fait par SAMSUNG le Tue 02/28/2017
=================

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager

=================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
    DisplayName    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    "%ProgramFiles%\Windows Defender\MsMpEng.exe"
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x10
    Description    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-240
    DependOnService    REG_MULTI_SZ    RpcSs
    ObjectName    REG_SZ    LocalSystem
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeLoadDriverPrivilege\0SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeShutdownPrivilege\0SeIncreaseQuotaPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege
    FailureActions    REG_BINARY    8051010000000000010000000300000014000000030000006400000000000000640000000000000064000000
    LaunchProtected    REG_DWORD    0x3
    FailureCommand    REG_SZ    C:\WINDOWS\system32\mrt.exe /EHB /ServiceFailure "CAMP=4.10.14393.0;approximate-> Engine=1.1.13504.0;AVSIG=1.237.305.0;ASSIG=1.237.305.0" /StartService /Defender /q

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security
    Security    REG_BINARY    01001480F400000000010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200C40007000000000018009D01020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D010200010100000000000504000000000014009D01020001010000000000050600000000002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000BF5508723BE028D089794BF891896E7C4025ECF4010100000000000512000000010100000000000512000000

=================

SERVICE_NAME: windefend 
        TYPE               : 10  WIN32_OWN_PROCESS  
        STATE              : 4  RUNNING 
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
[SC] QueryServiceConfig r‚ussite(s)

SERVICE_NAME: windefend
        TYPE               : 10  WIN32_OWN_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : "C:\Program Files\Windows Defender\MsMpEng.exe"
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Service Windows Defender
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
=================

SERVICE_NAME: rpcss 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
[SC] QueryServiceConfig r‚ussite(s)

SERVICE_NAME: rpcss
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Appel de proc‚dure distante (RPC)
        DEPENDENCIES       : RpcEptMapper
                           : DcomLaunch
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
=================

SERVICE_NAME: dcomlaunch 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
[SC] QueryServiceConfig r‚ussite(s)

SERVICE_NAME: dcomlaunch
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Lanceur de processus serveur DCOM
        DEPENDENCIES       : 
        SERVICE_START_NAME : LocalSystem
=================

SERVICE_NAME: RpcEptMapper 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
[SC] QueryServiceConfig r‚ussite(s)

SERVICE_NAME: RpcEptMapper
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k RPCSS
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Mappeur de point de terminaison RPC
        DEPENDENCIES       : 
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
=================