OTL Extras logfile created on: 23/03/2017 19:57:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MSI4M\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.14393.0) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 7,88 Gb Total Physical Memory | 4,88 Gb Available Physical Memory | 61,95% Memory free 10,88 Gb Paging File | 7,30 Gb Available in Paging File | 67,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 930,96 Gb Total Space | 603,02 Gb Free Space | 64,77% Space Free | Partition Type: NTFS Computer Name: MEHDINGUE | User Name: MSI4M | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 61 69 40 88 0E 7E D2 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] "DontEnumerateCommonFilesUpgradeExe" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 1 "DefaultInboundAction" = 1 "DoNotAllowExceptions" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04707613-FE68-4B64-B06F-2E02305A6CCA}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{05D7A93D-435F-4999-BA8A-5E8E983AAA1D}" = lport=445 | protocol=6 | dir=in | app=system | "{0A890C25-51F3-49C9-93A4-CEF31A0FFC1E}" = rport=137 | protocol=17 | dir=out | app=system | "{1339A1DA-1590-44DB-81E6-524BE6AE30A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1E48B0DC-E485-4B97-BF67-E9BB16A76194}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{1E7B34EB-BF55-4314-AC4A-3B84498D9354}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{278327B2-7076-49DB-82F0-1D814535002C}" = lport=139 | protocol=6 | dir=in | app=system | "{36DF7707-3A03-4A41-B565-A644CD732031}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3D6DCC0D-527F-4005-AEB0-A38D70053E6D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\avira\scout\application\scout.exe | "{43C545E5-8F4B-4BE6-B4F0-D6AF00742A8F}" = lport=137 | protocol=17 | dir=in | app=system | "{474C9FFC-785C-4BC9-BA26-71052D69BF05}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{5B039C00-7E73-40A1-BBEE-6976DC13F3ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{804BC7AA-A304-44EE-A7F2-AB0B5BEF56AB}" = rport=445 | protocol=6 | dir=out | app=system | "{853A40B0-0542-4997-924A-567260B06E28}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{97E49ABC-5212-4DA6-9701-4EAEFFCF84DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{A367B8DB-3D1C-478F-B70B-5141B9B35394}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C251EA34-CFD8-4E24-8E95-12909B6CCFB2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CAF17754-2843-4229-9922-7483D6FCF0F8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CCD20CA8-1BF7-4F44-AB20-95F04478BC6B}" = rport=139 | protocol=6 | dir=out | app=system | "{CFA0D069-983E-4846-9393-A17034F63CFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D0F9D0BC-66D2-4BD0-9E63-37E6FD9F62EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DB7E1F25-9597-4AB0-9806-B53E11B668C7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{DD71FAE5-99B3-41AC-B703-D700FCA25F23}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DF365310-31DF-4F79-9B64-7F4F9775A974}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | "{ECE52C9F-F0DC-4D72-A55E-15E763BA2719}" = lport=138 | protocol=17 | dir=in | app=system | "{FCB8761F-B73D-40BD-BB5A-48C1B1B523FA}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{025B5AF9-1E03-484A-B621-C58F85C85E00}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{050E4379-0442-4669-845D-1FB6CBF196FA}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{0662273D-457C-4439-A638-32BB70EECA60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{067EDC96-466E-445E-906F-5434E0003E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | "{0B571312-1945-434D-90E5-E41E3ADA2176}" = dir=in | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{0F8E490D-5E85-43DA-BF92-9825B42BCD06}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{15177DD0-B75E-4827-9856-B080EDBB996F}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{16DD88A2-81BE-44F5-819D-44409A7826D5}" = dir=in | name=microsoft solitaire collection | "{176AD8A6-F540-4320-9A40-F9984C2B95A5}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{19D93669-5736-4348-8371-B60FA7E4A77E}" = dir=out | name=@{microsoft.zunevideo_10.16122.10291.