--------------- QuickDiag | g3n-h@ckm@n | 2_29.06.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 29/06/2016 13:47:44 Updated 29/06/2016 | 12.50 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [sebastien (Administrator)] - [SEB] (S-1-5-21-3678820438-496632247-2968836803-1000) System: Microsoft Windows 10 Professionnel - - (10.0.10586) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: All Series - ASUS - IdNumber: System Serial Number - UUID: 23C29E80-D7DA-11DD-8552-2C56DC961656 Processor : X64 - 2898 Mhz - Intel(R) Core(TM) i5-4460S CPU @ 2.90GHz BIOS Date: 05/14/15 11:41:21 Ver: 05.05 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0505 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_10438657&REV_1000\4&3B13F9FA&0&0001 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&2112B50D&0&0001 ---------- | Video AMD Radeon HD 7800 Series - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64.dll,aticfx32,aticfx32,aticfx32,amdxc32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_679E&SUBSYS_E246174B&REV_00\4&3834D97&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648 Inegrated Video Chipset DeviceName: AMD Radeon HD 7800 Series - DriverVersion: 8.14.01.6512 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25344 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34632 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27136 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:37 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:62 % Total Overall CPU Usage value:22 % ---------- | Network Intel[R] Ethernet Connection [2] I218-V : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{24C2BDFC-F440-49AD-AD5F-669D933998AA} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:22 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Intel(R) Ethernet Connection (2) I218-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_15A1&SUBSYS_85C41043&REV_05\3&11583659&0&C8 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE ---------- | Memory RAM = Total (MB) : 8326 | Free (MB) : 5869 Pagefile = Total (MB) : 16715 | Free (MB) : 14180 Virtual = Total (MB) : 4194 | Free (MB) : 3954 Physical Memory 0 : Capacity: 4294967296 - DIMM_A1 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C10D3/4G - S/N: 6E3B986A Physical Memory 1 : Capacity: 4294967296 - DIMM_A2 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C10D3/4G - S/N: 7A39205D ---------- | SID Users Administrateur : [S-1-5-21-3678820438-496632247-2968836803-500] DefaultAccount : [S-1-5-21-3678820438-496632247-2968836803-503] Invité : [S-1-5-21-3678820438-496632247-2968836803-501] sebastien : [S-1-5-21-3678820438-496632247-2968836803-1000] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | Drives F:\ -> [Removable] | [USB DISK] | Total : 7.2 Go | Free : 5.4 Go -> FAT32 [USB] C:\ -> [Fixed] | [] | Total : 930.97 Go | Free : 382.82 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:] : Read:1,016,060 bytes/sec, Written:249,850 bytes/sec Max Read:1,016,060 bytes/sec, Max Write:249,850 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:1,016,060 bytes/sec, Write Maximum:249,850 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST1000DM003-1ER1\4&E937C7&0&000000 DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_&PROD_USB_DISK_2.0&REV_PMAP\2014062407105220000012F7&0 ---------- | Windows updates No detected update !!! Microsoft : + Windows Is Activated ---------- | Browsers IE : 11.0.10586.420 (© Microsoft Corporation. Tous droits réservés.) GC : 51.0.2704.103 (Copyright 2015 Google Inc.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" %1 ---------- | FlashPlayer FlashPlayer ActiveX : 22.0.0.192 FlashPlayer Plugin : 22.0.0.192 ---------- | Security AM : Malwarebytes' Anti-Malware ( 2.3.173.0) [Update : 26/06/2016 19:14:14] FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 336 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.10586.0) = C:\Windows\System32\smss.exe CPU Usage:0 % 596 | [Owner : | Parent : 456() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.10586.306) = C:\Windows\System32\wininit.exe CPU Usage:0 % 652 | [Owner : | Parent : 560() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.10586.306) = C:\Windows\System32\winlogon.exe CPU Usage:0 % 716 | [Owner : | Parent : 596(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.10586.71) = C:\Windows\System32\services.exe CPU Usage:0 % 728 | [Owner : | Parent : 596(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.10586.0) = C:\Windows\System32\lsass.exe CPU Usage:0 % 816 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 876 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 968 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 360 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 8 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 488 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 896 | [Owner : | Parent : 716(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (6.14.11.1226) = C:\Windows\System32\atiesrxx.exe CPU Usage:0 % 1160 | [Owner : | Parent : 896(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (6.14.11.1226) = C:\Windows\System32\atieclxx.exe CPU Usage:0 % 1256 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 1332 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 1560 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 1632 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe CPU Usage:0 % 1928 | [Owner : | Parent : 716(services.exe) | ?????] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe CPU Usage:0 % 1936 | [Owner : | Parent : 716(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe CPU Usage:0 % 1992 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 2000 | [Owner : | Parent : 716(services.exe) | ?????] - (.Ellora Assets Corp. - CaptureLibService.) - (1.0.0.0) = C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe CPU Usage:0 % 2032 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Message Queuing Service.) - (10.0.10586.0) = C:\Windows\System32\mqsvc.exe CPU Usage:0 % 2044 | [Owner : | Parent : 716(services.exe) | ?????] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (19.1.43.0) = C:\Windows\System32\IPROSetMonitor.exe CPU Usage:0 % 1324 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 1536 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 1548 | [Owner : | Parent : 716(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.18.4103) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe CPU Usage:0 % 1700 | [Owner : | Parent : 716(services.exe) | ?????] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.84) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe CPU Usage:0 % 2052 | [Owner : | Parent : 716(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe CPU Usage:0 % 2060 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MsMpEng.exe CPU Usage:25 % 2196 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 2216 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 2676 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.6.1038.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe CPU Usage:0 % 2472 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.6.1038.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe CPU Usage:0 % 3608 | [Owner : sebastien | Parent : 8(svchost.exe) | 20.47 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe CPU Usage:0 % 3788 | [Owner : sebastien | Parent : 816(svchost.exe) | 45.52 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe CPU Usage:0 % 4056 | [Owner : sebastien | Parent : 3952() | 123.5 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.420) = C:\Windows\explorer.exe CPU Usage:0 % 3644 | [Owner : sebastien | Parent : 816(svchost.exe) | 8.28 Mo] - (.-.) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe CPU Usage:0 % 4012 | [Owner : sebastien | Parent : 8(svchost.exe) | 18.5 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe CPU Usage:0 % 4276 | [Owner : sebastien | Parent : 816(svchost.exe) | 67.25 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.306) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe CPU Usage:0 % 4336 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe CPU Usage:0 % 4576 | [Owner : sebastien | Parent : 816(svchost.exe) | 131.4 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.420) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe CPU Usage:0 % 2620 | [Owner : sebastien | Parent : 4056(explorer.exe) | 11.84 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.402.1) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe CPU Usage:0 % 3868 | [Owner : | Parent : 360(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.10586.218) = C:\Windows\System32\audiodg.exe CPU Usage:0 % 2084 | [Owner : sebastien | Parent : 4056(explorer.exe) | 14.26 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1633) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe CPU Usage:0 % 3720 | [Owner : sebastien | Parent : 4056(explorer.exe) | 18.41 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6390.509) = C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\OneDrive.exe CPU Usage:2 % 5300 | [Owner : sebastien | Parent : 5144(MSASCui.exe) | 6.96 Mo] - (.Intel Corporation - iusb3mon.) - (2.5.0.19) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe CPU Usage:0 % 5396 | [Owner : sebastien | Parent : 5144(MSASCui.exe) | 36.05 Mo] - (.- ProductUpdater.) - (1.0.3.0) = C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe CPU Usage:0 % 5412 | [Owner : sebastien | Parent : 5144(MSASCui.exe) | 6.51 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.91.14) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe CPU Usage:0 % 5988 | [Owner : sebastien | Parent : 4056(explorer.exe) | 131.04 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:2 % 6028 | [Owner : sebastien | Parent : 5988(chrome.exe) | 5.85 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:0 % 5136 | [Owner : sebastien | Parent : 5988(chrome.exe) | 59.72 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:4 % 1060 | [Owner : sebastien | Parent : 5988(chrome.exe) | 43.25 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:0 % 4836 | [Owner : sebastien | Parent : 5988(chrome.exe) | 138.74 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:0 % 5320 | [Owner : sebastien | Parent : 716(services.exe) | 12.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 5632 | [Owner : | Parent : 716(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (10.0.0.1180) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe CPU Usage:0 % 3924 | [Owner : | Parent : 716(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (10.0.0.1180) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe CPU Usage:0 % 3548 | [Owner : sebastien | Parent : 816(svchost.exe) | 76.16 Mo] - (.Microsoft Corporation - Lecteur Windows Media.) - (12.0.10586.0) = C:\Program Files (x86)\Windows Media Player\wmplayer.exe CPU Usage:2 % 5928 | [Owner : sebastien | Parent : 5988(chrome.exe) | 281.8 Mo] - (.Google Inc. - Google Chrome.) - (51.0.2704.103) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe CPU Usage:17 % 5932 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 6488 | [Owner : sebastien | Parent : 5560() | 8.38 Mo] - (.Apple Inc. - Apple Software Update.) - (2.2.0.150) = C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe CPU Usage:0 % 7156 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe CPU Usage:0 % 6236 | [Owner : | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.10586.0) = C:\Windows\System32\msiexec.exe CPU Usage:0 % 5944 | [Owner : sebastien | Parent : 4716() | 34.95 Mo] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.10586.0) = C:\Windows\System32\Taskmgr.exe CPU Usage:0 % 6812 | [Owner : | Parent : 4336(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.0) = C:\Windows\System32\SearchProtocolHost.exe CPU Usage:0 % 7024 | [Owner : | Parent : 716(services.exe) | ?????] - (.Apple Inc. - iPodService Module (64-bit).) - (12.4.1.6) = C:\Program Files\iPod\bin\iPodService.exe CPU Usage:0 % 1736 | [Owner : sebastien | Parent : 6236(msiexec.exe) | 15.38 Mo] - (.Apple Inc. - iTunesHelper.) - (12.4.1.6) = C:\Program Files\iTunes\iTunesHelper.exe CPU Usage:0 % 5144 | [Owner : sebastien | Parent : 4056(explorer.exe) | 23.94 Mo] - (.Microsoft Corporation - Windows Defender User Interface.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MSASCui.exe CPU Usage:0 % 1584 | [Owner : sebastien | Parent : 816(svchost.exe) | 22.56 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe CPU Usage:0 % 6260 | [Owner : sebastien | Parent : 816(svchost.exe) | 53.58 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.10586.11) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe CPU Usage:0 % 5584 | [Owner : Système | Parent : 4336(SearchIndexer.exe) | 5.6 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.0) = C:\Windows\System32\SearchFilterHost.exe CPU Usage:0 % 1896 | [Owner : sebastien | Parent : 4056(explorer.exe) | 27.49 Mo] - (.SosVirus - QuickDiag.) - (29.6.2016.1) = C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe CPU Usage:0 % ---------- | MD5 [MD5.E15BEB03592BA12C5C99E2BA46146BDD] - [16/06/2016 00:04:22] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4409.44 Ko] - (10.0.10586.420) : C:\WINDOWS\Explorer.exe [MD5.41E25E514D90E9C8BC570484DBAFF62B] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [228.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\cmd.exe [MD5.3E7CCD0F507877C50078205667CE8133] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.72 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\csrss.exe [MD5.9513834DAC717444F04169EA5D120885] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - COM Surrogate.) - [18.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\dllhost.exe [MD5.1C9C6933A94C594DE7366124B4DD6075] - [30/10/2015 09:17:46] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [689.05 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.889459F1FDDC5EC58B437AA6C436F33F] - [30/10/2015 09:18:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.55 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\lsass.exe [MD5.B339861C6A2A86FBCA67C2006B461473] - [30/10/2015 09:17:51] - (.© Microsoft Corporation. - Distributed COM Services.) - [883.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rpcss.dll [MD5.0DCB89B1F3689BC6262FF30BBD603171] - [30/10/2015 09:18:14] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [58 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\rundll32.exe [MD5.6FF8248F3A9D69A095C7F3F42BC29CB2] - [13/02/2016 14:52:08] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [429.84 Ko] - (10.0.10586.71) : C:\WINDOWS\System32\services.exe [MD5.8497852ED44AFF902D502015792D315D] - [30/10/2015 09:17:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [42.91 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\svchost.exe [MD5.F5F7CE3E32536F1A37FB3972F27A814F] - [11/05/2016 00:16:07] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1366.43 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\user32.dll [MD5.8F3ECCB5DC878FA14887B43CD148CBA9] - [30/10/2015 09:17:53] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\userinit.exe [MD5.C1C81AAF533552B3C4D9F11A5FF97700] - [11/05/2016 00:15:28] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [284.53 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Wininit.exe [MD5.5C156EC4E44E30331BCC865A3B61D839] - [11/05/2016 00:16:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [572 Ko] - (10.0.10586.306) : C:\WINDOWS\System32\Winlogon.exe [MD5.70148EFA9A562E7185B75BBE7D376BF7] - [13/02/2016 14:52:13] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [565.34 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.492B99D2E3D5D7BFD5F0AE1BE7BD37DD] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.B6664965BF346322BBDF286174851476] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [188.34 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.7F9C7226D743B232907ED2537B8A574F] - [30/10/2015 09:18:09] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.82D97776BF982AA143BDC7DFB5054EA8] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.935823F79CBEDB91637B63D37E3A5A36] - [13/04/2016 15:26:48] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.84BC034B6BB763733C1949B7B9BAF976] - [30/10/2015 09:17:18] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [78 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.53FDD9E69189E546DE4740F8C4D8AB2F] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.9E5E8F2A1996F23B7E9687846AA81B01] - [30/10/2015 09:17:43] - (.© Microsoft Corporation. - IP Network Address Translator.) - [140 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.0B3B0C1D86050355676640488FA897D3] - [25/03/2016 19:37:18] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [420.84 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.E582DA849A58524E645545FB68B6625D] - [13/04/2016 15:26:51] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1125.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.C03E926B0E7D66D68994067231DC3246] - [16/06/2016 00:04:11] - (.© Microsoft Corporation. - MBT Transport driver.) - [272 Ko] - (10.0.10586.420) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.19BD8A88AAC580592668B070AC0727D9] - [13/04/2016 15:27:45] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2101.84 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.7D0FC96264C0F8F2C1321E33E8EB646C] - [30/10/2015 09:17:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [94.5 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.E3C82823B22463BC38AA4F8ADA852624] - [25/03/2016 19:37:18] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.10586.122) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.1DC2CC74B51E4DC4CD5A20C1021E4010] - [30/10/2015 09:19:42] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [169 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.083A727D784009F9CCFB120C7841B7AF] - [13/04/2016 15:26:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2347.34 Ko] - (10.0.10586.212) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.91D3F2A6253EF83EFBD7903028F58C4D] - [13/02/2016 14:52:13] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.10586.3) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.E1F91A727A04C9F8199D04FF3BBBF63C] - [30/10/2015 09:17:22] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [404.84 Ko] - (10.0.10586.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\CoreUIComponents.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (8.17.10.1460) -- C:\WINDOWS\SYSTEM32\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (8.14.1.6512) -- C:\WINDOWS\SYSTEM32\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (8.17.10.671) -- C:\WINDOWS\SYSTEM32\atidxx64.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll (..-..) - (1.2.502.0) -- C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll (.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll (..-..) - (4.11.0.0) -- C:\Program Files\WinRAR\rarext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll (.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.383) -- C:\WINDOWS\system32\RltkAPO64.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\...\Run]) - User: SEB\sebastien RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\...\Run]) - User: Public StartCN - ("C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon [HKLM\...\Run]) - User: Public iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-18\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Uninstall C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" "Uninstall C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" "Uninstall C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"=C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 "CCleaner Monitoring"=0x020000000000000000000000 [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"=C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "StartCN"="C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "RTHDVCPL"=0x060000000000000000000000 "iTunesHelper"=0x020000000000000000000000 "StartCN"=0x020000000000000000000000 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" "ProductUpdater"=C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [25/03/2016 20:13:07] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RDPVGCInstalled"=1 "InstanceID"=570eaef2-51bf-4d33-933e-7ce8213 "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\Config.Msi\91916.rbf \??