyright (c) Realtek Semiconductor Corp.1998-2012 - Realtek(r) High Definition Audio Function Driver.) - [3965.39 Ko] - (6.0.1.6657) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.AB191E50DA5DC1E69311742E3930A61E] - [04/04/2015 17:14:32] - (.Copyright © 2008-2009 Texas Instruments - silvrlnk.sys.) - [126.5 Ko] - (1.0.0.9) - C:\WINDOWS\System32\Drivers\silvrlnk.sys [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 12:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 12:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.ADA22D5A50C5F6AFEEC49AE795BC7A8A] - [17/01/2017 01:03:50] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics SMBus Driver.) - [72.59 Ko] - (19.1.3.6) - C:\WINDOWS\System32\Drivers\Smb_driver_AMDASF_Aux.sys [MD5.5CDEF3A06AEA1B510F3F4B09340247D5] - [23/05/2013 06:07:35] - (.Copyright (C) Synaptics Incorporated 1996-2012 - Synaptics SMBus Driver.) - [30.3 Ko] - (16.3.4.0) - C:\WINDOWS\System32\Drivers\Smb_driver_Intel.sys [MD5.C56F1F44B0D8561247A887BD2C361C15] - [17/01/2017 01:03:50] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics SMBus Driver.) - [76.09 Ko] - (19.1.3.6) - C:\WINDOWS\System32\Drivers\Smb_driver_Intel_Aux.sys [MD5.9593475FBC857A05D93BFF4FA7323C2B] - [05/09/2016 04:47:06] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver.) - [128.63 Ko] - (2.12.4.0) - C:\WINDOWS\System32\Drivers\ssudbus.sys [MD5.592FF34A2FD6C6351B8A3AA76B2C0A9E] - [05/09/2016 04:47:12] - (.Copyright ⓒ SAMSUNG - SAMSUNG Android Modem Device Driver.) - [161.63 Ko] - (2.12.4.0) - C:\WINDOWS\System32\Drivers\ssudmdm.sys [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 12:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.E542C084F75E441550FB5D27B3557E96] - [12/02/2016 23:37:40] - (.Copyright (C) Symantec Corporation 2013 - Symantec Event Library.) - [98.23 Ko] - (14.0.3.8) - C:\WINDOWS\System32\Drivers\SYMEVENT64x86.SYS [MD5.D2C57C0B6EECEC012B1441EB4EAF1E71] - [23/05/2013 06:07:37] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Touchpad Win64 Driver.) - [828.59 Ko] - (19.1.3.6) - C:\WINDOWS\System32\Drivers\SynTP.sys [MD5.3C32FF010F869BC184DF71290477384E] - [15/01/2014 16:50:58] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver.) - [39.71 Ko] - (9.0.0.9) - C:\WINDOWS\System32\Drivers\tap0901.sys [MD5.F5520DBB47C60EE83024B38720ABDA24] - [17/09/2014 21:41:24] - (.TeamViewer GmbH - TeamViewerVPN Network Adapter.) - [34.29 Ko] - (9.0.0.3) - C:\WINDOWS\System32\Drivers\teamviewervpn.sys [MD5.C9E9D59C0099A9FF51697E9306A44240] - [13/12/2012 14:50:36] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.64.0.0) - C:\WINDOWS\System32\Drivers\usbaapl64.sys [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 12:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 12:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 12:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys [MD5.663DC57CDF45FBF523087612856EBE55] - [08/01/2017 19:32:02] - (.ゥ Google Inc. - ADB Interface.) - [39.77 Ko] - (1.0.1.1) - C:\WINDOWS\System32\Drivers\wsadb.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON XP-402 403 405 406 Series] : (EPSON XP-402 403 405 406 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IINSIJE.EXE /R /APD /P:"EPSON XP-402 403 405 406 Series" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Sevinst] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5A68A656-979F-4168-8795-E2E368AA4DC2}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{787136D2-F0F8-4625-AA3F-72D7795AC842}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7B50D081-E670-3B43-A460-0E2CDB5CE984}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A1D05314-DC32-4668-A97E-51060EC8BCCE}] : (paint.net.-.dotPDN LLC) -> MsiExec.exe /X{A1D05314-DC32-4668-A97E-51060EC8BCCE} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Qualcomm Atheros Communications) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 353.54.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 327.02.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{7117347B-F8A0-49F9-AF50-2C3269AE6479}\NVI2.DLL",UninstallPackage Display.Driver [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus 1.14.17.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.12.1031.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{0BA38CFA-09F0-4199-9026-B033418294A8}\NVI2.DLL",UninstallPackage Display.PhysX [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 1.14.17.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{7117347B-F8A0-49F9-AF50-2C3269AE6479}\NVI2.DLL",UninstallPackage Display.Update [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update] : (NVIDIA Update Components.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DFFEB619-5455-3697-B145-243D936DB95B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}] : (Broadcom Card Reader Driver Installer.