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{1CF4FA6C-FD16-42B8-8FF7-D66E96940CFD}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{1D43B7A2-7F41-45F6-885F-4E4ED90AA4FD}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{1D5C702D-BE99-434B-950E-B307BEFF2E4E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{1E0A7542-A54A-4C54-BF46-7D77A900C52E}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{22912916-DB42-4D29-A5D2-BCF550C7C8BF}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{252369D6-5B32-4372-9424-0283D6501DAD}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{267E7F68-81D5-4B74-BC9F-452F7C36E056}" = dir=in | name=microsoft sticky notes | "{2771E8D1-9F31-47CD-B5E3-E6081A60FD6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawlhalla\brawlhalla.exe | "{277D08A2-0772-4B56-8B30-73B5A1F9ADE2}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{2F470438-63DB-4C20-AE44-39AAD7667DAD}" = dir=out | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{305A6DE5-32C9-4738-96DD-04DAF9CE32A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\newz\newzlauncher.exe | "{324E807C-B655-403D-A665-B24E864C968D}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{342414CB-7EC8-428B-8AA4-7C4CACF78A34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{34854EFD-2ABC-4360-A0EF-E708B9E56D99}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fishing planet\fishingplanet.exe | "{38FF5A55-39A4-44A1-968F-1D8C721325FF}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{3A7126F4-ED92-4C1C-8EA4-D53729FE6879}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{3B34467F-09DE-4CFA-95D1-2A933932BC45}" = dir=out | name=@{microsoft.people_10.1.3410.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{3C77DEB2-2914-4F81-831B-95DB7BF1B7DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\paint the town red\paintthetownred.exe | "{3E8AE5D9-7352-428D-9060-6ED5E448185E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{3F6CE6A1-4A94-462E-925A-F4B301A64535}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\paint the town red\paintthetownred.exe | "{3FA1B0E7-F934-45C9-A335-2D598D6FAF0C}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{40B93EEB-3F28-4452-B0D6-D85BFD0CEF47}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{40E07943-B5E0-4CA8-BEE3-D49C769FEA43}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{46BA6E03-B774-4727-BEC8-A69416B6838D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fishing planet\fishingplanet.exe | "{4914F357-CB81-4E63-B6B6-0A645CABB83C}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{49FC3508-EE3F-4F30-88FD-D14DC9570749}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{4C24A2A2-6FA8-4AB4-81D1-2580169B2538}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawlhalla\brawlhalla.exe | "{4F0F6525-1AD9-43A9-92D9-BAA23C54CD28}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7830.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{5398C053-02B2-4F53-A95D-A5E3FD370670}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{576C17CD-6F6F-441D-B29C-B8AE20C04659}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{57DCCCC8-296A-4B35-BCB3-2ED64DE80922}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\newz\newzlauncher.exe | "{59D60FA9-FF5A-4E20-B54F-013927DBC273}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{5AB97882-EB7E-4FAE-9E5B-3FA3DCA96697}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{5E0D289E-938D-49CC-83F6-3E7C6E448CC0}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7830.42257.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{5F2F7995-0DFF-4BA4-9ADA-EFCBE0C31966}" = dir=out | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{607C1FEA-5DC0-4DF5-9EA2-AFFB22728B41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | "{643831FA-217E-40FC-8CE8-EAD2658EA5A7}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{6563FEBD-50EF-4B78-85C0-8E7AC99F627E}" = dir=out | name=@{microsoft.getstarted_4.4.11.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{65A787CE-A9DB-4C09-80A9-C022C73069BD}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{66C58620-C161-4ADB-84BB-B77C7EE6FC2A}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{66E9727F-9FA2-48D0-BC26-320EC86B8FFC}" = dir=in | name=onenote | "{6A69EA74-A39D-4B5E-BAA7-AB04003AC959}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6AADA3AC-0999-472C-9727-6FA57E4BEF3A}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{6C1EAC81-64D7-4E9E-8209-5D4DE5C3C05F}" = dir=out | name=store purchase app | "{6FB64F08-E738-47FC-AD68-6C1B68B1CE19}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{6FF8E6B8-AC94-4232-9FBA-A2C22B44EB12}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{7230352D-918E-4DE2-901F-8540B2857137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{72A9BBE4-EDCF-43B1-9FCB-F818BEB12CB3}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{779D4F30-3E87-482B-841D-6E1332B91353}" = dir=in | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{7866EB3A-1A03-4A8D-B1BD-A05D7DC908B3}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{78DAC0C4-BCD6-4989-97D0-CF34F7C334D9}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{7F741F23-DA55-4E4C-AF0F-3C477E38317B}" = dir=in | name=@{microsoft.zunemusic_10.16122.10271.