\C:\Config.Msi\9191c.rbf \??\C:\Config.Msi\9191f.rbf \??\C:\Config.Msi\91925.rbf [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=6 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Authentication Packages"=msv1_0 "SecureBoot"=1 "ProductType"=6 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 "fullprivilegeauditing"=0x00 "LsaPid"=728 "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u ---------- | .LNK C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk (shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk (shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk (shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk (shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk (/0) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk (::{7007ACC7-3202-11D1-AAD2-00805FC1270E}) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk (/name Microsoft.DeviceManager) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk (/name Microsoft.System) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk (/name Microsoft.PowerOptions) C:\Users\Administrateur\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk (/name Microsoft.ProgramsAndFeatures) C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk (/SendTo) C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk (page=SettingsPagePCSystemDevices) C:\Users\sebastien\AppData\Local\Ankama\Dofus\Uninstall Dofus.lnk ("--uninstall-or-repair") C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk (shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk (shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk (shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk (shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk (/0) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk (::{7007ACC7-3202-11D1-AAD2-00805FC1270E}) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk (/name Microsoft.DeviceManager) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk (/name Microsoft.System) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk (/name Microsoft.PowerOptions) C:\Users\sebastien\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk (/name Microsoft.ProgramsAndFeatures) C:\Users\sebastien\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk (/prefetch:1) C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk (page=SettingsPagePCSystemDevices) C:\Users\sebastien\Desktop\Tomb Raiders\Beyond the Scion\tomb4 - Raccourci.lnk (-setup) C:\Users\sebastien\Desktop\Tomb Raiders\KingArthurProject\setup.lnk (-setup) C:\Users\sebastien\Desktop\Tomb Raiders\Tomb Raider Anniversary II\Setup.lnk (-setup) C:\Users\sebastien\Desktop\Tomb Raiders\Various Kings\setup.lnk (-setup) C:\Users\sebastien\Documents\Autres\HP Support Assistant.lnk (/p 2) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk (-sta {C90FB8CA-3295-4462-A721-2935E83694BA}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk (/open) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\A propos de Java.lnk (-tab about) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Rechercher les mises à jour.lnk (-tab update) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk ("C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk ("C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk ("C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk ("C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk (editLocalSettingsDontWait) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager\Nexus Mod Manager (Trace Mode).lnk (-trace) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk (/name Microsoft.DefaultPrograms) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk (/7) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk (-Iskins) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-18\Control Panel\Desktop] "DragFullWindows"=1 "FontSmoothing"=2 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "UserPreferencesMask"=0x9E3E038012000000 "LockScreenAutoLockActive"=0 [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer] "TelemetrySalt"=3 "ShellState"=0x240000003028000000000000000000000000000001000000130000000000000062000000 "SlowContextMenuEntries"=0x5D54A9A2C2A0B4429708A0B2BADD77C8390100004E3AAA90BA1C3342B8BB535773D484491901000060B81DB4E464D2119906E49FADC173CAB50100006078A409B011A54DAFA526D86198A7800A010000BD0E0C47735D584D9CEDE91E22E2328268010000 [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "EnableStartMenu"=0 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "DragFullWindows"=0 "UserPreferencesMask"=0x9012038010000000 "Wallpaper"=C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper [25/03/2016 20:00:23] "Win8DpiScaling"=0 "DpiScalingVer"=4096 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=0 "TranscodedImageCache"=0x7AC301001DDB2300900600001A04000000DBC10B8829D10143003A005C00550073006500720073005C00730065006200610073007400690065006E005C0044006F0077006E006C006F006100640073005C0046006F006E0064007300200044002700E9006300720061006E005C00350037003700390034002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=fr-FR "TranscodedImageCache_000"=0x7AC301001DDB2300900600001A04000000DBC10B8829D10143003A005C00550073006500720073005C00730065006200610073007400690065006E005C0044006F0077006E006C006F006100640073005C0046006F006E0064007300200044002700E9006300720061006E005C00350037003700390034002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C00410059002300500048004C004300300043003500230035002600620034003700620065006200620026003000260055004900440032003600350023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{59031A47-3F72-44A7-89C5-5595FE6B30EE}"=1 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003828000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DCD6000003CA4E2FFB956F54B9A79CC6D4285608AD27400006078A409B011A54DAFA526D86198A780F371000062B06A59D2B415429F74E9109B0A8153C43000000114020000000000C00000000000004690720000 "TelemetrySalt"=5 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "LastClockSize"=0x270000000F000000460000000F000000410000000F000000 "GlobalAssocChangedCounter"=116 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "link"=0x1A000000 "Reason Setting"=255 "Browse For Folder Width"=347 "Browse For Folder Height"=346 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=0 "ListviewShadow"=1 "TaskbarAnimations"=0 "StartMenuInit"=11 "Start_ShowMyGames"=0 ""=0 "ShowSuperHidden"=0 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "ReindexedProfile"=1 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=1 "TaskbarSmallIcons"=0 "TaskbarGlomLevel"=2 "DontUsePowerShellOnWinX"=1 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x03000000020000000100000000000000FFFFFFFF "0"=0x4200720075006E006F000000 "1"=0x560061006D006F0073000000 "2"=0x7A00680070000000 "3"=0x4D006100640065006F006E000000 [HKU\S-1-5-20\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 [HKU\S-1-5-19\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=9 "SmartScreenEnabled"=RequireAdmin [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=16 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=10586 "FirstLogon"=0 "PUUActive"=0x80F63196040001000F001F00FAC50000BCF700000EE10700D00000003F0047003943027E06900800B81E02009C760000AF6D0000C92300000000000006720100B60600008B0000006A1B597C8FD1D101 "ParseAutoexec"=1 [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "ShutdownStartTime"=131116278373135590 "UserSessionShutdownStopTime"=131114367175535358 "ShutdownFlags"=7 "ShutdownWithoutLogon"=0 "DisableCad"=1 "EnableFirstLogonAnimation"=1 "AutoAdminLogon"=1 "DefaultUserName"=sebastien "DefaultDomainName"=SEBASTIEN-PC [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/06/2016 00:04:04] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/06/2016 00:04:04] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Windows\Temp\{3B074ED0-93E3-40FE-AAA5-EBA971AB5B95}\InstallFlashPlayer.exe"=0x5341435001000000000000000700000028000000C00C2900B95B290001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000001F850000000000000100000001000000 "C:\Windows\Temp\{A2F22668-EFB3-40CC-BC50-4797F0F00804}\InstallFlashPlayer.exe"=0x5341435001000000000000000700000028000000C0B82900CECF290001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000023290000000000000100000001000000 "C:\Windows\Temp\{41D4C143-0117-4204-9064-EFE813CDBA8F}\InstallFlashPlayer.exe"=0x5341435001000000000000000700000028000000C0EC460016A5470001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009A370000000000000100000001000000 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "E:\WinRAR.4.11.Final.FRENCH.AiO.Corporate.Edition WinALL-DTC\winrar-x64-411fr.exe"=1 "C:\Users\sebastien\Downloads\Intel\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\ASM_USB3_Win7-8-8-1_V116130\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\Intel_USB3_Win7_VER25019\Intel\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\MEI-Win7-8-8-1_VER10001204\Install\SetupME.exe"=1 "C:\Users\sebastien\Downloads\Realtek_Audio_Win7-8-8-1_V6017293\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\RAID_AHCI_Win7_8_8-1_VER12801016\Install\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\Realtek_Audio_Win7-8-8-1_V6017293\Driver\Setup.exe"=1 "C:\Users\sebastien\Desktop\ChromeSetup.exe"=1 "C:\AMD\Radeon-Crimson-15.12-With-DOTNet45-Win7-64Bit\Packages\Apps\DotNet45\dotnet45\dotnetfx45_Full_x86_x64.exe"=1 "C:\AMD\Radeon-Crimson-15.12-With-DOTNet45-Win7-64Bit\Packages\Apps\VC12RTx86\vcredist_x86\vcredist_x86.exe"=1 "C:\AMD\Radeon-Crimson-15.12-With-DOTNet45-Win7-64Bit\Packages\Apps\VC12RTx64\vcredist_x64\vcredist_x64.exe"=1 "C:\AMD\Radeon-Crimson-15.12-With-DOTNet45-Win7-64Bit\Packages\Apps\VC13RTx64\vcredist_x64\vcredist_x64.exe"=1 "C:\AMD\Radeon-Crimson-15.12-With-DOTNet45-Win7-64Bit\Packages\Apps\Raptr\RaptrInstaller\amd_ge_installer.exe"=1 "C:\Users\sebastien\Downloads\APRP_Win7-8-8-1_V10026\AsusSetup.exe"=1 "C:\Users\sebastien\Downloads\ROGCPUZ_Win7-8-8-1_VER169\AsusSetup.exe"=1 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\AppData\Local\Temp\7zS9FFE.tmp\setup-stub.exe"=0x5341435001000000000000000700000028000000188E0F009E980F000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000039F30000000000000100000001000000 "C:\Users\sebastien\Downloads\FreemakeVideoDownloaderSetup.exe"=0x5341435001000000000000000700000028000000F0841400007D15000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DE955400000000000100000001000000 "C:\Users\sebastien\Downloads\dofus.exe"=0x534143500100000000000000070000002800000060866200295563000100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F8681B00000000000100000001000000 "C:\Users\sebastien\Downloads\iTunes6464Setup.exe"=0x534143500100000000000000070000002800000048A11D0AE98F1E0A0100000000000000000001060001000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F85F0200000000000100000001000000 "C:\Users\sebastien\AppData\Local\Temp\IXP456.TMP\SetupAdmin.exe"=0x534143500100000000000000070000002800000048470100437F01000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000060AE0000000000000100000001000000 "C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F2E00DE7A2F0001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000039EA1601000000001300000013000000 "C:\Users\sebastien\Downloads\TeamSpeak3-Client-win64-3.0.18.2.exe"=0x5341435001000000000000000700000028000000C04AD9016F18DA010100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000004AAA0000000000000100000001000000 "C:\Users\sebastien\Downloads\RomStation_Setup_fr.exe"=0x53414350010000000000000007000000280000004F5C090A0000000001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005AE50100000000000100000001000000 "C:\RomStation\unins000.exe"=0x534143500100000000000000070000002800000021C00B000000000003000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A3330000000000000100000001000000 "C:\Users\sebastien\Downloads\MinecraftInstaller.msi"=0x534143500100000000000000070000002800000000E400006BAB01000100000000000000000001050010000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000009240200000000000100000001000000 "C:\Users\sebastien\Downloads\CubeSetup3.exe"=0x5341435001000000000000000700000028000000DAB91800000000000100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E62D0000000000000100000001000000 "C:\Users\sebastien\Downloads\vlc-2.2.2-win32.exe"=0x5341435001000000000000000700000028000000488FD101E674D2010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000EB010200000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C017020010E0020001000000000000000000000A6122000019B4C529E312D10100000000000000000200000028000000000000000000001000000000000000000000000000000000C5250400000000000300000003000000 "C:\Users\sebastien\Downloads\InputMapper 1.5.31.0.exe"=0x5341435001000000000000000700000028000000C8986600B6C615000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000346A0000000000000100000001000000 "C:\Users\sebastien\Downloads\XSplit_Broadcaster_2.7.1602.2231.exe"=0x5341435001000000000000000700000028000000086F6605E828670501000000000000000000000A0021000019B4C529E312D101000000000000000002000000500000000000000000000040000000000000000000000000000000007A5403000000000001000000010000000000000000000000000000000000000000000000000000007D000000000000000100000000000000 "C:\Program Files (x86)\DSDCS\InputMapper\InputMapper.exe"=0x5341435001000000000000000700000028000000009029000000000001000000000000000000000AF522000019B4C529E312D101000000000000000002000000280000000000000000000000100000000000000000000000000000004C902101000000001A0000001A000000 "C:\Users\sebastien\AppData\Local\Ankama\Dofus\Dofus.exe"=0x534143500100000000000000070000002800000060866200295563000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000058A46400000000001300000013000000 "C:\Users\sebastien\Downloads\Nexus Mod Manager-0.61.15.exe"=0x534143500100000000000000070000002800000080F76000123E610001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002C3A0300000000000100000001000000 "C:\Program Files\Nexus Mod Manager\NexusClient.exe"=0x5341435001000000000000000700000028000000C0992E00D4832F0001000000000000000000000AF522000059193B14E312D10100000000000000000200000050000000000000000000000000000000000000000000000000000000CEA903000000000002000000010000000000000000000040000000000000000000000000000000006D3D0C00000000000100000000000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200DEDE020001000000010000000000000A7122000019B4C529E312D1010000000000000000 "C:\Users\sebastien\Downloads\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000C83E48000000000001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000080000000000000000000000000000000000000005E8DBB00000000000300000003000000 "C:\Users\sebastien\Downloads\jre-8u77-windows-x64.exe"=0x534143500100000000000000070000002800000040D26E0399FA6E0301000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000067D40000000000000100000001000000 "C:\Program Files\Java\jre1.8.0_77\bin\javaw.exe"=0x534143500100000000000000070000002800000040280300D787030001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009D000000000000000100000001000000 "C:\Users\sebastien\Desktop\TechnicLauncher.exe"=0x5341435001000000000000000700000028000000C83E48000000000001000000000000000000000A7120000019B4C529E312D1010000000000000000020000002800000000000000800000000000000000000000000000000000000090583201000000000D0000000D000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000009A1200000000000100000000000000000001060021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000079ADB100000000002200000022000000 "C:\Users\sebastien\AppData\Local\TeamSpeak 3 Client\ts3client_win64.exe"=0x5341435001000000000000000700000028000000E827B0007AC4B00001000000000000000000000A7322000059193B14E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000002F989600000000000900000009000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000B8AE2000DD1821000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D43D0000000000000100000001000000 "C:\Users\sebastien\Downloads\flashplayer21_xa_install.exe"=0x5341435001000000000000000700000028000000D0321200831E13000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C79D0000000000000100000001000000 "C:\AMD\Packages\Apps\Radeon-Crimson-16.3.2-vc1332\vcredist_x86\vcredist_x86.exe"=0x5341435001000000000000000700000028000000303E6300BEF963000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C3110000000000000100000001000000 "C:\AMD\Packages\Apps\Radeon-Crimson-16.3.2-vulkanrt-64bit\VulkanRT\VulkanRT.exe"=0x5341435001000000000000000700000028000000E8AAD5008288D6000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005B180000000000000100000001000000 "C:\AMD\Packages\Apps\Radeon-Crimson-16.3.2-raptr\RaptrInstaller\amd_ge_installer.exe"=0x5341435001000000000000000700000028000000C8600300F90904000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008D910100000000000100000001000000 "C:\Program Files (x86)\VulkanRT\1.0.3.1\UninstallVulkanRT.exe"=0x5341435001000000000000000700000028000000FDF703008288D6000300000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D09E0000000000000100000001000000 "C:\Users\sebastien\Downloads\RemotePlayInstaller.exe"=0x5341435001000000000000000700000028000000385B0D01A90C0E0101000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000ABF50000000000000100000001000000 "C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe"=0x534143500100000000000000070000002800000080253800C2FE380001000000000000000000000AF122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E60D4600000000000500000005000000 "C:\Users\sebastien\Downloads\Detection.exe"=0x5341435001000000000000000700000028000000E02C3B0083A83B0001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000224B0000000000000100000001000000 "C:\Users\sebastien\Desktop\Emulation\PS1\Psx\psxfin.exe"=0x534143500100000000000000070000002800000000301D0018EC1D000100000000000000000000067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A8D50800000000000200000002000000 "C:\Users\sebastien\Downloads\vc_redist.x86.exe"=0x53414350010000000000000007000000280000006014D2004B2FD20001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000027A0000000000000100000001000000 "C:\Users\sebastien\Desktop\TubeTycoon.exe"=0x534143500100000000000000070000002800000000B009000000000001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000480E0000000000000200000002000000 "C:\Users\sebastien\Desktop\Tube Tycoon\TubeTycoon.exe"=0x534143500100000000000000070000002800000000B009000000000001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007268EC00000000000100000001000000 "C:\Users\sebastien\Desktop\Emulation\PSP\PPSSPPWindows64.exe"=0x53414350010000000000000007000000280000000074B5000000000001000000000000000000000A7322000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003DB74B00000000000700000007000000 "C:\Users\sebastien\Desktop\Emulation\PSP\PPSSPPWindows.exe"=0x5341435001000000000000000700000028000000000695000000000001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000572E4B00000000000100000001000000 "C:\Users\sebastien\Desktop\Brutal Doom\Brutal Doom - Hell on Earth Starter Pack\gzdoom - PLAY BRUTAL DOOM.exe"=0x534143500100000000000000070000002800000000643F0067A73F0001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000047789F00000000001B0000001B000000 "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\Desktop\gzdoom.exe"=0x534143500100000000000000070000002800000000F23D003B083E000100000000000000000003067100000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000090FC0000000000000100000001000000 "C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe"=0x534143500100000000000000070000002800000080E01F00D368200001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000001459E800000000000900000009000000 "C:\Users\sebastien\Downloads\Tomb3.exe"=0x53414350010000000000000007000000280000009B660700000000000100000000000000000001057100000019B4C529E312D10100000080000000000200000028000000000000008000000000000000000000000000000000000000B4380000000000000200000002000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8FB050036C5060001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\Desktop\PRO64_94_3.exe"=0x534143500100000000000000070000002800000000163A010000000001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000005A0D000000000001500000015000000 "C:\Users\sebastien\Downloads\Battle.net-Setup.exe"=0x5341435001000000000000000700000028000000F0F52D0091952E0001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000EF376800000000000100000001000000 "C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe"=0x534143500100000000000000070000002800000030602D00CBBA2D000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000CC050000000000000100000001000000 "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe"=0x5341435001000000000000000700000028000000E8E12D00A7282E000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000008000000000100000000000000000000000000000F80B2700000000000300000003000000 "C:\Users\sebastien\AppData\Local\Temp\jre-8u91-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B0014980B0001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000075A30300000000000100000001000000 "C:\Users\sebastien\Downloads\InsurgenceLauncher.exe"=0x5341435001000000000000000700000028000000008E18000000000001000000000000000000000AF522000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000059031E00000000000100000001000000 "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe"=0x53414350010000000000000007000000280000001017010081B9010001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000000000000000000000000000000000000000011B0F00000000000100000001000000 "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe"=0x534143500100000000000000070000002800000010E50000A881010001000000000000000000000A0021000019B4C529E312D1010000000000000000 "C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe"=0x5341435001000000000000000700000028000000100301004C4C010001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000062770000000000000100000001000000 "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe"=0x5341435001000000000000000700000028000000101F0100BF4B010001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000BF290000000000000100000001000000 "C:\Program Files (x86)\Raptr Inc\Raptr\uninstall.exe"=0x5341435001000000000000000700000028000000B2EF000023FD89030300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000152E0000000000000100000001000000 "C:\Program Files (x86)\Raptr Inc\PlaysTV\uninstall.exe"=0x53414350010000000000000007000000280000008AF90000F9B687030300000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005A610000000000000100000001000000 "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe"=0x5341435001000000000000000700000028000000E8AB1500258016000300000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000800000000000000000000000000000000000046CF0000000000000200000002000000 "C:\Program Files (x86)\VulkanRT\1.0.11.0\UninstallVulkanRT.exe"=0x5341435001000000000000000700000028000000E81A05004461050003000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004E2E0100000000000100000001000000 "C:\Users\sebastien\Downloads\PokemonGemmeversion3.9.7.exe"=0x5341435001000000000000000700000028000000C8A99B04000000000100000000000000000000067102000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006CD50100000000000100000001000000 "C:\Users\sebastien\Desktop\Pokémon Gemme\PokémonGemme.exe"=0x534143500100000000000000070000002800000000600100000000000100000000000000000003067102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EB6E3700000000000100000001000000 "C:\Users\sebastien\Downloads\ccsetup517.exe"=0x534143500100000000000000070000002800000090036900A6EC69000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000048C000000000000100000001000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000541400AEF1140001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe"=0x5341435001000000000000000700000028000000B88E1A02311F1B0201000000000000000000000A8021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000021362800000000000100000001000000 "C:\Users\sebastien\Desktop\Brutal Doom\The Ultimate Brutal Doom\gzdoom.exe"=0x5341435001000000000000000700000028000000008650007D2C510001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BB7E7200000000002100000021000000 "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\sebastien\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D1010000008100000000 "C:\Users\sebastien\AppData\Local\Temp\GUM82FE.tmp\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D10100000080000000000200000028000000000000000000004000000000000000000000000000000000B5FD0400000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000050960D0052350E000300000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000C320000000000000100000001000000 "C:\Users\sebastien\AppData\Local\Temp\7zSE75E.tmp\setup.exe"=0x5341435001000000000000000700000028000000E0FF090051B60A000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000007FB60000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8190600BB43060001000000000000000000000A0021000059193B14E312D1010000000100000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000F04400851F450001000000010000000000000A7322000059193B14E312D1010000000000000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8BA8400EEE2840001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000 "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe"=0x5341435001000000000000000700000028000000C81E9E00405B9E0001000000000000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files\AMD\CNext\CNext\cncmd.exe"=0x5341435001000000000000000700000028000000C8A00000AEBB000001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000100000001000000 "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe"=0x534143500100000000000000070000002800000000C3640047C8640001000000000000000000000A0021000059193B14E312D1010000000000000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000982011001439110001000000000000000000000A0021000059193B14E312D1010000000100000000 "C:\Program Files (x86)\STEAM\Steam\Steam.exe"=0x534143500100000000000000070000002800000050842C00D4532D0001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000001CEE900000000000E0000000E000000 "C:\Program Files\CCleaner\uninst.exe"=0x534143500100000000000000070000002800000030850200EAF002000300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000EE360000000000000100000001000000 "C:\Users\sebastien\Downloads\mbam-setup-2.2.1.1043.exe"=0x534143500100000000000000070000002800000090AF5C017A9F5D0101000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D5871C00000000000100000001000000 "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000E0759700E487970001000000000000000000000A7122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C0070000000000000100000001000000 "C:\Users\sebastien\Downloads\adwcleaner_5.200.exe"=0x5341435001000000000000000700000028000000408238008484380001000000000000000000000A0021000019B4C529E312D1010000000000000000 "C:\Users\sebastien\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000000D42100FB0022000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000122B0100000000000100000001000000 "C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe"=0x5341435001000000000000000700000028000000108A2000C3EE200001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000F1A0000000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-20\SOFTWARE\Microsoft\Windows Defender] "CachedProxyAccessType "=1 "CachedProxy"= "CachedProxyBypass"= "LastKnownGoodProxy"=1 "DssCounter "=4 [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=130998431214284010 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x9CDD967EBF86D101 "OOBEInstallTime"=0xCE0A4C09C086D101 "OneTimeSqmDataSent"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | @ [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings] "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "IE5_UA_Backup_Flag"=5.0 "ZonesSecurityUpgrade"=0xDDA650626066D101 "EnableNegotiate"=1 "ProxyEnable"=0 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Cache_Update_Frequency"=Once_Per_Session "Local Page"=C:\Windows\system32\blank.htm "NoUpdateCheck"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000002003000030020000 "Start Page Redirect Cache_TIMESTAMP"=0x2D2F6D79E584D101 "Start Page Redirect Cache AcceptLangs"=fr "IE8RunOnceLastShown"=1 "IE8RunOnceLastShown_TIMESTAMP"=0xA1F31A7AE584D101 "IE8TourShown"=1 "IE8TourShownTime"=0x2BA79D7CE584D101 "OperationalData"=13 "ImageStoreRandomFolder"=gvbjm8x "DoNotTrack"=1 "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0x7B7B98463CC9D101 "IE10TourShown"=1 "IE10TourShownTime"=0x7B7B98463CC9D101 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160527-1834 "Start Page_TIMESTAMP"=0xA41FE06D57D0D101 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=0 "SecureProtocols"=2688 "CertificateRevocation"=1 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "ZonesSecurityUpgrade"=0x040C7CCCBA86D101 "WarnonZoneCrossing"=0 "ProxyOverride"=*.local [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "CertificateRevocation"=1 [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/5.0 (compatible; MSIE 9.0; Win32) "CertificateRevocation"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=21 [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "DownloadRetries"=0 "DefaultPackCorrection"=1 "DefaultPackNTCorrection"=1 "KnownProvidersUpgradeTime"=0x7B7B98463CC9D101 "Version"=5 "UpgradeTime"=0x7B7B98463CC9D101 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> () : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> () : ---------- | Chrome C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\akjbfncbadcmnkopckegnmjgihagponf = : __MSG_extDescription__ - HD for YouTube™ - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\sebastien\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 22.0.0.192 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 22.0.0.192 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=] - (Module iTunes Detector) : [HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] - () : C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll C:\Users\sebastien\AppData\Roaming\Mozilla\Firefox\Profiles\258pw0oi.default-1467114774297\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20160502172042"); user_pref("browser.startup.homepage_override.mstone", "46.0.1"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.bootstrappedAddons", "{\"e10srollout@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"loop@mozilla.org\":{\"version\":\"1.2.6\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true}}"); user_pref("extensions.databaseSchema", 17); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:46.0.1"); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.lastAppVersion", "46.0.1"); user_pref("extensions.lastPlatformVersion", "46.0.1"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.xpiState", "{\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1462255898521},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1462255898570},\"loop@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\loop@mozilla.org.xpi\",\"e\":true,\"v\":\"1.2.6\",\"st\":1462255898725}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"46.0.1\",\"st\":1462255898519}}}"); ---------- | Active Connections TCP 127.0.0.1:5354 Seb:49669 ESTABLISHED 1928 TCP 127.0.0.1:5354 Seb:49670 ESTABLISHED 1928 TCP 127.0.0.1:27015 Seb:50768 ESTABLISHED 1700 TCP 127.0.0.1:49669 Seb:5354 ESTABLISHED 1700 TCP 127.0.0.1:49670 Seb:5354 ESTABLISHED 1700 TCP 127.0.0.1:50768 Seb:27015 ESTABLISHED 1736 TCP 192.168.0.49:49704 msnbot-191-232-139-132.search.msn.com:https ESTABLISHED 4056 TCP 192.168.0.49:49845 104.244.42.136:https ESTABLISHED 5988 TCP 192.168.0.49:50817 wa-in-f91.1e100.net:https TIME_WAIT 0 TCP 192.168.0.49:51675 191.237.208.126:https TIME_WAIT 0 TCP 192.168.0.49:51677 wa-in-f128.1e100.net:http ESTABLISHED 5988 TCP 192.168.0.49:51678 par10s10-in-f14.1e100.net:https ESTABLISHED 5988 TCP 192.168.0.49:51685 par10s10-in-f14.1e100.net:https ESTABLISHED 5988 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{24c2bdfc-f440-49ad-ad5f-669d933998aa}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{24c2bdfc-f440-49ad-ad5f-669d933998aa}] "DhcpNameServer"=192.168.0.254 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\mpc-hc64.exe] : "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\mpc-hc64.exe] : "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-18\Software\Apple Inc.] [HKU\S-1-5-18\Software\ATI] [HKU\S-1-5-18\Software\Microsoft] [HKU\S-1-5-18\Software\Netscape] [HKU\S-1-5-18\Software\Policies] [HKU\S-1-5-18\Software\RegisteredApplications] [HKU\S-1-5-18\Software\WinRAR] [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-18\Software\Microsoft\Windows\DWM] [HKU\S-1-5-18\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000_Classes\Software\Microsoft] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000_Classes\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Adobe] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\AI_RecycleBin] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\AMD] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Ankama] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\AppDataLow] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Apple Computer, Inc.] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Apple Inc.] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\ATI] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Blizzard Entertainment] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Caphyon] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Clients] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Core Design] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Enterbrain] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Freemake] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Google] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Icaros] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\JavaSoft] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Macromedia] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\madshi] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\MediaInfo] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Mojang] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Mozilla] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\MozillaPlugins] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\MPC-HC] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Netscape] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Policies] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\PROTeam] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\QtProject] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Raptr] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Realtek] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\RegisteredApplications] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Sony Corporation] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\SplitmediaLabs] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\sysinternals] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\TeamSpeak 3 Client] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Trolltech] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Valve] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\WinRAR] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\WinRAR SFX] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Wow6432Node] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\AppDataLow\Software\JavaSoft] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-20\Software\Microsoft] [HKU\S-1-5-20\Software\Policies] [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-20\Software\Microsoft\Windows\DWM] [HKU\S-1-5-20\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-20\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion] [HKU\S-1-5-19\Software\Microsoft] [HKU\S-1-5-19\Software\Policies] [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-19\Software\Microsoft\Windows\DWM] [HKU\S-1-5-19\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-19\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\Caphyon] [HKLM\Software\CBSTEST] [HKLM\Software\Clients] [HKLM\Software\CPUID] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Icaros] [HKLM\Software\Intel] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\SonicFocus] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wswpnservice] [HKLM\Software\WOW6432Node\activision] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AMD] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\bethesda softworks] [HKLM\Software\WOW6432Node\Blizzard Entertainment] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\core design] [HKLM\Software\WOW6432Node\DSDCS] [HKLM\Software\WOW6432Node\Freemake] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Icaros] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\KLCodecPack] [HKLM\Software\WOW6432Node\LAV] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mojang] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\Sony Corporation] [HKLM\Software\WOW6432Node\SplitmediaLabs] [HKLM\Software\WOW6432Node\Valve] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\WinPcap] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] ---------- | Drives F: ---------- | C: [14/07/2009 05:18:56] - |SHD| - [54535629] - C:\$Recycle.Bin [23/03/2016 11:47:19] - |D| - [1240302] - C:\7d1f7979e0e3b3289b524c421565 [26/06/2016 19:41:13] - |D| - [969695] - C:\AdwCleaner [23/03/2016 11:27:18] - |D| - [3366512753] - C:\AMD [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [05/04/2016 13:48:07] - |SHD| - [45819984] - C:\Config.Msi [14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1028.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1031.txt [MD5.99C22D4A31F4EAD4351B71D6F4E5F6A1] - [07/11/2007 09:00:40] - |A| - (.-.) - [10134] - (0.0.0.0) - C:\eula.1033.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1036.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1040.txt [MD5.9B15A3A055CC6E67EA191A1B7885649A] - [07/11/2007 09:00:40] - |A| - (.-.) - [118] - (0.0.0.0) - C:\eula.1041.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1042.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.2052.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 09:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.3082.txt [26/03/2016 00:45:40] - |D| - [463247379] - C:\Games [MD5.0A6B586FABD072BD7382B5E24194EAC7] - [07/11/2007 09:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - C:\globdata.ini [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/03/2016 10:20:31] - |ASH| - (.-.) - [6394531840] - (0.0.0.0) - C:\hiberfil.sys [25/03/2016 19:32:33] - |D| - [1686278] - C:\inetpub [MD5.520A6D1CBCC9CF642C625FE814C93C58] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - C:\install.exe [MD5.0DA9AB4977F3E7BA8C65734DF42FDAB6] - [07/11/2007 09:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - C:\install.ini [MD5.4151A4D07640863783F837E588235837] - [07/11/2007 09:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - C:\install.res.1028.dll [MD5.3B8A82E04238655EAEF97E074FB29911] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - C:\install.res.1031.dll [MD5.9EDEB8B1C5C0A4CD3A3016B85108127D] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - C:\install.res.1033.dll [MD5.5B6FF470CFA7087690E61F87E81EF78A] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - C:\install.res.1036.dll [MD5.6310AB8FC9E3DBEE80592FC453A34FEE] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - C:\install.res.1040.dll [MD5.13ED4517152203DE4BC52ACC0255D952] - [07/11/2007 09:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - C:\install.res.1041.dll [MD5.0D4FB4095EA49C1EC89B9E8DB0B936A3] - [07/11/2007 09:03:18] - |A| - (.