-.Broadcom Corporation) -> MsiExec.exe /I{F0A7DF2F-0BE0-470F-B137-D7A19F977189} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 24 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\com.adobe.downloadassistant.AdobeDownloadAssistant] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EPSON Scanner] : (EPSON Scan.-.Seiko Epson Corporation) -> C:\Program Files (x86)\epson\escndv\setup\setup.exe /r [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso 6.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LManager] : (Launch Manager.-.Acer Inc.) -> C:\Windows\UNINSTLMv7.EXE LMv7.UNI [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2005 Tools for Office Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 47.0.2 (x86 fr)] : (Mozilla Firefox 47.0.2 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\N360] : (Norton 360 Online.-.Symantec Corporation) -> "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\22.8.1.14\InstStub.exe" /X /ARP [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NARA] : (Norton Online Backup ARA.-.Symantec Corporation) -> C:\Program Files (x86)\NortonInstaller\{311739EB-5C94-4EE1-B911-2D1F005060F4}\NARA\LicenseType\4.1.0.14\InstStub.exe /X /ARP [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RadioController] : (Dritek Radio Controller.-.Dritek System Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\U2FpbnRzUm93SVY=_is1] : (Saints Row IV.-.) -> "C:\Program Files (x86)\Saints Row IV\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Usbfix] : (UsbFix.-.www.SOSVirus.Net) -> C:\UsbFix\Un-UsbFix.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Visual Studio Tools for the Office system 3.0 Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.01 (32-bit).-.win.rar GmbH) -> C:\Program Files (x86)\WinRAR\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0B311221-05A5-4766-8D03-7A6446794156}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}] : (Qualcomm Atheros WLAN and Bluetooth Client Installation Program.-.Qualcomm Atheros) -> "C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{388E4B09-3E71-4649-8921-F44A3A2954A7}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3AAB08A3-F129-4BD5-B409-AE674F93759D}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D9CB654-99AD-4301-89C6-0D12A790767C}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}] : (Norton Online Backup.-.Symantec Corporation) -> MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B7IL77L-LKS1-ROW3-SAINTS-18CD6E6334R1}_is1] : (Saints Row The Third version 1.0.-.THQ) -> "C:\Program Files (x86)\Black_Box\Saints Row The Third\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}] : (Office Addin.-.Acer) -> MsiExec.exe /I{6D2BBE1D-E600-4695-BA37-0B0E605542CC} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{77D28FF5-242F-488A-8215-937D6A4D69E0}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{77D28FF5-242F-488A-8215-937D6A4D69E0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8FB53850-246A-3507-8ADE-0060093FFEA6}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABC88553-8770-4B97-B43E-5A90647A5B63}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68}] : (Epson Software Updater.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B8B7838E-449E-B187-57E1-1AA686F225DC}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BD9CFD69-EB91-354E-9C98-D439E6091932}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C994C746-C6D0-4EBA-B09E-DF7B18381B69}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D682CFD5-88C0-4CC0-B777-6F2AD3814E4D}_is1] : (Prototype2 1.0.-.Activision) -> "C:\Program Files (x86)\Activision\Prototype 2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D9DAD0FF-495A-472B-9F10-BAE430A26682}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E3739848-5329-48E3-8D28-5BBD6E8BE384}] : (CyberLink MediaEspresso 6.5.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999}] : (Live Updater.-.Acer Incorporated) -> MsiExec.exe /X{EE26E302-876A-48D9-9058-3129E5B99999} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF0D1292-8FC1-41BE-9740-DBC134F66415}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}] : (Intel(R) SDK for OpenCL - CPU Only Runtime Package.