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{8422C18C-B162-496B-B7CB-1DA802505015}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{868503A8-7F19-4683-B7BC-5C9E88F26A2B}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{8AA31C1D-2802-4957-BDED-84716BED88CD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{8CAB2887-A22C-4F9D-A4B1-5809CBA958C9}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{9194C4C5-0DF8-4AB8-88C1-6FA3DC0E036B}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{96A5548C-BF03-4E4F-BEBE-B610F2C0D900}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | "{9A7E5DF7-3E00-435E-A901-8E865E24F0FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9FCE4AE9-62B9-4F44-84AB-635FDACCDB75}" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | "{A080912A-CA01-472B-A886-A03838E6A9F5}" = protocol=58 | dir=in | app=system | "{A31E04E2-6DFF-49FD-8513-158DCAD31FB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "{A3DED87E-FD34-4656-B74D-2F7CC3538576}" = dir=out | name=@{microsoft.skypeapp_11.10.152.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{A91AEB1D-3BF3-43C9-B7B0-03E6E255E792}" = protocol=6 | dir=in | app=c:\users\msi4m\appdata\roaming\utorrent\utorrent.exe | "{AF554FAB-1AE7-4F9B-A1A2-8F8299AF5F78}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{B268CB59-7846-48B7-9B6D-6E3B393DB10B}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{B3E637AE-8A7D-478A-934C-AB95338A7A09}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{B5A78589-21BD-49EE-BCFF-D236027B822F}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{B631602B-45AE-463D-B746-2DCB99B139E4}" = protocol=17 | dir=in | app=c:\program files\driverscloud.com\driverscloud.exe | "{B6C12BC6-8048-48BB-8EFB-2F08ADB86C9E}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{B9B71230-001B-48D6-B547-0BF22B6D8567}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{BD4E311F-1095-4757-B034-C73EC8E72619}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{BD8FE3C6-508D-461D-B0E4-70ED717608BB}" = dir=in | name=@{microsoft.windowsstore_11610.1001.25.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{C1BEEE79-4796-4083-9B49-8DA0099BB2DD}" = dir=in | name=xbox | "{C2BD7C0B-6C1A-4E18-A4B1-9C643253A201}" = dir=out | name=xbox | "{C3CA7A98-FB30-4D05-A953-2D5B5F78FF25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | "{C4E4B560-1657-4955-9B39-03F96B78D6ED}" = protocol=17 | dir=in | app=c:\users\msi4m\appdata\roaming\utorrent\utorrent.exe | "{C55DEA39-474D-4CB5-82C4-6AFB941F5DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CAEAAD26-6822-41FB-AEA2-AD2C82AECCED}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{CB5DBC85-0B6C-444B-B33C-5DE22429B486}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{CEBD332C-A61F-42C9-863D-3545364330B5}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{CEF6144A-84EF-4B4D-ACB5-2865C2F3F64A}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{CF0D8E09-4C3C-49BA-9CE1-40628E7B7D74}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{D0BA0701-94D3-424E-816A-9A4BBB3F93A4}" = dir=out | name=microsoft solitaire collection | "{D174236B-E095-4ABE-BF61-432BC6641E86}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{D3ED5A31-EC97-44FB-8855-5BBCF500259C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe | "{D5435B22-903D-4E67-8DE6-8A83C64E30AF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe | "{D887087D-0AFF-4F2F-BCED-5CB59B6D1612}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{D91F0015-C343-4EF2-9C6A-301F7A20F345}" = protocol=6 | dir=in | app=c:\program files\driverscloud.com\driverscloud.exe | "{DFD128C2-8A53-4998-838A-76C872770351}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{E1FC4838-9397-43F2-B216-DAF63F84A338}" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | "{E288D438-5297-4489-AE6D-5E598D9B12A3}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{E4EB6ED3-663A-4B17-A79E-D842E9D64082}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{E7686F06-BAFE-4349-B5BA-AC9B430361F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | "{E77EFF7C-0625-4E1A-9B98-1199BCAAF0C6}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{EF7B66B7-3A57-42A9-A988-83047A0D7F01}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3launcher.exe | "{F59A0D4C-D7AA-45B4-87EF-57A3342D67DB}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{F7145272-D3F0-489D-BA77-846E5C646C02}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{F8C2FFFC-216A-42A3-B501-A9C2C1B8E869}" = dir=out | name=onenote | "{F9B518C1-22D7-4683-9B4C-797AEABCF5C3}" = dir=out | name=microsoft sticky notes | "{FBFC0481-527A-45F8-93AD-6D6167CD6CDF}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{FE74AC60-8083-48DF-B3CC-1985AB81D328}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{FFB76415-84AE-4CB4-9C0E-204561EBE027}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "TCP Query User{1B114DFC-BC61-48B4-A9A2-51EF22E3CFDA}C:\romstation\emulation\saturn\yabause\yabause.exe" = protocol=6 | dir=in | app=c:\romstation\emulation\saturn\yabause\yabause.exe | "TCP Query User{D85C819B-A4E6-4C15-B817-E2CEBF5F4069}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\newz\thenewz.exe | "TCP Query User{D8976BC8-F19B-4E32-9D95-36394EB3DE30}C:\games\battlefield 1\bf1.exe" = protocol=6 | dir=in | app=c:\games\battlefield 1\bf1.exe | "TCP Query User{F12DDD05-32D2-4F5D-A479-6D0F0F747D2D}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | "TCP Query User{F31EFF82-9FC2-4FC6-ADE0-96DA49F03607}C:\romstation\emulation\playstation portable\ppsspp\ppssppwindows.exe" = protocol=6 | dir=in | app=c:\romstation\emulation\playstation portable\ppsspp\ppssppwindows.exe | "UDP Query User{2BF95188-2FE8-4AA3-B998-816E366296D7}C:\romstation\emulation\playstation portable\ppsspp\ppssppwindows.exe" = protocol=17 | dir=in | app=c:\romstation\emulation\playstation portable\ppsspp\ppssppwindows.exe | "UDP Query User{4A86803A-24C8-40B3-AC92-6154BC6F1422}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe | "UDP Query User{AFE44CA1-DF3B-44FA-BB79-DD081F1D0F0A}C:\games\battlefield 1\bf1.exe" = protocol=17 | dir=in | app=c:\games\battlefield 1\bf1.exe | "UDP Query User{CDC0A4E6-303A-441F-84A2-A2B7AA0C93C5}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\newz\thenewz.exe | "UDP Query User{EDBA6294-90B2-48B3-AD8C-0C728C652679}C:\romstation\emulation\saturn\yabause\yabause.exe" = protocol=17 | dir=in | app=c:\romstation\emulation\saturn\yabause\yabause.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E6763AA-A255-4BF9-8698-50E36CF15040}" = CheckDevicesConfigurator "{205AE40D-8AD7-4F29-A430-DD2168DA562D}" = Intel(R) Rapid Storage Technology "{224CC1EA-2433-4106-81BA-5D5432B11744}" = Intel® PROSet/Wireless WiFi Software "{2CC9BF06-23A8-4A2A-AAC5-F5790D3DD7E5}" = SonicMapperConfigurator "{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.0.6.1469 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology "{4379DDE4-778B-4908-8ABA-5BA31F625C9B}" = ProductNSConfigurator "{45759ED1-FC6C-4719-B503-7E9345796563}" = AudioLaunchpadConfigurator "{49E32C1D-F5D8-4729-BD70-0C8EE30B4976}" = Nahimic2UISetup "{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 "{55398EAC-F58E-4F19-B553-BDF8B9EFD839}" = Intel(R) Chipset Device Software "{555B1C57-E71B-4775-BC1D-627EEF693F0D}" = Intel(R) ME UninstallLegacy "{7EA1F26C-9A97-4FBF-81CF-51791FAA5175}" = LauncherSetup "{8B57FEA1-ABC0-4469-9205-856FD0D97C40}" = SCM "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1" = Revo Uninstaller 2.0.2 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{b14b9c09-5373-46b7-8c90-6a25cc5ef2ec}" = Intel(R) PRO/Wireless Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 378.49 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 378.49 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 23.23.0.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.16.0318 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{D6E596F0-D92A-4A7C-8643-0DB4D94A9EB9}" = ApoDispatchConfigurator "{E217E1DD-DB05-447D-8ED4-11CE492E1BC0}" = ProductDaemonSetup "{EE4C500B-D09E-442B-9AB8-D2872A9ADE93}" = UIInstallUpgrade "{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 "CCleaner" = CCleaner "Steam App 107410" = Arma 3 "Steam App 291550" = Brawlhalla "Steam App 337320" = Paint the Town Red "Steam App 355840" = Survarium "Steam App 380600" = Fishing Planet "Steam App 4000" = Garry's Mod "Steam App 555570" = Infestation: The New Z "SynTPDeinstKey" = Synaptics Pointing Device Driver "TAP-Windows" = TAP-Windows 9.21.2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VulkanRT1.0.37.0" = Vulkan Run Time Libraries 1.0.37.