(C) Microsoft Corporation. - UI 래퍼 리소스 DLL.) - [79888] - (9.0.21022.8) - C:\install.res.1042.dll [MD5.D7366B34E8AFB605C39EF56E2201FE85] - [07/11/2007 09:03:18] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [75792] - (9.0.21022.8) - C:\install.res.2052.dll [MD5.41BB37A347121F3E5E88D85100638B79] - [07/11/2007 09:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - C:\install.res.3082.dll [23/03/2016 11:02:36] - |D| - [1079128] - C:\Intel [13/02/2016 15:20:39] - |D| - [17340789] - C:\Logs [MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/03/2016 10:20:32] - |ASH| - (.-.) - [8589934592] - (0.0.0.0) - C:\pagefile.sys [30/10/2015 09:24:24] - |D| - [0] - C:\PerfLogs [30/10/2015 08:28:30] - |RD| - [2205965396] - C:\Program Files [30/10/2015 08:28:30] - |RD| - [354789321085] - C:\Program Files (x86) [30/10/2015 09:24:24] - |HD| - [1658189434] - C:\ProgramData [29/06/2016 13:47:18] - |D| - [262074] - C:\QuickDiag [MD5.96292A8B96406E14A4B8F07CF9E8C4EF] - [29/06/2016 13:47:44] - |A| - (.-.) - [158956] - (0.0.0.0) - C:\QuickDiag.txt [25/03/2016 19:57:13] - |SHD| - [0] - C:\Recovery [09/06/2016 19:20:31] - |AD| - [535588617] - C:\RomStation [MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/03/2016 19:40:33] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [23/03/2016 10:20:31] - |SHD| - [0] - C:\System Volume Information [30/10/2015 08:28:30] - |RD| - [191010352882] - C:\Users [MD5.06FBA95313F26E300917C6CEA4480890] - [07/11/2007 09:00:40] - |A| - (.-.) - [5686] - (0.0.0.0) - C:\vcredist.bmp [MD5.E10F2F6E6379E9185F71AEC1421F37B4] - [07/11/2007 09:09:22] - |A| - (.-.) - [1442522] - (0.0.0.0) - C:\VC_RED.cab [MD5.E0951D3CB1038EB2D2B2B2F336E1AB32] - [07/11/2007 09:12:28] - |A| - (.-.) - [232960] - (0.0.0.0) - C:\VC_RED.MSI [30/10/2015 08:28:30] - |D| - [20300452251] - C:\Windows ---------- | C:\WINDOWS [30/10/2015 09:24:24] - |D| - [802] - C:\WINDOWS\addins [30/10/2015 09:24:24] - |D| - [17823486] - C:\WINDOWS\appcompat [30/10/2015 09:24:24] - |D| - [12360584] - C:\WINDOWS\AppPatch [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\AppReadiness [30/10/2015 09:24:24] - |RSD| - [1456098919] - C:\WINDOWS\assembly [MD5.9FCFE78AFBA95C1F3AD8E3F99C5C4636] - [23/03/2016 11:05:43] - |A| - (.Copyright (C) 2009 - AsTaskSchedule.) - [16896] - (0.1.0.4) - C:\WINDOWS\AsTaskSched.dll [MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/03/2016 19:44:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [30/10/2015 09:24:24] - |D| - [229876] - C:\WINDOWS\bcastdvr [MD5.DE3C720C11A91557E1DFDFF0DB2AA3C2] - [30/10/2015 09:17:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [61952] - (10.0.10586.0) - C:\WINDOWS\bfsvc.exe [13/02/2016 15:03:00] - |SHD| - [610843] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [30/10/2015 09:24:24] - |D| - [32716675] - C:\WINDOWS\Boot [MD5.A1C5B9F9160747FDB8A71E79F1D028C5] - [13/02/2016 15:12:18] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [30/10/2015 09:24:24] - |D| - [2380376] - C:\WINDOWS\Branding [30/10/2015 09:11:39] - |D| - [0] - C:\WINDOWS\CbsTemp [12/04/2011 11:28:19] - |D| - [0] - C:\WINDOWS\CSC [30/10/2015 09:24:24] - |D| - [8970858] - C:\WINDOWS\Cursors [30/10/2015 09:24:24] - |D| - [1353260] - C:\WINDOWS\debug [30/10/2015 09:24:24] - |RD| - [20934] - C:\WINDOWS\DesktopTileResources [30/10/2015 09:24:24] - |RD| - [3032320] - C:\WINDOWS\DevicesFlow [MD5.4A76A2B8A3D57C2BA57C399377CE2049] - [25/03/2016 19:20:43] - |A| - (.-.) - [10449] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [30/10/2015 09:24:24] - |D| - [4217368] - C:\WINDOWS\diagnostics [MD5.692CA5EBC9E0CEF0A8D0BE4DF7400CEE] - [25/03/2016 19:20:43] - |A| - (.-.) - [9528] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [13/02/2016 14:49:21] - |D| - [0] - C:\WINDOWS\DigitalLocker [30/10/2015 09:24:24] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [12/04/2011 11:28:20] - |D| - [0] - C:\WINDOWS\ehome [30/10/2015 09:24:24] - |HD| - [44568] - C:\WINDOWS\ELAMBKUP [13/02/2016 14:49:21] - |D| - [0] - C:\WINDOWS\en-US [MD5.E15BEB03592BA12C5C99E2BA46146BDD] - [16/06/2016 00:04:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4515264] - (10.0.10586.420) - C:\WINDOWS\explorer.exe [30/10/2015 09:24:24] - |RSD| - [353937442] - C:\WINDOWS\Fonts [13/02/2016 14:49:21] - |D| - [134144] - C:\WINDOWS\fr-FR [30/10/2015 09:24:24] - |D| - [25769840] - C:\WINDOWS\Globalization [30/10/2015 09:24:24] - |D| - [1589372] - C:\WINDOWS\Help [MD5.80F394B72E22F1186996459AE86709BA] - [30/10/2015 09:17:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [994816] - (10.0.10586.0) - C:\WINDOWS\HelpPane.exe [MD5.C7228F24B9130C64DCF4C390A04A775C] - [30/10/2015 09:17:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.10586.0) - C:\WINDOWS\hh.exe [30/10/2015 09:24:24] - |D| - [173194846] - C:\WINDOWS\IME [30/10/2015 09:24:24] - |RD| - [6839829] - C:\WINDOWS\ImmersiveControlPanel [30/10/2015 09:21:47] - |D| - [163924060] - C:\WINDOWS\INF [30/10/2015 09:24:24] - |D| - [943476491] - C:\WINDOWS\InfusedApps [30/10/2015 09:24:24] - |D| - [36258450] - C:\WINDOWS\InputMethod [30/10/2015 09:24:24] - |SHD| - [893766597] - C:\WINDOWS\Installer [23/03/2016 11:52:18] - |D| - [304541287] - C:\WINDOWS\Intel_Chipset_Win7-8_8-1_VER9401026 [30/10/2015 09:24:24] - |D| - [89407] - C:\WINDOWS\L2Schemas [MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [23/03/2016 10:50:49] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\WINDOWS\Language_trs.ini [30/10/2015 09:24:24] - |D| - [5225850] - C:\WINDOWS\LiveKernelReports [30/10/2015 08:31:03] - |D| - [23647391] - C:\WINDOWS\Logs [30/10/2015 09:24:24] - |RSD| - [27636877] - C:\WINDOWS\Media [23/03/2016 11:05:44] - |D| - [86560612] - C:\WINDOWS\MEI-Win7-8-8-1_VER10001204 [MD5.23AF90D2355D8C83AA4567EF1763B467] - [30/10/2015 09:17:40] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [30/10/2015 09:24:24] - |D| - [817805013] - C:\WINDOWS\Microsoft.NET [30/10/2015 09:24:24] - |D| - [2371] - C:\WINDOWS\Migration [11/04/2016 22:28:33] - |D| - [0] - C:\WINDOWS\Minidump [30/10/2015 09:24:24] - |RD| - [470257] - C:\WINDOWS\MiracastView [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini [MD5.60336413E419C2EA5E215F1A32061E40] - [30/10/2015 09:19:28] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [244736] - (10.0.10586.0) - C:\WINDOWS\notepad.exe [13/02/2016 14:53:04] - |D| - [418530] - C:\WINDOWS\OCR [30/10/2015 09:24:24] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [25/03/2016 19:40:04] - |DC| - [103303367] - C:\WINDOWS\Panther [30/10/2015 09:24:24] - |D| - [29264782] - C:\WINDOWS\Performance [MD5.94733CE1FE76D9CEA2B5AD4EF3C393DF] - [15/06/2016 23:39:13] - |A| - (.-.) - [45706] - (0.0.0.0) - C:\WINDOWS\PFRO.log [30/10/2015 09:24:24] - |D| - [1136442] - C:\WINDOWS\PLA [30/10/2015 09:24:24] - |D| - [6307318] - C:\WINDOWS\PolicyDefinitions [25/03/2016 19:42:45] - |D| - [41134260] - C:\WINDOWS\Prefetch [30/10/2015 09:24:24] - |RD| - [1963312] - C:\WINDOWS\PrintDialog [MD5.026398FFA29364396CEC7A303E99A4C1] - [13/02/2016 15:04:26] - |A| - (.-.) - [32200] - (0.0.0.0) - C:\WINDOWS\Professional.xml [30/10/2015 09:24:24] - |D| - [1297393] - C:\WINDOWS\Provisioning [30/10/2015 09:24:24] - |RD| - [770223] - C:\WINDOWS\PurchaseDialog [MD5.D9D56AFAA121BD6B4206F7FF3DA84BBA] - [30/10/2015 09:17:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [320512] - (10.0.10586.0) - C:\WINDOWS\regedit.exe [30/10/2015 09:24:24] - |D| - [1095144] - C:\WINDOWS\Registration [30/10/2015 09:24:24] - |D| - [6049159] - C:\WINDOWS\rescache [30/10/2015 09:24:24] - |D| - [3728883] - C:\WINDOWS\Resources [MD5.B16B85710061C506C7861235A2C2EDAA] - [23/03/2016 11:12:04] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.5) - C:\WINDOWS\RtlExUpd.dll [30/10/2015 09:24:24] - |D| - [0] - C:\WINDOWS\SchCache [30/10/2015 09:24:24] - |D| - [121229] - C:\WINDOWS\schemas [30/10/2015 09:24:24] - |D| - [6506774] - C:\WINDOWS\security [13/02/2016 15:10:27] - |D| - [86898402] - C:\WINDOWS\ServiceProfiles [30/10/2015 08:28:30] - |D| - [98035738] - C:\WINDOWS\servicing [30/10/2015 09:26:37] - |D| - [42] - C:\WINDOWS\Setup [MD5.EA964850332233774C9ECA2576D084E7] - [15/06/2016 23:34:15] - |A| - (.-.) - [4141] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/06/2016 23:34:15] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [13/02/2016 15:03:00] - |D| - [4544] - C:\WINDOWS\ShellNew [13/02/2016 14:52:41] - |D| - [6828144] - C:\WINDOWS\SKB [23/03/2016 10:25:28] - |D| - [154643185] - C:\WINDOWS\SoftwareDistribution [30/10/2015 09:24:24] - |D| - [103543755] - C:\WINDOWS\Speech [30/10/2015 09:24:24] - |D| - [50814701] - C:\WINDOWS\Speech_OneCore [MD5.3BB80AF91D069F97006DCCC031164903] - [30/10/2015 09:18:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [128000] - (10.0.10586.0) - C:\WINDOWS\splwow64.exe [30/10/2015 09:24:24] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [30/10/2015 08:28:30] - |D| - [5906894370] - C:\WINDOWS\System32 [30/10/2015 09:24:25] - |D| - [158809344] - C:\WINDOWS\SystemApps [30/10/2015 09:24:25] - |D| - [18174749] - C:\WINDOWS\SystemResources [30/10/2015 08:28:37] - |D| - [1580985022] - C:\WINDOWS\SysWOW64 [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\TAPI [14/07/2009 05:20:14] - |D| - [3172] - C:\WINDOWS\Tasks [30/10/2015 09:24:25] - |D| - [11527689] - C:\WINDOWS\Temp [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\tracing [30/10/2015 09:24:25] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.669A44C0BCA67D8CDE111F7FBA91EE86] - [30/10/2015 09:19:30] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [60416] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [30/10/2015 09:24:25] - |D| - [12420] - C:\WINDOWS\Vss [30/10/2015 09:24:25] - |D| - [15729830] - C:\WINDOWS\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [30/10/2015 09:18:16] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [15/06/2016 23:40:43] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.8C459D003560EA9817F7CDB29AA55382] - [30/10/2015 09:18:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.10586.0) - C:\WINDOWS\winhlp32.exe [30/10/2015 08:28:30] - |D| - [6490683354] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [30/10/2015 09:18:41] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E9C22DCE95A6E5B6C37FED42B3749E32] - [30/10/2015 09:18:14] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.10586.0) - C:\WINDOWS\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [12/03/2014 07:22:32] - C:\WINDOWS\Installer\12f73c.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/03/2016 10:54:43] - C:\WINDOWS\Installer\12f742.msi : (Asmedia ASM104x USB 3.0 Host Controller Driver - Asmedia Technology) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [18/03/2016 12:13:21] - C:\WINDOWS\Installer\17bbef.msi : (PS4 Remote Play - Sony Interactive Entertainment Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/03/2016 16:40:18] - C:\WINDOWS\Installer\1f4242.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/03/2016 15:26:32] - C:\WINDOWS\Installer\1f4247.msi : (Apple Mobile Device Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [09/03/2016 06:22:22] - C:\WINDOWS\Installer\1f424c.msi : (Apple Software Update Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/05/2016 12:42:52] - C:\WINDOWS\Installer\2da8968.msi : (Java SE Runtime Environment 8 Update 91 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/05/2016 12:42:53] - C:\WINDOWS\Installer\2da8971.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/03/2016 21:05:27] - C:\WINDOWS\Installer\45e515.msi : (Minecraft - Mojang) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/11/2015 22:17:52] - C:\WINDOWS\Installer\49347.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [25/03/2016 21:15:47] - C:\WINDOWS\Installer\4d7b46.msi : (InputMapper - DSDCS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/03/2016 14:24:47] - C:\WINDOWS\Installer\4d7b4a.msi : (XSplit Broadcaster - SplitmediaLabs) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/05/2016 23:33:26] - C:\WINDOWS\Installer\608b2.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:41:29] - C:\WINDOWS\Installer\6e68a.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/06/2016 13:35:14] - C:\WINDOWS\Installer\918f5.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/06/2016 13:35:36] - C:\WINDOWS\Installer\91929.msi : (Apple Application Support Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/06/2016 13:36:16] - C:\WINDOWS\Installer\928c3.msi : (iTunes Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/03/2016 11:20:07] - C:\WINDOWS\Installer\9c383.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/04/2014 17:49:50] - C:\WINDOWS\Installer\a549.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/04/2014 17:50:06] - C:\WINDOWS\Installer\a550.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/04/2014 17:50:20] - C:\WINDOWS\Installer\a557.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/04/2014 17:48:38] - C:\WINDOWS\Installer\a55e.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:40:06] - C:\WINDOWS\Installer\bef8a.msi : (AMD Installer (64 bit) - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:31:40] - C:\WINDOWS\Installer\befbe.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:32:02] - C:\WINDOWS\Installer\befc2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:32:20] - C:\WINDOWS\Installer\befc6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:32:36] - C:\WINDOWS\Installer\befca.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:32:52] - C:\WINDOWS\Installer\befce.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:33:06] - C:\WINDOWS\Installer\befd2.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:33:22] - C:\WINDOWS\Installer\befd6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:33:36] - C:\WINDOWS\Installer\befda.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:33:54] - C:\WINDOWS\Installer\befde.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:34:08] - C:\WINDOWS\Installer\befe2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:34:24] - C:\WINDOWS\Installer\befe6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:34:38] - C:\WINDOWS\Installer\befea.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:34:54] - C:\WINDOWS\Installer\befee.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:35:10] - C:\WINDOWS\Installer\beff2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:35:24] - C:\WINDOWS\Installer\beff6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:35:40] - C:\WINDOWS\Installer\beffa.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:35:56] - C:\WINDOWS\Installer\beffe.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:36:12] - C:\WINDOWS\Installer\bf002.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:36:28] - C:\WINDOWS\Installer\bf006.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:36:42] - C:\WINDOWS\Installer\bf00a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:36:58] - C:\WINDOWS\Installer\bf00e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:38:54] - C:\WINDOWS\Installer\bf012.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/06/2016 00:31:20] - C:\WINDOWS\Installer\bf016.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/05/2016 16:41:16] - C:\WINDOWS\Installer\de355ea.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/12/2015 22:26:28] - C:\WINDOWS\Installer\f44e4.msi : (AMD Wireless Display v3.0 Installer - Advanced Micro Devices Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [19/11/2015 01:36:54] - C:\WINDOWS\Installer\f4593.msi : (Branding - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [30/10/2015 09:18:41] - [3458] - C:\WINDOWS\System32\ieuinit.inf [25/03/2016 19:47:17] - [2131950] - C:\WINDOWS\System32\PerfStringBackup.INI [30/10/2015 09:18:09] - [60124] - C:\WINDOWS\System32\tcpmon.ini [30/10/2015 09:17:49] - [2269] - C:\WINDOWS\System32\WimBootCompress.ini [30/10/2015 09:19:39] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [25/03/2016 19:47:13] - [2036216] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [30/10/2015 09:18:25] - [2269] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | [Administrateur] [13/02/2016 15:16:17] - |HD| - [127513893] - C:\Users\Administrateur\AppData [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Application Data [13/02/2016 15:20:48] - |RD| - [412] - C:\Users\Administrateur\Contacts [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Cookies [13/02/2016 15:16:17] - |RD| - [282] - C:\Users\Administrateur\Desktop [13/02/2016 15:16:17] - |RD| - [402] - C:\Users\Administrateur\Documents [13/02/2016 15:16:17] - |RD| - [282] - C:\Users\Administrateur\Downloads [13/02/2016 15:16:17] - |RD| - [690] - C:\Users\Administrateur\Favorites [13/02/2016 15:16:17] - |RD| - [2015] - C:\Users\Administrateur\Links [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Local Settings [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Menu Démarrer [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Mes documents [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Modèles [13/02/2016 15:16:17] - |RD| - [504] - C:\Users\Administrateur\Music [13/02/2016 15:16:16] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT [13/02/2016 15:16:17] - |ASH| - [0] - C:\Users\Administrateur\ntuser.dat.LOG1 [13/02/2016 15:16:17] - |ASH| - [185344] - C:\Users\Administrateur\ntuser.dat.LOG2 [13/02/2016 15:16:17] - |ASH| - [65536] - C:\Users\Administrateur\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TM.blf [13/02/2016 15:16:17] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TMContainer00000000000000000001.regtrans-ms [13/02/2016 15:16:17] - |ASH| - [524288] - C:\Users\Administrateur\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TMContainer00000000000000000002.regtrans-ms [13/02/2016 15:16:17] - |ASH| - [20] - C:\Users\Administrateur\ntuser.ini [13/02/2016 15:22:01] - |RD| - [105] - C:\Users\Administrateur\OneDrive [13/02/2016 15:16:17] - |RD| - [504] - C:\Users\Administrateur\Pictures [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Recent [13/02/2016 15:16:17] - |RD| - [282] - C:\Users\Administrateur\Saved Games [13/02/2016 15:20:48] - |RD| - [1875] - C:\Users\Administrateur\Searches [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\SendTo [13/02/2016 15:16:17] - |RD| - [504] - C:\Users\Administrateur\Videos [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Voisinage d'impression [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\Voisinage réseau [13/02/2016 15:18:40] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Application Data [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Historique [13/02/2016 15:23:18] - |AH| - [3368] - C:\Users\Administrateur\AppData\Local\IconCache.db [13/02/2016 15:16:17] - |D| - [112982044] - C:\Users\Administrateur\AppData\Local\Microsoft [13/02/2016 15:16:26] - |D| - [3308258] - C:\Users\Administrateur\AppData\Local\Packages [13/02/2016 15:16:17] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files [13/02/2016 15:16:24] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer [13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [13/02/2016 15:16:17] - |RD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [13/02/2016 15:16:17] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [13/02/2016 15:16:17] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [13/02/2016 15:20:48] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [13/02/2016 15:16:17] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [13/02/2016 15:22:01] - |A| - [2405] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [13/02/2016 15:20:48] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [13/02/2016 15:16:17] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [13/02/2016 15:16:17] - |RSD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [13/02/2016 15:20:48] - |RHD| - [140524] - C:\Users\Public\AccountPictures [14/07/2009 05:20:08] - |RHD| - [18212] - C:\Users\Public\Desktop [30/10/2015 