-.Intel Corporation) -> C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall ---------- | Installer [HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : -> C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe [HKCR\Installer\Products\203E62EEA6789D84098513925E9B9999] : Live Updater -> C:\windows\Installer\{EE26E302-876A-48D9-9058-3129E5B99999}\icon.ico [HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico [HKCR\Installer\Products\41350D1A23CD86649AE71560E08CCBEC] : paint.net -> C:\WINDOWS\Installer\{A1D05314-DC32-4668-A97E-51060EC8BCCE}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\46B5A9879DD95AB419A50FCFA0B1B7EF] : Apple Software Update -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico [HKCR\Installer\Products\497E0F4B5F11179458CED6F7E2D4CA86] : Epson Software Updater -> C:\WINDOWS\Installer\{B4F0E794-11F5-4971-85EC-6D7F2E4DAC68}\icon.ico [HKCR\Installer\Products\5FF82D77F242A884285139D7A6D4960E] : Adobe AIR [HKCR\Installer\Products\6FD66A043D225B447A3D381B812A0CCD] : Norton Online Backup -> C:\Windows\Installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico [HKCR\Installer\Products\8489373E92353E84D882B5DBE6B83E48] : MediaEspresso -> C:\windows\Installer\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8FC229B8C6A8EC148A851F57D5F7D592] : NVIDIA PhysX -> C:\Windows\Installer\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}\icon.ico [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\DFA4044F3FE21C04C890925E3F6B79B2] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\F2FD7A0F0EB0F0741B737D1AF9791798] : Broadcom Card Reader Driver Installer -> C:\Windows\Installer\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}\ARPPRODUCTICON.exe ---------- | ADS ---------- | Drives Disk: 0 Size=477G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Insyde Corp. System Manufacturer: Acer System Product Name: Aspire E1-571G Logical Drives Mask: 0x0000003c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x23b8 Heure de début de l’application défaillante : 0x01d2718a8a738a99 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : f8f980df-cfa8-4896-b146-06f42ac817ec Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ ------------ ------------ Le package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ff995f71-dce9-4a0e-baee-552c060abb7b} a été interrompu, car sa suspension a été trop longue. ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1654 Heure de début de l’application défaillante : 0x01d27043fa4bdf88 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : a319bc48-c935-4afc-bd99-1bc16e79ae2a Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x16b0 Heure de début de l’application défaillante : 0x01d2703f7597f965 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : e02dbfc4-2419-4110-b95c-f7a8352d928e Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x8a4 Heure de début de l’application défaillante : 0x01d2703f5b0652aa Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : e53b358c-1eb3-4b2e-b745-3673b76802c8 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0xd68 Heure de début de l’application défaillante : 0x01d270320167661c Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : e53b5d41-44ed-4c02-932c-4b347ddc88e7 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0xd68 Heure de début de l’application défaillante : 0x01d270320167661c Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 166ed0ec-6be5-4872-8a6a-e26f17b912d3 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0xd68 Heure de début de l’application défaillante : 0x01d270320167661c Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 2ceccbec-8f68-49d8-aa23-c996d2ef335e Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1c4c Heure de début de l’application défaillante : 0x01d27031c48dc8a0 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 3746f5ba-14b7-4c71-97a9-88d9f402af79 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1c4c Heure de début de l’application défaillante : 0x01d27031c48dc8a0 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : cda68236-a610-4718-a150-0c70e588ec87 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1c4c Heure de début de l’application défaillante : 0x01d27031c48dc8a0 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : df38e4a7-e282-434b-ad7f-07f85e58a6a4 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1c4c Heure de début de l’application défaillante : 0x01d27031c48dc8a0 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 62f10856-d70f-4c45-8be7-c04ec9be3f8e Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1f7c Heure de début de l’application défaillante : 0x01d2703156ff8926 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 03a0b451-d33e-4e99-a8d3-952dfd3f27ef Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1f7c Heure de début de l’application défaillante : 0x01d2703156ff8926 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 045145f6-31e1-4bf6-86e6-354086038f91 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante microsoftedgecp.exe, version : 11.0.14393.82, horodatage : 0x57a55786 Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000604 Décalage d’erreur : 0x0000000000000000 ID du processus défaillant : 0x1f7c Heure de début de l’application défaillante : 0x01d2703156ff8926 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe Chemin d’accès du module défaillant: unknown ID de rapport : 1ae700f4-0d48-4f0d-aa67-18f0914e2299 Nom complet du package défaillant : Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ ----------( EOF)---------- - 3286 | 17:12:32