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{0b46d918-af4f-4612-8076-5c0ae67cb2aa}" = Avira Connect "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{223B62A8-F6FF-4BEB-BC17-230D12723CD0}_is1" = RomStation "{4549ceb8-695a-42eb-a183-4820d542a15f}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{5853172b-5520-4089-9ef4-e26c594382b3}" = Logiciel Intel® PROSet/Wireless "{5EFE0504-0BC4-11E1-8EDD-B32C4824019B}_is1" = The Elder Scrolls V Skyrim version 1.0 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}" = Battery Calibration "{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 "{6C409395-030A-4C10-A176-DF11D01138CE}_is1" = Mad Max "{7B0ACC7D-9AEE-4825-8AED-C7AC166034AB}" = Intel(R) Wireless Bluetooth(R) "{7E8181AF-9679-49B3-B133-C265709B6927}" = Help Desk "{8bd1653f-b053-4a68-8753-dd096b92dd0d}" = Nahimic 2 "{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}" = Dragon Gaming Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{b3c7f59f-dc40-4be9-829c-77dd292978ea}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{B5189BB5-245F-4F43-95CB-DD6E3BA81EDC}_is1" = Battlefield 1 Ultimate Edition MULTi9 - ElAmigos version 1.0 u3 "{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 "{BC5A9829-B67F-4E3A-83EE-0CDBDB6FBA1C}" = Avira Connect "{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1" = Project64 version 2.3.2.202 "{c7f54569-0018-439c-809a-48046a4d4ebc}" = Logiciel pour périphérique à chipset Intel® "{d992c12e-cab2-426f-bde3-fb8c53950b0d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 "{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}" = Sizing Options "{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1" = Windscribe version 1.61 build 9 "1446213994_is1" = No Man's Sky "2022706229_is1" = No Man's Sky Pre-order DLC "911 Operator_is1" = 911 Operator version 1.0 "Avira Antivirus" = Avira Antivirus "Avira Scout" = Avira Scout "Avira System Speedup_is1" = Avira System Speedup "FileZilla Client" = FileZilla Client 3.24.0 "Google Chrome" = Google Chrome "InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}" = Battery Calibration "InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}" = Help Desk "InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}" = Dragon Gaming Center "InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}" = Sizing Options "Just Cause 3_is1" = Just Cause 3 "Kona_is1" = Kona "Life Is Strange Episode 5_is1" = Life Is Strange Episode 5 "pcsx2" = PCSX2 - Playstation 2 Emulator "Steam" = Steam "TeamViewer" = TeamViewer 12 "WinRAR archiver" = WinRAR 5.40 (32-bit) [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-79388000-2943985318-589479336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Discord" = Discord "OneDriveSetup.exe" = Microsoft OneDrive "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 22/03/2017 17:38:15 | Computer Name = MEHDINGUE | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . Error - 22/03/2017 17:38:56 | Computer Name = MEHDINGUE | Source = VSS | ID = 8193 Description = Error - 22/03/2017 19:26:57 | Computer Name = MEHDINGUE | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 22/03/2017 19:28:03 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante IntelCpHDCPSvc.exe, version : 1.0.0.1, horodatage : 0x572a4b65 Nom du module défaillant : ntdll.dll, version : 10.0.14393.479, horodatage : 0x5825887f Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000002f7db ID du processus défaillant : 0xa08 Heure de début de l’application défaillante : 0x01d2a363f2df5b0f Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\IntelCpHDCPSvc.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 2501134f-688d-4f0a-8d67-a76e6fa9a55e Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 22/03/2017 19:29:08 | Computer Name = MEHDINGUE | Source = Perflib | ID = 1023 Description = Error - 22/03/2017 20:15:23 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante IntelCpHDCPSvc.exe, version : 1.0.0.1, horodatage : 0x572a4b65 Nom du module défaillant : ntdll.dll, version : 10.0.14393.479, horodatage : 0x5825887f Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000002f7db ID du processus défaillant : 0xa98 Heure de début de l’application défaillante : 0x01d2a36a8fc6e7be Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\IntelCpHDCPSvc.