09:24:29] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 05:20:08] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites [30/10/2015 09:24:24] - |RHD| - [1135] - C:\Users\Public\Libraries [14/07/2009 05:20:08] - |RD| - [80538] - C:\Users\Public\Music [14/07/2009 05:20:08] - |RD| - [380] - C:\Users\Public\Pictures [12/04/2011 11:28:08] - |RD| - [0] - C:\Users\Public\Recorded TV [14/07/2009 05:20:08] - |RD| - [380] - C:\Users\Public\Videos ---------- | [sebastien] [26/03/2016 19:56:27] - |D| - [100] - C:\Users\sebastien\.oracle_jre_usage [25/03/2016 19:47:46] - |HD| - [8457524581] - C:\Users\sebastien\AppData [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Application Data [23/03/2016 10:25:48] - |RD| - [115844] - C:\Users\sebastien\Contacts [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Cookies [23/03/2016 10:25:38] - |RD| - [147334442817] - C:\Users\sebastien\Desktop [23/03/2016 10:25:38] - |RD| - [475513621] - C:\Users\sebastien\Documents [23/03/2016 10:25:38] - |RD| - [5663610415] - C:\Users\sebastien\Downloads [23/03/2016 10:25:38] - |RD| - [4484] - C:\Users\sebastien\Favorites [23/03/2016 11:07:24] - |D| - [898126] - C:\Users\sebastien\Intel [23/03/2016 10:25:38] - |RD| - [2440] - C:\Users\sebastien\Links [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Local Settings [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Menu Démarrer [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Mes documents [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Modèles [23/03/2016 10:25:38] - |RD| - [4819687599] - C:\Users\sebastien\Music [25/03/2016 19:47:46] - |ASH| - [2359296] - C:\Users\sebastien\NTUSER.DAT [25/03/2016 19:47:46] - |ASH| - [212992] - C:\Users\sebastien\ntuser.dat.LOG1 [25/03/2016 19:47:46] - |ASH| - [667648] - C:\Users\sebastien\ntuser.dat.LOG2 [25/03/2016 19:47:46] - |ASH| - [65536] - C:\Users\sebastien\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TM.blf [25/03/2016 19:47:46] - |ASH| - [524288] - C:\Users\sebastien\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TMContainer00000000000000000001.regtrans-ms [25/03/2016 19:47:46] - |ASH| - [524288] - C:\Users\sebastien\NTUSER.DAT{c58209f6-d207-11e5-9166-b2df75528388}.TMContainer00000000000000000002.regtrans-ms [25/03/2016 19:59:04] - |SH| - [20] - C:\Users\sebastien\ntuser.ini [25/03/2016 20:03:30] - |RD| - [100] - C:\Users\sebastien\OneDrive [26/03/2016 00:22:18] - |A| - [391] - C:\Users\sebastien\Panneau de configuration - Raccourci.lnk [23/03/2016 10:25:38] - |RD| - [2475599603] - C:\Users\sebastien\Pictures [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Recent [23/03/2016 10:25:38] - |RD| - [282] - C:\Users\sebastien\Saved Games [23/03/2016 10:25:58] - |RD| - [1875] - C:\Users\sebastien\Searches [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\SendTo [23/03/2016 10:25:38] - |RD| - [19983743471] - C:\Users\sebastien\Videos [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Voisinage d'impression [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\Voisinage réseau [27/06/2016 11:36:30] - |A| - [2221568] - C:\Users\sebastien\ZHPDiag3.exe [14/05/2016 22:32:42] - |D| - [0] - C:\Users\sebastien\AppData\Local\ActiveSync [04/04/2016 15:00:14] - |D| - [4] - C:\Users\sebastien\AppData\Local\Activision [23/03/2016 11:42:45] - |D| - [991313] - C:\Users\sebastien\AppData\Local\Adobe [23/03/2016 11:32:53] - |D| - [2146277] - C:\Users\sebastien\AppData\Local\AMD [25/03/2016 20:22:57] - |D| - [2039504956] - C:\Users\sebastien\AppData\Local\Ankama [25/03/2016 20:26:08] - |D| - [0] - C:\Users\sebastien\AppData\Local\Apple [25/03/2016 20:27:18] - |D| - [10295944] - C:\Users\sebastien\AppData\Local\Apple Computer [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\AppData\Local\Application Data [23/03/2016 12:54:30] - |D| - [0] - C:\Users\sebastien\AppData\Local\Apps [25/03/2016 20:02:59] - |D| - [71608] - C:\Users\sebastien\AppData\Local\ATI [26/03/2016 00:38:30] - |D| - [14026] - C:\Users\sebastien\AppData\Local\Black_Tree_Gaming [08/05/2016 15:00:21] - |D| - [264] - C:\Users\sebastien\AppData\Local\Blizzard Entertainment [23/03/2016 12:04:06] - |D| - [8185973] - C:\Users\sebastien\AppData\Local\CEF [25/03/2016 20:20:08] - |D| - [18882580] - C:\Users\sebastien\AppData\Local\Comms [28/06/2016 22:13:52] - |D| - [114299] - C:\Users\sebastien\AppData\Local\Diagnostics [28/06/2016 22:13:48] - |D| - [193412] - C:\Users\sebastien\AppData\Local\ElevatedDiagnostics [26/03/2016 00:29:25] - |D| - [47] - C:\Users\sebastien\AppData\Local\FalloutNV [23/03/2016 12:02:02] - |A| - [58016] - C:\Users\sebastien\AppData\Local\GDIPFONTCACHEV1.DAT [23/03/2016 11:20:05] - |D| - [486243018] - C:\Users\sebastien\AppData\Local\Google [25/03/2016 18:34:06] - |D| - [71] - C:\Users\sebastien\AppData\Local\GWX [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\AppData\Local\Historique [25/03/2016 21:44:40] - |AH| - [261079] - C:\Users\sebastien\AppData\Local\IconCache.db [10/05/2016 16:34:36] - |D| - [2321] - C:\Users\sebastien\AppData\Local\InsurgenceLauncher [28/03/2016 13:44:53] - |D| - [0] - C:\Users\sebastien\AppData\Local\Macromedia [25/03/2016 19:47:46] - |D| - [605286351] - C:\Users\sebastien\AppData\Local\Microsoft [08/06/2016 18:16:04] - |D| - [87548] - C:\Users\sebastien\AppData\Local\MicrosoftEdge [25/03/2016 20:06:08] - |D| - [24710475] - C:\Users\sebastien\AppData\Local\Mozilla [25/03/2016 19:59:16] - |D| - [141979687] - C:\Users\sebastien\AppData\Local\Packages [25/03/2016 20:12:57] - |D| - [0] - C:\Users\sebastien\AppData\Local\PeerDistRepub [10/05/2016 16:49:42] - |D| - [361] - C:\Users\sebastien\AppData\Local\Pokemon Insurgence [23/03/2016 18:49:23] - |D| - [0] - C:\Users\sebastien\AppData\Local\Programs [25/03/2016 20:00:29] - |D| - [0] - C:\Users\sebastien\AppData\Local\Publishers [08/05/2016 18:12:10] - |A| - [7598] - C:\Users\sebastien\AppData\Local\resmon.resmoncfg [06/04/2016 13:44:41] - |D| - [565] - C:\Users\sebastien\AppData\Local\Sony Corporation [15/05/2016 15:36:06] - |D| - [5742699] - C:\Users\sebastien\AppData\Local\SplitMediaLabs [23/03/2016 16:57:29] - |D| - [373638061] - C:\Users\sebastien\AppData\Local\Steam [25/03/2016 20:50:20] - |D| - [65654824] - C:\Users\sebastien\AppData\Local\TeamSpeak 3 Client [25/03/2016 19:47:46] - |D| - [57520958] - C:\Users\sebastien\AppData\Local\Temp [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\AppData\Local\Temporary Internet Files [25/03/2016 19:59:13] - |D| - [11870208] - C:\Users\sebastien\AppData\Local\TileDataLayer [23/03/2016 10:25:47] - |D| - [0] - C:\Users\sebastien\AppData\Local\VirtualStore [15/05/2016 18:54:08] - |D| - [445530] - C:\Users\sebastien\AppData\Local\zdoom [23/03/2016 10:25:58] - |ASH| - [174] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [25/03/2016 20:23:17] - |A| - [1122] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk [25/03/2016 19:47:46] - |SHD| - [0] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [25/03/2016 19:47:46] - |RD| - [33985] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/03/2016 19:47:46] - |RD| - [3888] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [25/03/2016 19:47:46] - |RD| - [4231] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [23/03/2016 10:25:58] - |RD| - [174] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [19/04/2016 14:00:53] - |A| - [1292] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk [25/03/2016 19:59:21] - |ASH| - [174] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/03/2016 20:02:09] - |A| - [1047] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [25/03/2016 20:13:08] - |D| - [1514] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [25/03/2016 19:47:46] - |D| - [170] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [25/03/2016 20:03:30] - |A| - [2419] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [13/05/2016 18:12:45] - |D| - [843] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Gemme [23/03/2016 10:25:58] - |RD| - [174] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [25/03/2016 19:47:46] - |RD| - [5318] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [25/03/2016 20:50:23] - |D| - [2441] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [25/03/2016 19:47:46] - |RSD| - [7238] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [23/03/2016 10:28:43] - |D| - [3062] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [23/03/2016 10:25:58] - |ASH| - [174] - C:\Users\sebastien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [23/03/2016 11:43:45] - |D| - [246738156] - C:\ProgramData\Adobe [25/03/2016 20:25:35] - |D| - [192263689] - C:\ProgramData\Apple [25/03/2016 20:26:40] - |D| - [76403943] - C:\ProgramData\Apple Computer [25/03/2016 19:57:13] - |SHD| - [18223284718] - C:\ProgramData\Application Data [13/05/2016 16:58:37] - |D| - [0] - C:\ProgramData\ATI [08/05/2016 14:58:37] - |D| - [17085679] - C:\ProgramData\Battle.net [08/05/2016 15:00:15] - |D| - [206439] - C:\ProgramData\Blizzard Entertainment [23/03/2016 10:25:31] - |SHD| - [18212] - C:\ProgramData\Bureau [25/03/2016 21:16:09] - |D| - [1627444] - C:\ProgramData\Caphyon [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms [25/03/2016 19:57:13] - |SHD| - [278] - C:\ProgramData\Documents [25/03/2016 19:44:31] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [26/03/2016 00:20:34] - |D| - [507] - C:\ProgramData\DSDCS [23/03/2016 10:25:31] - |SHD| - [0] - C:\ProgramData\Favoris [25/03/2016 20:13:06] - |D| - [6781058] - C:\ProgramData\Freemake [23/03/2016 11:07:42] - |D| - [40432608] - C:\ProgramData\Intel [26/06/2016 19:14:10] - |D| - [10548255] - C:\ProgramData\Malwarebytes [23/03/2016 10:25:31] - |SHD| - [132498] - C:\ProgramData\Menu Démarrer [30/10/2015 09:24:24] - |SD| - [1021906477] - C:\ProgramData\Microsoft [13/02/2016 15:21:08] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [23/03/2016 10:25:31] - |SHD| - [0] - C:\ProgramData\Modèles [26/03/2016 19:56:11] - |D| - [0] - C:\ProgramData\Oracle [25/03/2016 19:45:17] - |D| - [35232486] - C:\ProgramData\Package Cache [25/03/2016 21:07:29] - |D| - [0] - C:\ProgramData\Picroma [30/10/2015 09:24:24] - |D| - [998] - C:\ProgramData\regid.1991-06.com.microsoft [30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\SoftwareDistribution [25/03/2016 21:27:12] - |D| - [8443338] - C:\ProgramData\SplitMediaLabs [30/10/2015 09:24:24] - |D| - [2779] - C:\ProgramData\USOPrivate [13/02/2016 15:17:03] - |D| - [1703936] - C:\ProgramData\USOShared ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [23/03/2016 10:25:31] - |SHD| - [132324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [30/10/2015 09:24:24] - |RD| - [132324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [30/10/2015 09:24:24] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [30/10/2015 09:24:24] - |RD| - [19726] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [23/03/2016 11:44:06] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [30/10/2015 09:24:24] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/03/2016 11:32:52] - |D| - [2003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [25/03/2016 20:26:07] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [23/03/2016 12:03:39] - |D| - [2925] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [25/03/2016 21:07:30] - |D| - [1128] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World [30/10/2015 09:24:28] - |ASH| - [1140] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/10/2015 09:18:13] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk [30/10/2015 09:19:28] - |RAS| - [2197] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk [25/03/2016 20:13:07] - |D| - [1423] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [14/07/2009 07:32:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [23/03/2016 11:20:54] - |A| - [2270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [30/10/2015 09:19:28] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [25/03/2016 21:15:57] - |AD| - [4632] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper [29/06/2016 13:44:38] - |D| - [4065] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [26/03/2016 19:56:25] - |D| - [6941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [23/03/2016 18:49:51] - |D| - [14603] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [06/04/2016 13:43:56] - |A| - [2164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lecture à distance PS4.lnk [30/10/2015 09:24:24] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [26/06/2016 19:14:28] - |D| - [5271] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [25/03/2016 21:07:39] - |D| - [1048] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [30/10/2015 09:17:57] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [26/03/2016 00:38:25] - |D| - [3122] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [30/10/2015 09:19:28] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [09/06/2016 19:24:31] - |D| - [1405] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RomStation [30/10/2015 09:18:07] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk [30/10/2015 09:24:24] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [30/10/2015 09:24:24] - |RD| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [13/02/2016 15:03:00] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [25/03/2016 21:11:40] - |D| - [7188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [25/03/2016 19:49:55] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [23/03/2016 10:28:43] - |D| - [3008] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [25/03/2016 21:27:12] - |D| - [1286] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [30/10/2015 09:24:28] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [23/03/2016 11:43:59] - |D| - [216623902] - C:\Program Files (x86)\Adobe [13/05/2016 17:01:32] - |AD| - [113452258] - C:\Program Files (x86)\AMD [25/03/2016 20:26:07] - |AD| - [2743854] - C:\Program Files (x86)\Apple Software Update [23/03/2016 10:57:51] - |AD| - [2530166] - C:\Program Files (x86)\ASM104xUSB3 [25/03/2016 19:43:10] - |D| - [3499121] - C:\Program Files (x86)\ASUS [25/03/2016 19:45:28] - |AD| - [300622] - C:\Program Files (x86)\ATI Technologies [25/03/2016 20:25:54] - |AD| - [631713] - C:\Program Files (x86)\Bonjour [30/10/2015 08:28:30] - |D| - [218714204] - C:\Program Files (x86)\Common Files [25/03/2016 21:07:29] - |AD| - [6107338] - C:\Program Files (x86)\Cube World [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [25/03/2016 21:15:56] - |D| - [5944803] - C:\Program Files (x86)\DSDCS [25/03/2016 20:12:56] - |AD| - [50183050] - C:\Program Files (x86)\Freemake [23/03/2016 11:20:07] - |D| - [646884539] - C:\Program Files (x86)\Google [23/03/2016 11:12:11] - |HD| - [4695940] - C:\Program Files (x86)\InstallShield Installation Information [23/03/2016 11:03:08] - |D| - [21043540] - C:\Program Files (x86)\Intel [30/10/2015 09:24:24] - |D| - [2154947] - C:\Program Files (x86)\Internet Explorer [29/06/2016 13:44:07] - |D| - [76267] - C:\Program Files (x86)\iTunes [23/03/2016 18:49:47] - |AD| - [126414907] - C:\Program Files (x86)\K-Lite Codec Pack [26/06/2016 19:14:10] - |D| - [59499548] - C:\Program Files (x86)\Malwarebytes Anti-Malware [22/06/2016 14:35:52] - |D| - [6076507] - C:\Program Files (x86)\Microsoft XNA [30/10/2015 09:24:24] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [25/03/2016 21:07:39] - |AD| - [1294088] - C:\Program Files (x86)\Minecraft [25/03/2016 19:32:33] - |D| - [25757] - C:\Program Files (x86)\MSBuild [10/05/2016 16:39:59] - |D| - [0] - C:\Program Files (x86)\Pokemon Insurgence [23/03/2016 11:12:11] - |D| - [3439577] - C:\Program Files (x86)\Realtek [25/03/2016 19:32:33] - |D| - [38450433] - C:\Program Files (x86)\Reference Assemblies [06/04/2016 13:43:56] - |D| - [8813696] - C:\Program Files (x86)\Sony [25/03/2016 21:27:12] - |D| - [249062199] - C:\Program Files (x86)\SplitmediaLabs [23/03/2016 12:56:01] - |D| - [352847601268] - C:\Program Files (x86)\STEAM [23/03/2016 11:12:05] - |HD| - [0] - C:\Program Files (x86)\Temp [14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [25/03/2016 21:11:27] - |D| - [126077027] - C:\Program Files (x86)\VideoLAN [30/10/2015 09:24:24] - |D| - [1465856] - C:\Program Files (x86)\Windows Defender [30/10/2015 09:24:24] - |D| - [5961728] - C:\Program Files (x86)\Windows Mail [30/10/2015 09:24:24] - |D| - [3342927] - C:\Program Files (x86)\Windows Media Player [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7575610] - C:\Program Files (x86)\Windows NT [30/10/2015 09:24:24] - |D| - [5484224] - C:\Program Files (x86)\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [220064] - C:\Program Files (x86)\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [30/10/2015 09:24:24] - |SD| - [2685232] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [25/03/2016 19:44:46] - |AD| - [98560493] - C:\Program Files\AMD [25/03/2016 19:43:08] - |D| - [2043735] - C:\Program Files\ASUS [25/03/2016 20:25:54] - |AD| - [615066] - C:\Program Files\Bonjour [30/10/2015 08:28:30] - |D| - [227136963] - C:\Program Files\Common Files [23/03/2016 12:03:39] - |D| - [7150220] - C:\Program Files\CPUID [30/10/2015 09:24:28] - |ASH| - [174] - C:\Program Files\desktop.ini [14/07/2009 07:32:38] - |D| - [0] - C:\Program Files\DVD Maker [23/03/2016 10:25:31] - |SHD| - [227136963] - C:\Program Files\Fichiers communs [23/03/2016 10:53:30] - |D| - [23158361] - C:\Program Files\Intel [30/10/2015 09:24:24] - |D| - [2776238] - C:\Program Files\Internet Explorer [29/06/2016 13:44:05] - |D| - [4170211] - C:\Program Files\iPod [29/06/2016 13:44:03] - |D| - [190501938] - C:\Program Files\iTunes [26/03/2016 19:56:07] - |D| - [183529670] - C:\Program Files\Java [19/05/2016 16:49:56] - |AD| - [107874508] - C:\Program Files\Mozilla Firefox [25/03/2016 19:32:33] - |D| - [25757] - C:\Program Files\MSBuild [26/03/2016 00:38:23] - |AD| - [24272327] - C:\Program Files\Nexus Mod Manager [25/03/2016 19:43:17] - |D| - [46614904] - C:\Program Files\Realtek [25/03/2016 19:32:33] - |D| - [36850857] - C:\Program Files\Reference Assemblies [13/02/2016 15:16:19] - |HD| - [0] - C:\Program Files\Uninstall Information [30/10/2015 09:24:24] - |D| - [11400154] - C:\Program Files\Windows Defender [13/02/2016 15:03:00] - |D| - [8974456] - C:\Program Files\Windows Journal [30/10/2015 09:24:24] - |D| - [6322176] - C:\Program Files\Windows Mail [30/10/2015 09:24:24] - |D| - [5394547] - C:\Program Files\Windows Media Player [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Multimedia Platform [30/10/2015 09:24:24] - |D| - [7862330] - C:\Program Files\Windows NT [30/10/2015 09:24:24] - |D| - [6381248] - C:\Program Files\Windows Photo Viewer [30/10/2015 09:24:24] - |D| - [258280] - C:\Program Files\Windows Portable Devices [30/10/2015 09:24:24] - |SHD| - [0] - C:\Program Files\Windows Sidebar [30/10/2015 09:24:24] - |HD| - [1194031013] - C:\Program Files\WindowsApps [30/10/2015 09:24:24] - |SD| - [2856133] - C:\Program Files\WindowsPowerShell [25/03/2016 20:13:28] - |D| - [189003] - C:\Program Files\WinPcap [23/03/2016 10:26:57] - |AD| - [6756354] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [23/03/2016 11:43:59] - |AD| - [9236091] - C:\Program Files (x86)\Common Files\Adobe [25/03/2016 20:25:35] - |D| - [133011056] - C:\Program Files (x86)\Common Files\Apple [25/03/2016 20:13:07] - |D| - [631296] - C:\Program Files (x86)\Common Files\Freemake Shared [23/03/2016 11:12:03] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield [10/05/2016 12:44:59] - |D| - [1966664] - C:\Program Files (x86)\Common Files\Java [30/10/2015 09:24:24] - |D| - [19272425] - C:\Program Files (x86)\Common Files\Microsoft Shared [23/03/2016 11:07:44] - |D| - [196972] - C:\Program Files (x86)\Common Files\PostureAgent [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [25/03/2016 19:48:41] - |D| - [41095079] - C:\Program Files (x86)\Common Files\SpeechEngines [23/03/2016 16:57:28] - |D| - [1518672] - C:\Program Files (x86)\Common Files\Steam [30/10/2015 09:24:24] - |D| - [9676683] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [25/03/2016 