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : d5a05b42-98dc-407c-a16b-79800d0571fc Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 23/03/2017 07:30:27 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante IntelCpHDCPSvc.exe, version : 1.0.0.1, horodatage : 0x572a4b65 Nom du module défaillant : ntdll.dll, version : 10.0.14393.479, horodatage : 0x5825887f Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000002f7db ID du processus défaillant : 0xa1c Heure de début de l’application défaillante : 0x01d2a3c8dded419b Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\IntelCpHDCPSvc.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : baf53430-384c-4b97-a09f-d701b7a96013 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 23/03/2017 08:41:18 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante chrome.exe, version : 57.0.2987.110, horodatage : 0x58c9d368 Nom du module défaillant : mbae64.dll_unloaded, version : 1.9.2.201, horodatage : 0x589c7caa Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000003827 ID du processus défaillant : 0x2284 Heure de début de l’application défaillante : 0x01d2a3d2a9816c16 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Chemin d’accès du module défaillant: mbae64.dll ID de rapport : 7c2105b4-3c31-4bd2-8da8-0cf6e6c96ba5 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 23/03/2017 08:54:00 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante ZHPCleaner.exe, version : 2017.3.22.49, horodatage : 0x58d223a4 Nom du module défaillant : ZHPCleaner.exe, version : 2017.3.22.49, horodatage : 0x58d223a4 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00020e6a ID du processus défaillant : 0x1da8 Heure de début de l’application défaillante : 0x01d2a3d366adce73 Chemin d’accès de l’application défaillante : C:\Users\MSI4M\AppData\Roaming\ZHP\ZHPCleaner.exe Chemin d’accès du module défaillant: C:\Users\MSI4M\AppData\Roaming\ZHP\ZHPCleaner.exe ID de rapport : 66987d2c-da49-4bea-a8a4-74f8f8b8429d Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 23/03/2017 09:35:32 | Computer Name = MEHDINGUE | Source = Application Error | ID = 1000 Description = Nom de l’application défaillante IntelCpHDCPSvc.exe, version : 1.0.0.1, horodatage : 0x572a4b65 Nom du module défaillant : ntdll.dll, version : 10.0.14393.479, horodatage : 0x5825887f Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000002f7db ID du processus défaillant : 0x8e8 Heure de début de l’application défaillante : 0x01d2a3da57e2126e Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\IntelCpHDCPSvc.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : 06a8f96d-9d78-4041-b9ac-61e9d7321156 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 23/03/2017 09:36:27 | Computer Name = MEHDINGUE | Source = Perflib | ID = 1008 Description = [ System Events ] Error - 23/03/2017 09:35:57 | Computer Name = MEHDINGUE | Source = Service Control Manager | ID = 7023 Description = Le service WEPHOSTSVC s’est arrêté avec l’erreur : %%1064 Error - 23/03/2017 09:35:57 | Computer Name = MEHDINGUE | Source = Service Control Manager | ID = 7024 Description = Le service WiaRpc s’est arrêté avec l’erreur spécifique au service suivante : %%1722 Error - 23/03/2017 09:36:07 | Computer Name = MEHDINGUE | Source = Service Control Manager | ID = 7034 Description = Le service Wireless PAN DHCP Server s’est terminé de façon inattendue pour la 1ème fois. Error - 23/03/2017 09:36:07 | Computer Name = MEHDINGUE | Source = Service Control Manager | ID = 7034 Description = Le service Intel(R) Content Protection HDCP Service s’est terminé de façon inattendue pour la 1ème fois. Error - 23/03/2017 12:27:19 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = Error - 23/03/2017 12:27:19 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = Error - 23/03/2017 12:27:19 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = Error - 23/03/2017 12:27:19 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = Error - 23/03/2017 14:44:43 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = Error - 23/03/2017 16:58:34 | Computer Name = MEHDINGUE | Source = DCOM | ID = 10016 Description = < End of report >