20:25:46] - |D| - [174330649] - C:\Program Files\Common files\Apple [25/03/2016 19:44:52] - |D| - [3114577] - C:\Program Files\Common files\ATI Technologies [30/10/2015 09:24:24] - |D| - [38584384] - C:\Program Files\Common files\microsoft shared [30/10/2015 09:24:24] - |D| - [2702] - C:\Program Files\Common files\Services [25/03/2016 19:48:40] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines [30/10/2015 09:24:24] - |D| - [10505611] - C:\Program Files\Common files\System ---------- | Tasks [MD5.32764BF8BA583BA0BB14C1F99F89958B] - [28/03/2016 13:44:27] - |A| - [1002] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.9AECDC18C9693513D6FBCC26310EA83A] - [23/03/2016 11:20:09] - |A| - [1080] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [MD5.B6AA4DFE163DA468224ADA3BAE5CC8D4] - [23/03/2016 11:20:10] - |A| - [1084] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/02/2016 15:15:59] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.3A62AAAF382D0974E7B94BFD58E6C7FE] - [23/03/2016 11:44:28] - |A| - [3972] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.543273545DA52882585B7000A5253F59] - [28/03/2016 13:44:27] - |A| - [3988] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.581C1A87C6544BACF57804ABD39725AD] - [23/03/2016 11:35:44] - |A| - [4296] - C:\WINDOWS\System32\Tasks\AMD Updater : "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" [MD5.00000000000000000000000000000000] - [25/03/2016 20:26:08] - |D| - [3516] - C:\WINDOWS\System32\Tasks\Apple [MD5.00000000000000000000000000000000] - [23/03/2016 11:05:44] - |D| - [3196] - C:\WINDOWS\System32\Tasks\ASUS [MD5.9C6C978261A5F775E6E4DDAE9C98898D] - [23/03/2016 11:20:09] - |A| - [3910] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.2B96907993151C4A275C5B31DBAA5BE0] - [23/03/2016 11:20:10] - |A| - [4142] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.C600A725FF035419F86A7727FB6199CC] - [23/03/2016 18:49:58] - |A| - [3702] - C:\WINDOWS\System32\Tasks\klcp_update : "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [546702] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.D44100069CDE08B78A8B68888828E948] - [27/06/2016 11:36:50] - |A| - [4160] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{299867D9-76C0-4546-8BF5-C2643633C34C} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD [MD5.00000000000000000000000000000000] - [30/10/2015 09:24:25] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "DeliveryOptimization-TCP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.25|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "MDNS-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "{44A42975-1F40-45AE-AA12-AFC26E342365}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{3DA37557-E9F4-4AE8-82AC-5C5977886EB9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{3E3C26F2-0C6E-4185-88D8-16B11E7FED48}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{E80E6795-EC70-4941-BACB-1371414E71A9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{0D53514F-256A-4CF0-A189-98F46BE04055}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6ECEF26C-000F-4681-A4F8-8CC9FD05AEE4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{02DED0DA-4B93-40C0-912D-8283016CDF78}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{700363C2-81CE-4539-949A-6883E2D783FD}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{D3CB58EF-D02A-42BC-A2D0-74F5088FA947}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{C7763584-94E2-43EB-BA4F-02AD3EB5EDB9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{B2E1EEF9-DB4E-4EBD-97AB-46DAA499EDB0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{681F2DF9-9FA9-44A3-8DA5-3091A341BCB4}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{0524E17D-504A-467D-B1BE-2E2FA5EF70E4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{492A63D7-A548-40D4-A802-1CFE6FC1207C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{ACA9B320-F331-446F-BE89-DB23F795CD20}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ| "{AD8F5107-9A2C-4BE9-93E4-051D24E2D35D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{0A204BEC-48B4-4BDC-B0ED-B167FA60BD64}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{0B652903-E825-4FCC-8DC4-BD5B3D55A97C}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1D7808F1-4567-456B-9249-30E0977BA705}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{349ABE55-212C-4430-A0AA-AD87465A62E7}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{AA1D96D8-B0BE-43FD-93CA-D7A9EFDF640D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3678820438-496632247-2968836803-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "MSMQ-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\mqsvc.exe|Name=@mqutil.dll,-11189|Desc=@mqutil.dll,-11189|EmbedCtxt=@mqutil.dll,-6102| "MSMQ-Out-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\mqsvc.exe|Name=@mqutil.dll,-11190|Desc=@mqutil.dll,-11190|EmbedCtxt=@mqutil.dll,-6102| "MSMQ-In-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=%systemroot%\system32\mqsvc.exe|Name=@mqutil.dll,-11191|Desc=@mqutil.dll,-11191|EmbedCtxt=@mqutil.dll,-6102| "MSMQ-Out-UDP"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\mqsvc.exe|Name=@mqutil.dll,-11192|Desc=@mqutil.dll,-11192|EmbedCtxt=@mqutil.dll,-6102| "IIS-WebServerRole-HTTP-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501| "IIS-WebServerRole-HTTPS-In-TCP"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503| "WCF-NetTcpActivator-In-TCP-64bit"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|Svc=NetTcpActivator|Name=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2002| "UDP Query User{18638939-2581-4F99-9546-0BCC965B9472}C:\program files (x86)\steam\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\steam\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe|Name=Borderlands: The Pre-Sequel|Desc=Borderlands: The Pre-Sequel|Defer=User| "TCP Query User{357D5AEB-3688-484F-8704-954C097ADD07}C:\program files (x86)\steam\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\steam\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe|Name=Borderlands: The Pre-Sequel|Desc=Borderlands: The Pre-Sequel|Defer=User| "{78782DA1-534C-4DAC-8E7C-0784E84FC19B}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002| "{42B6063D-5ABF-49D4-A2C5-61EA95FD2520}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{6E840DDB-0907-4456-9D7F-9A62BD6385BB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{BD1E4291-F910-4CEA-BE62-24F7D8D7066C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{7534FE08-5A2B-4962-BFCF-971F7AA7E4D0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{93931B69-3446-40B6-8F19-D0D5CB62ADB8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{28F0BC5A-BD8A-47BE-B155-19307B6A5B36}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{594E7F22-1794-40F6-869D-C4681412A079}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{831F9DA6-E811-47EA-B384-251AC8DFBABE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{B2DD5570-DE56-492D-BEE3-2BD6794A4DE8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1795164B-DC03-4C15-8338-7424928627C6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{5BBFAC84-C908-4F4E-99A2-C9D919693FE0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{1EED8E50-6B8A-4429-A875-2E36E4568B09}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{A7A05BE5-BBD1-4A6E-A53F-A50D13D1AC92}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{E99959A0-1B53-4966-A87D-AFE7FAFE7EB1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{7FB48C1C-B60A-4ADD-85F4-CEEDB096D815}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{EAA82F8F-4F67-49A0-A060-0411421E8092}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ| "{A651DB1F-6D84-48AE-9157-FD966CF30929}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9525A3F6-B9ED-4629-BC81-E327D178C142}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{7E1BF40F-DAE2-46FB-AA7D-A0C367445394}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{C3F05AC9-0D0E-4276-BC4B-DF6A7C68FC11}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{4B771A2F-5D2C-489E-8FAA-DB6D81A0AD25}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{39C7A57C-6054-4A3B-8D48-E4C13513A083}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=ASUS Welcome|Desc=ASUS Welcome|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1791334737-3644637894-912171476-726613620-3748997741-2897954968-3492054033|EmbedCtxt=ASUS Welcome|Platform=2:6:2|Platform2=GTEQ| "{6D2E3A61-A2F0-4CC6-8107-CE0CE94C4715}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ| "{44761298-3E0D-495F-BB92-C57F73DAAD12}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{1488C4A2-591D-44AC-A5F8-0C9A6B057718}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{160C7560-CF0F-49C8-A074-D9DF354001FC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "{61067BA7-A64E-4106-BDCF-263550F49F90}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour| "TCP Query User{2B5C0A71-C3B8-41F1-A748-8BF2890F5022}C:\program files (x86)\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User| "UDP Query User{868DC832-7A79-440B-B9A7-05E08E35AA44}C:\program files (x86)\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User| "{4F8A94ED-77C2-49DE-BF51-65D5F57E8651}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=WindowsDVDPlayer|Desc=@{Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsDVDPlayer/resources/IDS_DVDPLAYER_APP_DESCRIPTION}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-494306191-403223751-685396099-4274694484-3538043412-2548233107-2872311217|EmbedCtxt=WindowsDVDPlayer|Platform=2:6:2|Platform2=GTEQ| "{881C4818-DBBA-4E3C-ACCB-2977E854A27B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{A786B9E0-0FBF-4C72-AF54-DF148B98D983}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\Sony\PS4 Remote Play\RemotePlay.exe|Name=Lecture à distance PS4|EmbedCtxt=Lecture à distance PS4| "TCP Query User{7F0E1D59-1007-4845-B0F2-2C768A109287}C:\program files (x86)\steam\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\steam\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe|Name=NARUTO STORM 3 FB|Desc=NARUTO STORM 3 FB|Defer=User| "UDP Query User{FE145623-B32B-4C5F-9A67-20DA890E2C76}C:\program files (x86)\steam\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\steam\steam\steamapps\common\naruto shippuden ultimate ninja storm 3 full burst\ns3fb.exe|Name=NARUTO STORM 3 FB|Desc=NARUTO STORM 3 FB|Defer=User| "{6F785E3B-5D21-4761-A512-8CB9C720B056}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{329E34A3-7F6B-469B-A8B5-E26473AE51D0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Desc=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Microsoft.Apps.Messaging.Skype/SkypeMessaging.Resources/Skype_AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F3142FB3-2BDF-43A9-B97D-D85C215985E7}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{F6EEC6C1-713C-4DEA-BC01-79A09875D188}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ| "{C3C5BBAF-4984-4648-AAA5-277402F987B9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "TCP Query User{AFCB52FC-7C3D-4F89-A79D-020F8D8CF14B}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "UDP Query User{853F233A-5688-41E3-9632-DF461A0FEE31}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User| "{28DFF703-5149-491E-B315-EC83F0571ABE}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe|Name=Raptr Desktop App| "{70ECE838-1F78-4F06-A954-6D80DFA29313}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe|Name=Raptr Desktop App| "{7E66410E-73D9-4BD1-80B1-ED20E31941B1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe|Name=Raptr IM| "{93C51899-06C1-439F-B473-D0839C06FA23}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe|Name=Raptr IM| "{6930BC3F-472B-44A3-B2B7-8B46913C8F3C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe|Name=Plays.tv client| "{DF2AB128-2542-42B0-8A66-1FC292BE0028}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe|Name=Plays.tv client| "{82A9B633-AAD6-49E8-B783-5B49205CEFA6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{BF15D9B7-EA77-4D22-A04E-22BCB639695A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files\Mozilla Firefox)| "{0A42AABA-1757-440E-B4D4-9904EEF0BF86}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{151BE989-6CB1-4E11-95D6-47D637056E32}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{AF80C6FF-02CF-4BAD-A88A-3AA1716E8642}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{3B25730B-5BBA-4C97-BB73-09E24FF424E8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{55516A83-03E4-45A5-8735-40B5D88AE732}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{58D6C573-F541-4B76-9379-756A685F42EE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{4A9A48C1-5F77-4C2C-88ED-3CC686663470}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{91042F57-C2F7-4CAC-B3DC-B65212857687}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{FF8ED068-82F5-493E-81C4-FFC050F5E1E4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{2C13CB46-5FB1-400C-B97E-082A673B11BC}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{5A25B1E1-61A2-496F-9A04-7CEB1D29EA7A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{713158D9-E9CE-4E5C-A48A-75EB2DFAE56E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{316B28F0-18F2-4A1F-94CB-6C1B8A4829DE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{E085D179-7319-4783-8122-8A6215E00727}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{808F8E84-85E3-440D-AC22-EE373E1CCA65}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{038B21FB-027F-4F45-A4E4-9857875EA264}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DBFE8FBF-0075-48E8-9EA1-333AD6B1A1E5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{5D5B1E30-A11E-4C4F-88AF-BEC93BF17812}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{6F28A7A9-7AAD-4599-B5D5-D7E12B16B177}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{F914A1CF-F532-4E1B-BE3F-EC5B3FAA2DF7}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{419F818B-657A-4065-8D15-A5E9D389C3E1}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{6FE0B54F-3F78-4C61-9552-CE4F47FB0B11}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{36BD9C80-D957-4557-88A8-A85A5AB840A7}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{6553D7B9-4E8D-419F-A0CD-1FD52453D267}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{7EE47CB9-538C-4AD7-AAFC-ACA63E72C270}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{5454F5E1-F8F9-4603-AB77-2ABE09C95BAE}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{9C26C27C-0C95-4B83-B482-AD672A0EA236}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{55C72EF0-34BA-4CF9-AD0D-3DAD48D2A2F0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{3A620BF9-5EF0-4CBB-B4B8-BB64C2E2CDCA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{CCC66E60-F07B-49A8-8F83-11B81A725743}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{2C6757F0-8DB7-418C-888A-EDCC1CCDEA19}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{DA51823B-1A2B-4069-9F1E-E9D73AC22AE8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{FB9DE322-BFB9-46CC-A7CF-79E3C116D2AC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-3678820438-496632247-2968836803-1000|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.11.155.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| "UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User| [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list] "C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe"=C:\Users\sebastien\Downloads\quickdiag_2_29.06.2016.1.exe:*:Enabled:quickdiag_2_29.06.2016.1 ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{091BC97E-2352-4362-A539-10A6D8FF7596}] : (RDPDR) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security Accelerator [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}] : (RDPDR) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [25/03/2016 19:43:11] - (0.0.0.0) - ( -) - C:\WINDOWS\SysWow64\drivers\AsIO.sys [19/05/2013 04:02:52] - (1.0.0.103) - (Scarlet.Crush Productions - Scp Virtual Bus Driver) - C:\WINDOWS\System32\drivers\ScpVBus.sys [11/02/2011 23:23:34] - (4.1.0.2001) - (CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\WINDOWS\system32\drivers\npf.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - 3ware () -> System32\drivers\3ware.sys R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS S0 - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys S0 - amdkmafd (@oem38.inf,%AMDKMAFD_svcdesc%;AMD Audio Bus Lower Filter) -> System32\drivers\amdkmafd.sys S0 - amdsata () -> System32\drivers\amdsata.sys S0 - amdsbs () -> System32\drivers\amdsbs.sys S0 - amdxata () -> System32\drivers\amdxata.sys S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys S0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys S0 - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys S0 - gagp30kx (@agp.inf,%gagp30kx_svcdesc%;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> System32\drivers\gagp30kx.sys S0 - HpSAMD () -> System32\drivers\HpSAMD.sys S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys S0 - intelide () -> System32\drivers\intelide.sys S0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys S0 - isapnp () -> System32\drivers\isapnp.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys S0 - megasas () -> System32\drivers\megasas.sys S0 - megasr () -> System32\drivers\megasr.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msisadrv () -> System32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys S0 - mvumis () -> System32\drivers\mvumis.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys S0 - nvraid () -> System32\drivers\nvraid.sys S0 - nvstor () -> System32\drivers\nvstor.sys S0 - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys S0 - pciide () -> System32\drivers\pciide.sys S0 - pcmcia () -> System32\drivers\pcmcia.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys S0 - percsas2i () -> System32\drivers\percsas2i.sys S0 - percsas3i () -> System32\drivers\percsas3i.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys S0 - stexstor () -> System32\drivers\stexstor.sys R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Lecteur AHCI SATA Microsoft standard) -> System32\drivers\storahci.sys S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys S0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys S0 - storvsc () -> System32\drivers\storvsc.sys R0 - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys S0 - uagp35 (@agp.inf,%uagp35_svcdesc%;Microsoft AGPv3.5 Filter) -> System32\drivers\uagp35.sys S0 - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys S0 - vsmraid () -> System32\drivers\vsmraid.sys S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys S0 - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R0 - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys R0 - Wof (Windows Overlay File System Filter Driver) -> (?) R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys R1 - AsIO (AsIO) -> SysWow64\drivers\AsIO.sys R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys R1 - Beep (Beep) -> (?) R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys R1 - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys R1 - Msfs () -> (?) R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys R2 - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" R2 - AMD External Events Utility () -> %SystemRoot%\system32\atiesrxx.exe R2 - AppHostSvc (@%windir%\system32\inetsrv\iisres.dll,-30011) -> %windir%\system32\svchost.exe -k apphost R2 - Apple Mobile Device Service (Apple Mobile Device Service) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" R2 - asComSvc (ASUS Com Service) -> C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe R2 - AsSysCtrlService (ASUS System Control Service) -> C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - Bonjour Service (Service Bonjour) -> "C:\Program Files\Bonjour\mDNSResponder.exe" R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - CscService (@%systemroot%\system32\cscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - DeviceAssociationService (@%SystemRoot%\system32\das.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService S2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S2 - Freemake Improver (Freemake Improver) -> "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" R2 - FreemakeVideoCapture () -> "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" S2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - Intel(R) PROSet Monitoring Service (Intel(R) PROSet Monitoring Service) -> C:\Windows\system32\IProsetMonitor.exe R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - jhi_service (Intel(R) Dynamic Application Loader Host Interface Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys R2 - LMS (Intel(R) Management and Security Application Local Management Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys R2 - MSMQ (@mqutil.dll,-6102) -> %systemroot%\system32\mqsvc.exe R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys R2 - NetMsmqActivator (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195) -> "%systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator R2 - NetPipeActivator (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe S2 - NetTcpActivator (@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199) -> %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - npf (NetGroup Packet Filter Driver) -> system32\drivers\npf.sys R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_16875db (Hôte de synchronisation_16875db) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_27187 (Hôte de synchronisation_27187) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_2e1be (Hôte de synchronisation_2e1be) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_357bd (Hôte de synchronisation_357bd) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_35e07 (Hôte de synchronisation_35e07) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - OneSyncSvc_367ae (Hôte de synchronisation_367ae) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_47e58 (Hôte de synchronisation_47e58) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup S2 - OneSyncSvc_4d600e (Hôte de synchronisation_4d600e) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - W3SVC (@%windir%\system32\inetsrv\iisres.dll,-30003) -> %windir%\system32\svchost.exe -k iissvcs S2 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - WinDefend (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310) -> "%ProgramFiles%\Windows Defender\MsMpEng.exe" R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding ---------- | System files (Microsoft Files whitelisted) [MD5.2C5B3035B86770ADD2FE9BFBAF5B35A4] - [30/10/2015 09:17:22] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.F7D0CD345D2DA42E7042ABCD73662403] - [30/10/2015 09:17:22] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.B5F984B4D7C0BAF1FC02C3043E94B99E] - [02/06/2016 23:11:02] - (.© Advanced Micro Devices. - AMD ACP Binaries.) - [290.25 Ko] - (2016.602.1640.44) - C:\WINDOWS\System32\Drivers\amdacpksd.sys [MD5.66CD2F9A6AD1B720E448053B5CE6F3A4] - [21/03/2016 16:37:24] - (.Copyright (C) 2012 Advanced Micro Devices, Inc. - AMD Audio Bus Lower Filter.) - [22.7 Ko] - (8.14.1.6003) - C:\WINDOWS\System32\Drivers\amdkmafd.sys [MD5.5B30BCFE6E02E45D3EE268FF001BC5E0] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.F20B30F35A5C7888441B4DCA001ECF8E] - [30/10/2015 09:17:22] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.AFE838D7576C581D6483529621AB10CC] - [30/10/2015 09:17:22] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E3FE8F610B1CC12BC3B2E6BC43DC97E2] - [30/10/2015 09:17:22] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.C02A2A7A7E23E0F64BF4109285940255] - [28/05/2015 08:00:44] - (.© Advanced Micro Devices. - AMD High Definition Audio Function Driver.) - [99 Ko] - (10.0.0.3) - C:\WINDOWS\System32\Drivers\AtihdWT6.sys [MD5.ECE85CCFEC33BA69D7D359F13CF24896] - [16/12/2015 21:07:42] - (.Copyright (C) 1998-2012 Advanced Micro Devices, Inc. - ATI Radeon Kernel Mode Driver.) - [26357.5 Ko] - (8.1.1.1558) - C:\WINDOWS\System32\Drivers\atikmdag.sys [MD5.15405DCCC66146E61A72DBFDDE67A922] - [16/12/2015 21:07:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) - [486 Ko] - (8.14.1.6512) - C:\WINDOWS\System32\Drivers\atikmpag.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [30/10/2015 09:17:22] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.6447BA6FA709514B6C803D159B4C7D1E] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2001-2012 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [518.84 Ko] - (7.4.14.0) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.E716140ACA798A5EC48531F0739A0290] - [30/10/2015 09:17:18] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [461.5 Ko] - (12.12.50.6) - C:\WINDOWS\System32\Drivers\e1i63x64.sys [MD5.491275B864B704B54EC08168344E0F38] - [30/10/2015 09:17:22] - (.(c) COPYRIGHT 2014-2015 QLogic Corporation - QLogic 10 GigE VBD.) - [3356.34 Ko] - (7.12.2.3) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.FF442DCDCE1F6E9FAA9C8AD0CD1D199B] - [30/10/2015 09:17:22] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [30/10/2015 09:17:18] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.59A20F5AD9F4AE54098154359519408E] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [162 Ko] - (30.63.1519.7) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [30/10/2015 09:17:18] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.DC634219EB284728B6F25FBE78688A47] - [22/04/2013 02:06:34] - (.Copyright (C) 1998 - 2011 Intel Corporation. - NDIS 6.1 Advanced Networking Services..) - [159.57 Ko] - (9.8.49.0) - C:\WINDOWS\System32\Drivers\iANSW60e.sys [MD5.6B0029A0253098CCE28EACCFDB9E7208] - [30/10/2015 09:17:22] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.9652E1E35A92D8C75710C17A63B15796] - [30/10/2015 09:17:22] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.FFADF691F7BF727AF5C863454A372723] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [414.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.1898CEDA3247213C084F43637EF163B3] - [26/02/2014 03:31:20] - (.Copyright (C) 2002-2013 Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - [33.76 Ko] - (1.3.0.7) - C:\WINDOWS\System32\Drivers\iqvw64e.sys [MD5.961F28D879D345BFA50AF51285C90F2E] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.6BFB8D1B3407518BE06B6F81F92FA0F5] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [102.34 Ko] - (2.0.76.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.BE0E47988D78F731DEC2C0CB03E765CB] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [96.84 Ko] - (2.50.96.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.F99BF02BE9219986817BF094981EEB18] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.78BFF5425E044086E74E78650A359FBB] - [26/06/2016 19:14:10] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\WINDOWS\System32\Drivers\mbam.sys [MD5.1239597BAB7EED2BB16D035AF87E65D9] - [26/06/2016 19:14:10] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\WINDOWS\System32\Drivers\mbamchameleon.sys [MD5.78488AF2AB2111D67B3C4044707A519B] - [26/06/2016 19:14:43] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [MD5.2ED29B635F35E31A1C0D3DDB7DD2AD03] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.22E3CB85870879CBAE13C5095A8B12E3] - [30/10/2015 09:17:23] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.D41920FBFFF2BBCBBC69A5B383AD022E] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [688.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.218705233D02776AE4D19CC37D985C1B] - [30/10/2015 09:17:23] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.898415AC0B5F1D2A9A48ABCB68A6DC4B] - [26/06/2016 19:14:10] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.88 Ko] - (1.0.6.0) - C:\WINDOWS\System32\Drivers\mwac.sys [MD5.B57CE307DA101C739885B7CC0678077F] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [74.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.351533ACC2A069B94E80BBFC177E8FDF] - [11/02/2011 23:23:34] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - npf.sys (NT5/6 AMD64) Kernel Driver.) - [34.52 Ko] - (4.1.0.2001) - C:\WINDOWS\System32\Drivers\npf.sys [MD5.604D27CC38CC23493F218D0BB834B3FF] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.8B50D897657AB4A15FD9E251BBF7D107] - [30/10/2015 09:17:23] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.1398A85E59698067CBBE1D66A9C13ADF] - [30/10/2015 09:17:23] - (.Copyright © LSI Corporation 2014 - MEGASAS RAID Controller Driver for Windows.) - [56.84 Ko] - (6.803.21.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.35F7C7AD709D909D618D9EDF987FC3ED] - [30/10/2015 09:17:23] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.602.12.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.CC2521C1BE66E922196431B77F765178] - [23/03/2016 11:12:14] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3918.59 Ko] - (6.0.1.7293) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.0447065A6E10774EFCECFDD0EB970A79] - [19/05/2013 04:02:52] - (.Copyright © 2012, 2013 Scarlet.Crush Productions. - Scp Virtual Bus Driver.) - [38.25 Ko] - (1.0.0.103) - C:\WINDOWS\System32\Drivers\ScpVBus.sys [MD5.ABBE803FE0BDAE0E5BE74DDEFBE62F23] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.6043DF55CFE3C7ACF477645FA64DEA98] - [30/10/2015 09:17:23] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.D722BC26F7431A4DA9A183E56CA9FEE3] - [25/04/2016 00:35:52] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver (MSS Ver.3).) - [126.13 Ko] - (2.12.2.0) - C:\WINDOWS\System32\Drivers\ssudbus.sys [MD5.36C3697CA09B23C77BDF95A6B0B57310] - [25/04/2016 00:35:58] - (.Copyright ⓒ SAMSUNG - SAMSUNG Android Modem Device Driver (MSS Ver.3).) - [216.63 Ko] - (2.12.2.0) - C:\WINDOWS\System32\Drivers\ssudmdm.sys [MD5.600112EF97F1238B3B91B918BE12C6BD] - [25/04/2016 00:36:06] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Mobile Logging Device Driver (MSS Ver.3).) - [216.63 Ko] - (2.12.2.0) - C:\WINDOWS\System32\Drivers\ssudserd.sys [MD5.CCDA497C880AD16D87EDFAEFCFB2EDF5] - [30/10/2015 09:17:23] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.8751062F2F7EC78DE92D778A08099DDE] - [03/04/2014 17:48:44] - (.Copyright © 2006-2014, Intel Corporation. - Intel(R) Management Engine Interface.) - [115.5 Ko] - (10.0.0.1204) - C:\WINDOWS\System32\Drivers\TeeDriverx64.sys [MD5.F957092C63CD71D85903CA0D8370F473] - [05/11/2015 17:23:52] - (.© Apple, Inc. - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.67.0.0) - C:\WINDOWS\System32\Drivers\usbaapl64.sys [MD5.D48ED0A08BD2FD25A833E6AC99623091] - [30/10/2015 09:17:23] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.6990D4AFDF545669D4E6C232F26DE1FB] - [30/10/2015 09:17:23] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.4A53441C1C4D2878BEF27E381138BB2D] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [26.34 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.40A3E8D729F458B2C9A8BD9380FF83D5] - [30/10/2015 09:17:23] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [57.84 Ko] - (4.91.10730.0) - C:\WINDOWS\System32\Drivers\winverbs.sys [MD5.798DE15F187C1F013095BBBEB6FB6197] - [25/03/2016 19:43:11] - (.-.) - [14.88 Ko] - (0.0.0.0) - C:\WINDOWS\Syswow64\Drivers\AsIO.sys ---------- | Uninstall [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\2744A393-554C-4E35-A24F-DEF0392B4484-2] : (Dofus.-.Ankama) -> C:\Users\sebastien\AppData\Local\Ankama\Dofus\Dofus.exe --uninstall-or-repair [HKU\S-1-5-21-3678820438-496632247-2968836803-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Users\sebastien\AppData\Local\TeamSpeak 3 Client\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\6af12c54-643b-4752-87d0-8335503010de_is1] : (Nexus Mod Manager.-.Black Tree Gaming) -> "C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" /UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID ROG CPU-Z_is1] : (CPUID ROG CPU-Z 1.69.-.CPUID, Inc.) -> "C:\Program Files\CPUID\ROG CPU-Z\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 46.0.1 (x64 fr)] : (Mozilla Firefox 46.0.1 (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 19.1.51.0.-.Intel) -> MsiExec.exe /i{FD42EE05-18F9-459F-935D-770E75B3BEE5} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 202970] : (Call of Duty: Black Ops II.-.Treyarch) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/202970 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 202990] : (Call of Duty: Black Ops II - Multiplayer.-.Treyarch) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/202990 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 208200] : (DOOM 3: BFG Edition.-.id Software) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/208200 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 212910] : (Call of Duty: Black Ops II - Zombies.-.) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/212910 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 225140] : (Duke Nukem 3D: Megaton Edition.-.3D Realms) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/225140 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 2280] : (The Ultimate DOOM.-.id Software) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/2280 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 2290] : (Final DOOM.-.id Software) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/2290 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 2300] : (DOOM II: Hell on Earth.-.id Software) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/2300 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 241600] : (Rogue Legacy.-.Cellar Door Games) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/241600 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 42700] : (Call of Duty: Black Ops.-.Treyarch) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/42700 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 42710] : (Call of Duty: Black Ops - Multiplayer.-.Treyarch) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/42710 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 9160] : (Master Levels for DOOM II.-.id Software) -> "C:\Program Files (x86)\STEAM\Steam\steam.exe" steam://uninstall/9160 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 4.11 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{004A51FB-F129-3273-4442-CDE9AD45E62C}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{013256F8-F40D-07D5-681C-6EA5BF5B7594}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0A330707-8720-CBD4-EE4C-DE4E2F1DC95C}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0BA5C068-FA0D-7C39-E185-1FE9AD8C9A98}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0C722C50-4685-33B3-34FE-415584098B3B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0CA93C10-3163-7B9B-6A31-22F4614C297C}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0D01BDA8-C995-40AD-95F8-26B7EA4DCF9F}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{0D01BDA8-C995-40AD-95F8-26B7EA4DCF9F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0D94C752-024D-A1FC-02E8-0737CFE5414B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1739AB49-2038-78F5-1A87-BC7490CAC76A}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1AAF29A9-07B5-B245-F5CB-263D6E13AE8A}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1AFE5198-B1F8-F438-4553-BE0CF99911A8}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1F9E5934-994B-4D3E-8ED8-2F898A932A0E}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2464B26D-1665-8DA4-190D-7C474AE7586B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{25DEBD2B-5356-EF0F-43D8-CFFB5BBAA808}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418077F0}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418091F0}] : (Java 8 Update 91 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86418091F0} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2937FD88-C9D6-4B82-B539-37CD0A572F42}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{29F35063-F14F-D4A8-5825-0F74240F25C3}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{2E4AF2A6-50EA-4260-9BA4-5E582D11879A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{33FF313C-78A1-35CE-2E12-93EC013CD42D}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3530D72B-E13A-E242-1B65-1D4A56FEB793}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36FAF585-3D08-3D84-8330-4D048F4B6CE6}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3BF9EC04-F930-6F15-38C8-52405EC3CC6E}] : (AMD Wireless Display v3.0.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{3BF9EC04-F930-6F15-38C8-52405EC3CC6E} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DE97849-544D-4D68-9255-11DF6F9F10D8}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{3DE97849-544D-4D68-9255-11DF6F9F10D8} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3FEEC9D8-4773-8276-F4EF-F700DD03E7C1}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{413A45F5-20F8-1760-22DF-000C80A392E5}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4744DBCC-C813-2A2E-FC25-D7D53D725B30}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4793D2FE-9842-F82B-F03F-05A89A0AC2E4}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{47E510DD-18B9-17F3-121E-B068BCD51D94}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{48CF7F07-4A72-1415-FCAB-B9B9FB8CDB31}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4D512595-BDA6-E291-4BC6-CC2FF891AB05}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5066336E-513F-CBB9-9BB0-C89A3933C10F}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{50F7A320-41EE-14B6-DFEA-E2803B49CFF2}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{511FBA3E-FA09-BA46-22EE-50432AE3CEEE}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{51E9360E-0B90-EE7F-D840-28458BD048DA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{52494368-82AC-E82E-668A-1F260B462B2A}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{52A46417-A51E-B544-7A46-28AB2899246F}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55DE2168-BE6C-903C-527B-64EB3C770966}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{57383087-09B9-0906-1F47-0D0A2BB13E2B}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5A212272-FEC3-0C98-9A71-93B9CF96A07C}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5B290678-6EFA-E1AA-6B92-52342514108C}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5D016ECF-B0FE-60C3-39B0-0A6179D3E2EB}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5E0FB053-0AE7-5466-E972-551F7BE9E1B7}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60B63D92-7C34-6A62-F23D-3173DB17A20A}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{614564F1-EC98-B820-E420-C400CA605A57}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{61C87839-E54E-F438-AF30-A8F4F451C4FA}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{629E9227-0217-4611-673E-80E09B540F9F}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6A57355D-DA82-F598-07B9-55DD203BB371}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7559603B-C973-C9A4-F645-21AC07D7B74F}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{778E6BDA-6BB2-1D5B-395F-3268481F42D1}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77D6A6E7-4771-44F5-EC4D-24D6AD296BE9}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{78ACE60E-0CB7-4935-BCD4-F33422105607}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{78ACE60E-0CB7-4935-BCD4-F33422105607} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7DD2E28B-50AA-D17D-5703-79588FC526CD}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{86F718E7-6AFB-1DFB-219E-AF7752F91C4E}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{87B2419A-F615-AD3A-3521-FFE0C4FE37DF}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8A1F39C0-394B-9FDD-D6E4-267FFFA1D3FA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8F4F9CAC-37A7-E424-2DBC-B9293E772F60}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98900FE1-9C17-4553-B0D1-132BF9126412}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{98900FE1-9C17-4553-B0D1-132BF9126412} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98DD6106-888C-301A-AD03-753FF86838AE}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9901475A-BFAC-0354-22C5-DB4016CCC3C3}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9FD0E0C9-9E88-A306-4BA3-41BC479446C8}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9FEF2AE6-F6B4-7962-2AD1-DB016204C55E}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A027B093-1EC8-1F34-E884-C224DF4D7FDB}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A31C5565-90D9-4615-AE13-94D86C3836C7}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A88050CD-0501-3DCF-2DDA-D290D3E3DCAA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A9A57D3B-4B01-3957-C0A2-5868CA638383}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AD339F94-105F-C674-F11F-23ECD2B785D8}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AEB47876-93CD-AEC5-3D4D-CF9FE98FA597}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AED89989-7DBE-543C-19A4-BE5A855DD2FB}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B16E9589-7E9F-DC0B-1B19-F898AE5A7C47}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B709D228-78E5-4D06-6BD9-7C49CAF0F3A2}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BC7631CB-DCF7-9173-D083-D69965E10D7E}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD555B5E-F1F9-3B62-18AD-DCF2E079AEB4}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BF07E05D-3D7C-6E4E-3843-DFE6D9FFACC8}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1CB93B1-D171-9667-6090-B8BA2A3055DA}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C55FC8D9-2EC4-0E16-52C1-E1157F8256FB}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C5F114C0-4584-A637-C2E9-E8BCD6A2408F}] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{C5F114C0-4584-A637-C2E9-E8BCD6A2408F} REBOOT=ReallySuppress [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C630519B-77F8-D674-CD21-D90887D1BF2D}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C6F1970E-5E7C-584E-79F5-7502049128E7}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CDE7A2F2-9EBB-1980-2F9A-3D336BEF5892}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0E1CB22-3B19-C0B2-A399-B43864B75CD4}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D0EA7EFC-D5CD-D8B1-EB42-F72483CEAABF}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D736634D-5E6D-ADE0-B98F-F6BD709BBAB7}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D8C65C33-C27A-3B8D-76F4-71E2A3844EE3}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D902C252-BA46-81AD-9EFB-CE5E97B3F36F}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D97D0DD5-946B-9599-CBB3-3497E083C41A}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D9C2E250-17A1-0D68-CB41-83232EC31C2C}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DBAE36A4-F2D8-F405-FB92-57C7BC546EC5}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E4551776-E23C-B5BE-1124-91643E733A2E}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E47FAB94-4859-1750-FD7C-B8F1F4C0EA97}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E8B134CC-098E-4623-BD85-0A432FE5DDFB}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{E8B134CC-098E-4623-BD85-0A432FE5DDFB} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E8D9A5F5-A76F-C1CB-2609-F09167AA5628}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EE809B1A-E05F-12F9-3DEE-0920192C3208}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F08A0BBC-9335-1BA0-79A9-732113E9DF1C}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F391790D-F08F-F4B5-77CD-668EBC078B1A}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F5D983D8-432E-54E4-44E7-73BB969EF257}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F6BC99F6-7A5C-0361-46E6-FD800E01B5D3}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8907B9B-B9A8-E638-DFEB-2CED3399FC3A}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8E2FEC7-85F0-3AF4-8E73-44E959167018}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F92DEA29-82F9-F1F1-E8A6-113CE36EEF64}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FACADE7F-B23F-576F-8D3E-7A3B5AA15564}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FCB5675A-A034-2872-8361-00EE0391C399}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FD42EE05-18F9-459F-935D-770E75B3BEE5}] : (Intel(R) Network Connections 19.1.51.0.-.Intel) -> MsiExec.exe /i{FD42EE05-18F9-459F-935D-770E75B3BEE5} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FD5647A0-364E-9A71-46D5-2E79C1AD4D89}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FDA9F952-8DBD-112A-1244-0AD718D6C3A6}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FEAB7E15-1C4A-575E-E099-DAC122FE8815}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 22 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_Plugin.exe -maintain plugin [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Freemake Video Downloader_is1] : (Freemake Video Downloader.-.Ellora Assets Corporation) -> "C:\Program Files (x86)\Freemake\Freemake Video Downloader\Uninstall\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\KLiteCodecPack_is1] : (K-Lite Codec Pack 12.0.5 Full.-.KLCP) -> "C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinPcapInst] : (WinPcap 4.1.2.-.CACE Technologies) -> "C:\Program Files\WinPcap\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}] : (InputMapper.-.DSDCS) -> MsiExec.exe /X{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}] : (Minecraft.-.Mojang) -> MsiExec.exe /X{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E93452B-BA3E-7375-958C-EBC5E8672A5E}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{223B62A8-F6FF-4BEB-BC17-230D12723CD0}_is1] : (RomStation.-.RomStation) -> "C:\RomStation\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26356515-5821-40FA-9C3D-9785052A1062}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{26356515-5821-40FA-9C3D-9785052A1062} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2B642F70-BA82-5E78-41CE-BDFFD5C37530}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C1E2874-AE02-5082-1C97-F333A5412778}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2EA40F3D-0D93-A391-F383-6F1C708B80BF}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3310DD5A-3695-3390-6F38-2B93D862FE02}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{36404440-3A39-C9B5-4713-2DB315DEF034}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3C7B5C75-FD82-BC1F-F148-89A3189EF385}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5644668B-04A5-68F6-0AA9-03255877C58F}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5DA870C0-BC5C-BE96-5045-BD429959C0D3}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F3182EE-2532-3B96-2BBB-03B87F574E76}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71971AE8-C8F3-3C62-FB89-AC41A96761AB}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BEE81A3-3CEE-4B06-BCEA-9DABAF85AE52}] : (Lecture à distance PS4.-.Sony Interactive Entertainment Inc.) -> MsiExec.exe /I{7BEE81A3-3CEE-4B06-BCEA-9DABAF85AE52} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7D94356D-48E0-DE1A-423C-67A363C13771}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E0B1563-7607-00D7-21CE-7DAFA6FF009C}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7F8B68A2-0CD0-7DAF-8955-1419C60886D3}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{87006B27-A5A6-9EF1-BA04-CD7284462419}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{947E1256-258E-60A2-7331-44D09E61CF99}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A3168DE0-479A-D5EC-59C4-0278C7DEC11C}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824184103} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF44ADDF-E927-4B66-E829-4AF27BF6A58B}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C504B8BB-8D25-06D1-C489-1057DBE7E335}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D5323DE5-C364-09B7-657D-EDA9E2D81E1A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1] : (Cube World version 0.0.1.-.Picroma) -> "C:\Program Files (x86)\Cube World\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}] : (Catalyst Control Center InstallProxy.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia ASM104x USB 3.0 Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F6860530-9733-0BB2-9C09-F25101076E78}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA858E04-4F41-4858-B01B-9E9337767AD0}] : (XSplit Broadcaster.-.SplitmediaLabs) -> MsiExec.exe /X{FA858E04-4F41-4858-B01B-9E9337767AD0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}] : (.-.) -> ---------- | Installer [HKCR\Installer\Products\0444046393A35B9C7431D23B51ED0F43] : AMD Settings -> C:\WINDOWS\Installer\{36404440-3A39-C9B5-4713-2DB315DEF034}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0C411F5C4854736A2C9E8ECB6D2A04F8] : AMD Install Manager -> C:\WINDOWS\Installer\{C5F114C0-4584-A637-C2E9-E8BCD6A2408F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1EF0098971C935540B1D31B29F214621] : Intel(R) Management Engine Components [HKCR\Installer\Products\1F46541689CE028B4E024C00AC06A575] : Catalyst Control Center Next Localization NO -> C:\WINDOWS\Installer\{614564F1-EC98-B820-E420-C400CA605A57}\ARPPRODUCTICON.exe [HKCR\Installer\Products\350BF0E57EA066459E2755F1B79E1E7B] : Catalyst Control Center Next Localization IT -> C:\WINDOWS\Installer\{5E0FB053-0AE7-5466-E972-551F7BE9E1B7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3551562C3AC622842B6ECBA4ACE6E02A] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}\WinInstall.ico [HKCR\Installer\Products\3A18EEB7EEC360B4CBAED9BAFA58EA25] : Lecture à distance PS4 -> C:\WINDOWS\Installer\{7BEE81A3-3CEE-4B06-BCEA-9DABAF85AE52}\RemotePlay.exe [HKCR\Installer\Products\3ACB61C11CBE6F946832F8FB9BCC8C27] : Minecraft -> C:\WINDOWS\Installer\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}\minecraft.ico [HKCR\Installer\Products\40CE9FB3039F51F6838C2504E53CCCE6] : AMD Wireless Display v3.0 -> C:\Windows\Installer\{3BF9EC04-F930-6F15-38C8-52405EC3CC6E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\40E858AF14F485840BB1E9397367A70D] : XSplit Broadcaster -> C:\WINDOWS\Installer\{FA858E04-4F41-4858-B01B-9E9337767AD0}\XSplit.Core.exe [HKCR\Installer\Products\4A63EABD8D2F504FBF29757CCB45E65C] : Catalyst Control Center Next Localization JA -> C:\WINDOWS\Installer\{DBAE36A4-F2D8-F405-FB92-57C7BC546EC5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4BE02D7D98DB0C50506C335E7B2689E9] : Catalyst Control Center InstallProxy -> C:\WINDOWS\Installer\{D7D20EB4-BD89-05C0-05C6-33E5B762989E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\4EA42A62D9304AC4784BF2681408190F] : Java 8 Update 91 (64-bit) -> C:\Program Files\Java\jre1.8.0_91\\bin\javaws.exe [HKCR\Installer\Products\50EE24DF9F81F95439D577E0573BEB5E] : -> C:\Windows\Installer\{FD42EE05-18F9-459F-935D-770E75B3BEE5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\515653621285AF04C9D3795850A20126] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{26356515-5821-40FA-9C3D-9785052A1062}\WinInstall.ico [HKCR\Installer\Products\6771554EC32EEB5B11421946E337A3E2] : Catalyst Control Center Next Localization CHS -> C:\WINDOWS\Installer\{E4551776-E23C-B5BE-1124-91643E733A2E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA408033019195008142811430] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824184103}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6A2FA4E2AE050624B94AE585D21178A9] : Apple Mobile Device Support -> C:\WINDOWS\Installer\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}\Installer.ico [HKCR\Installer\Products\707033A002784DBCEEC4EDE4F2D19CC5] : Catalyst Control Center Next Localization RU -> C:\WINDOWS\Installer\{0A330707-8720-CBD4-EE4C-DE4E2F1DC95C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\71464A25E15A445BA76482BA829942F6] : AMD Settings -> C:\WINDOWS\Installer\{52A46417-A51E-B544-7A46-28AB2899246F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7CEF2E8F0F584FA3E837449E95610781] : Catalyst Control Center Next Localization HU -> C:\WINDOWS\Installer\{F8E2FEC7-85F0-3AF4-8E73-44E959167018}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7E6A6D7717745F44CED4426DDA92B69E] : Catalyst Control Center Next Localization ES -> C:\WINDOWS\Installer\{77D6A6E7-4771-44F5-EC4D-24D6AD296BE9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7E817F68BFA6BFD112E9FA77259FC1E4] : Catalyst Control Center Next Localization TR -> C:\WINDOWS\Installer\{86F718E7-6AFB-1DFB-219E-AF7752F91C4E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\860C5AB0D0AF93C71E58F19EDAC8A989] : Catalyst Control Center Next Localization FI -> C:\WINDOWS\Installer\{0BA5C068-FA0D-7C39-E185-1FE9AD8C9A98}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8915EFA18F1B834F5435EBC09F99118A] : Catalyst Control Center Next Localization DA -> C:\WINDOWS\Installer\{1AFE5198-B1F8-F438-4553-BE0CF99911A8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8ADB10D0599CDA04598F627BAED4FCF9] : Intel(R) Management Engine Components [HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico [HKCR\Installer\Products\8F652310D04F5D7086C1E65AFBB55749] : Catalyst Control Center Next Localization CHT -> C:\WINDOWS\Installer\{013256F8-F40D-07D5-681C-6EA5BF5B7594}\ARPPRODUCTICON.exe [HKCR\Installer\Products\92AED29F9F281F1F8E6A11C33EE6FE46] : Catalyst Control Center Next Localization PL -> C:\WINDOWS\Installer\{F92DEA29-82F9-F1F1-E8A6-113CE36EEF64}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93878C16E45E834FFA038A4F4F154CAF] : Catalyst Control Center Next Localization NL -> C:\WINDOWS\Installer\{61C87839-E54E-F438-AF30-A8F4F451C4FA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia ASM104x USB 3.0 Host Controller Driver -> C:\Windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper [HKCR\Installer\Products\94879ED3D44586D4295511FDF6F9018D] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\958FB4F94A3C6BA4DB1DC9D585815889] : iTunes -> C:\WINDOWS\Installer\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}\Installer.ico [HKCR\Installer\Products\9859E61BF9E7B0CDB1918F89EAA5C774] : Catalyst Control Center Next Localization BR -> C:\WINDOWS\Installer\{B16E9589-7E9F-DC0B-1B19-F898AE5A7C47}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9C0E0DF988E9603AB43A14CB7449648C] : Catalyst Control Center Next Localization CS -> C:\WINDOWS\Installer\{9FD0E0C9-9E88-A306-4BA3-41BC479446C8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A65044A18D7C1654CB340AAAD7A7AA46] : InputMapper -> C:\WINDOWS\Installer\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}\InputMapper.exe [HKCR\Installer\Products\A9142B78516FA3DA5312FF0E4CEF73FD] : Catalyst Control Center Next Localization EL -> C:\WINDOWS\Installer\{87B2419A-F615-AD3A-3521-FFE0C4FE37DF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AA74CE6531856FF4E857450462BFAE38] : Apple Software Update -> C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\Installer.ico [HKCR\Installer\Products\B3069557379C4A9C6F5412CA707D7BF4] : Catalyst Control Center Next Localization KO -> C:\WINDOWS\Installer\{7559603B-C973-C9A4-F645-21AC07D7B74F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CBB0A80F53390AB1979A3712319EFDC1] : Catalyst Control Center Next Localization TH -> C:\WINDOWS\Installer\{F08A0BBC-9335-1BA0-79A9-732113E9DF1C}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CC431B8EE8903264DB58A034F25EDDBF] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\D097193FF80F5B4F77DC66E8CB70B8A1] : Catalyst Control Center Next Localization SV -> C:\WINDOWS\Installer\{F391790D-F08F-F4B5-77CD-668EBC078B1A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D50E70FBC7D3E4E68334FD6E9DFFCA8C] : Catalyst Control Center Next Localization DE -> C:\WINDOWS\Installer\{BF07E05D-3D7C-6E4E-3843-DFE6D9FFACC8}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E06ECA877BC05394CB4D3F4322016570] : AMD Settings - Branding -> C:\Windows\Installer\{78ACE60E-0CB7-4935-BCD4-F33422105607}\ARPPRODUCTICON.exe [HKCR\Installer\Products\E3ABF11590AF64AB22EE0534A23EECEE] : Catalyst Control Center Next Localization FR -> C:\WINDOWS\Installer\{511FBA3E-FA09-BA46-22EE-50432AE3CEEE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 953G No No 206,848 952,393,216 2 2 27-UNKNWN 450M No No 952,600,064 921,600 ---------- | MBR Windows Version: Professional Windows Information: (build 9200), 64-bit Base Board Manufacturer: ASUSTeK COMPUTER INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUS System Product Name: All Series Logical Drives Mask: 0x0000002c Analysis of file "C:\QuickDiag\MBR.bin": Windows 7 MBR code detected 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.10586.306, horodatage : 0x571afaa5 Nom du module défaillant : JumpViewUI.dll, version : 10.0.10586.306, horodatage : 0x571af742 Code d’exception : 0x80000003 Décalage d’erreur : 0x000000000001a03b ID du processus défaillant : 0x1148 Heure de début de l’application défaillante : 0x01d1d056ce5bce82 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Chemin d’accès du module défaillant: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\JumpViewUI.dll ID de rapport : 7fe27dff-bccd-453f-92d4-9627fca19c1d Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ ATI EEU Service event error ------------ ATI EEU Service event error ------------ Nom de l’application défaillante dwm.exe, version : 10.0.10586.0, horodatage : 0x5632d756 Nom du module défaillant : combase.dll, version : 10.0.10586.103, horodatage : 0x56a849ab Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000067e3c ID du processus défaillant : 0x1858 Heure de début de l’application défaillante : 0x01d1cc99430c2359 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\dwm.exe Chemin d’accès du module défaillant: C:\WINDOWS\system32\combase.dll ID de rapport : 79fca9e6-fc73-4b92-86e4-bdfe02a88c01 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ATI EEU Service event error ------------ Nom de l’application défaillante dwm.exe, version : 10.0.10586.0, horodatage : 0x5632d756 Nom du module défaillant : combase.dll, version : 10.0.10586.103, horodatage : 0x56a849ab Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000067e3c ID du processus défaillant : 0xe00 Heure de début de l’application défaillante : 0x01d1cc8396bb19f9 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\dwm.exe Chemin d’accès du module défaillant: C:\WINDOWS\system32\combase.dll ID de rapport : b0b4d29d-5415-41ef-a694-367aaa8a1bbe Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ ATI EEU Service event error ------------ Nom de l’application défaillante dwm.exe, version : 10.0.10586.0, horodatage : 0x5632d756 Nom du module défaillant : KERNELBASE.dll, version : 10.0.10586.306, horodatage : 0x571af331 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000032149 ID du processus défaillant : 0x1b44 Heure de début de l’application défaillante : 0x01d1cb1c7eca42f2 Chemin d’accès de l’application défaillante : C:\WINDOWS\System32\dwm.exe Chemin d’accès du module défaillant: C:\WINDOWS\system32\KERNELBASE.dll ID de rapport : 1ce1fd6f-a467-447c-ad53-6db12571a5c4 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ ATI EEU Service event error ------------ ATI EEU Service event error ------------ ATI EEU Service event error ------------ ATI EEU Client event error ------------ Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur. ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ ATI EEU Service event error ------------ Nom de l’application défaillante svchost.exe, version : 10.0.10586.0, horodatage : 0x5632d7ba Nom du module défaillant : ESENT.dll, version : 10.0.10586.212, horodatage : 0x56fa1686 Code d’exception : 0xc0000602 Décalage d’erreur : 0x000000000022885f ID du processus défaillant : 0x6e8 Heure de début de l’application défaillante : 0x01d1bf702678ae55 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\svchost.exe Chemin d’accès du module défaillant: c:\windows\system32\ESENT.dll ID de rapport : a042b636-324b-44ca-8a71-b853be92986b Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ svchost (1768) Interruption du processus en raison d’une erreur irrécupérable : PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(bt.cxx:1768): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) ------------ Task Scheduling Error: m->NextScheduledSPRetry 5735 ------------ ----------( EOF)---------- - 3792 | 13:59:24