OTL Extras logfile created on: 07/07/2017 21:13:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ElAmine\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.14393.0) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,89 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,60% Memory free 9,75 Gb Paging File | 7,56 Gb Available in Paging File | 77,55% Paging File free Paging file location(s): c:\pagefile.sys 6000 8000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 426,32 Gb Total Space | 342,87 Gb Free Space | 80,43% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 22,63 Gb Free Space | 90,53% Space Free | Partition Type: NTFS Computer Name: LENOVO-PC | User Name: ElAmine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 37 E9 96 9B C9 18 D2 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] "DontEnumerateCommonFilesUpgradeExe" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3350C9FC-E7F2-4E0A-A57D-D599D3AA21CB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\avast software\szbrowser\3.55.2393.609\szbrowser.exe | "{454220C6-6208-46A9-84B2-687570FF7418}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{47FEFBD7-CCFC-4E7B-8853-250226E622A8}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{51854558-B081-4A40-8851-252882DF4CDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7E8BAB95-B043-4F4D-8216-AD5A6C017D11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A04C072F-2FA2-4AAE-88BF-736DB2314CF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A31E885E-687B-456B-970F-B3F8A4251CB5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe | "{A8CB1515-364A-4BF5-BB08-C1265CB60008}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BCA8CCCA-77D0-4851-A72D-FD8F5B4752BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C103DADE-F093-4EC0-85F6-277FA5F3DDC8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\avast software\szbrowser\3.55.2393.596_0\szbrowser.exe | "{D2C4B43C-C00B-438A-90C8-516B06A89933}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{FF639105-3EA1-4C49-971A-0D3F96EAB534}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{FF6B96F3-4070-4727-90F0-4D91EE8BA11A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03817BEB-9254-4333-87A0-B24A4B84871C}" = dir=out | name=@{microsoft.bingnews_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{07B2313E-65E2-45B9-95CD-69E892E44F33}" = dir=in | name=xbox | "{09B000D0-7580-4EC2-A155-E59399F5D0AF}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{0DBABA9C-E0B2-4A5C-90DC-A9239B46D8AD}" = dir=out | name=@{microsoft.windowsstore_11705.1001.21.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{12168E84-F9D0-4420-9B78-513D4E0131E5}" = dir=out | name=@{microsoft.windowsmaps_5.1705.1391.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{126BBA95-7335-4C11-A821-91188E74EDDD}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{19E2A71E-EBEF-4CBA-B436-D5DAEFA86D2A}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{1EA5358A-1A66-456F-A605-7381197C5572}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} | "{26FC50B4-CB17-44C8-93F7-8F1C6E63C5BD}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{27FFF537-D8EB-4D7E-885A-80D9D447E82A}" = dir=in | name=@{microsoft.bingfinance_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | "{2B71AC42-7E64-4207-9F36-C262D7B0AE3E}" = dir=in | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{2BE55750-AFCA-405E-AEF3-6EB2482E9E21}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{30A129CE-DE4B-40C0-8EE1-15FD8B3CA811}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | "{30CDCDF3-FC64-4490-AAB8-2CC46F6CE67A}" = dir=out | name=lenovo support | "{3104E500-A878-4500-9E28-966687338D07}" = dir=in | name=microsoft solitaire collection | "{31261360-34F0-41C6-98D6-30332DCF692A}" = dir=out | name=@{microsoft.windows.featureondemand.insiderhub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.featureondemand.insiderhub/resources/appstorename} | "{31645CE7-4B5C-4AA4-83A7-598C59CD2A2A}" = dir=in | name=@{microsoft.microsoftofficehub_17.8312.7601.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{3215953C-0018-47A1-B3A1-DACC017E831E}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1704.1603.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{3537E43B-7393-400E-9A76-B27700214582}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} | "{35B726A3-25F8-4B07-8848-2657E305B1F5}" = dir=out | name=@{microsoft.zunevideo_10.17054.14711.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{3A2A4AF0-1761-47AE-BFCC-C0121AEF7C7C}" = dir=in | name=mcafee® central for lenovo | "{3D2E9F3D-2CFE-4B7E-BCEC-0EAA8E66631C}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{43560E73-2F13-4EDD-9720-C7D6AEBFA9EB}" = dir=out | name=camera man | "{450BE8AE-0C01-44D7-AD1B-861F5E647148}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{453E7B07-99D4-486C-B025-D0022E381DBD}" = dir=in | name=powerdvd for lenovo idea | "{47D280B6-E6B3-405E-AF3C-67BBDFEED685}" = dir=in | name=microsoft sticky notes | "{491C2F06-0C39-4664-BF08-E4C01D04D726}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{4AB17FA5-6500-4C6D-91BE-06C423F565F5}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{4AB87B93-70C9-4858-B63F-99E02DD5212D}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{4EB9BBDD-83BC-417B-B3B5-4D359A2B3C6A}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{4EEC33CB-8F50-4914-8EFE-4ED16B5B342E}" = dir=out | name=best player | "{515E9410-3B2B-4CBC-80F8-17469978C983}" = dir=out | name=txtr ebooks lenovo edition | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{5760FA3B-D361-4C87-88AF-EDE3E07AC8F7}" = dir=out | name=onenote | "{5A07F8F0-955F-41D3-B41C-79D22E3819EE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{5D06A3B0-5838-4019-985A-6F8F1CD72AD1}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{5ED381F7-1ECC-4508-80AE-B95642F23973}" = dir=out | name=skype wifi | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{629348E5-CDC8-4292-A55A-DAD5C073A069}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{62D16143-5FD4-4577-9C78-EF537E2F92B2}" = dir=out | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{635C47E3-311B-4921-8D55-96B6ED1DEE1F}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{6448E3C6-14A4-4F71-857B-6A44E8C02463}" = dir=out | name=microsoft sticky notes | "{64525E32-471C-48D0-A097-72C7E3B86821}" = dir=out | name=@{microsoft.people_10.2.1451.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{64E00047-1AD4-4F9C-9D1D-C66E7A2247B6}" = dir=out | name=@{microsoft.microsoftofficehub_17.8312.7601.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{6693E90C-2110-40B1-9617-9C3034E6AAD9}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{68E5C6D5-835F-4ACB-B051-AA8B33BE413B}" = dir=in | name=@{microsoft.windows.photos_2017.18062.12990.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{69A97E02-59FD-4B31-8CE4-1F782FFD8BD1}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{69CE6458-3293-4827-81E7-131834F381D8}" = dir=in | name=@{gameloftsa.asphalt8airborne_3.1.1.0_x86__0pp20fcewvvtj?ms-resource://gameloftsa.asphalt8airborne/resources/appname} | "{6A6328FA-CB07-40C0-A25E-0777FBBC44B1}" = dir=in | name=@{microsoft.windowsstore_11705.1001.21.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{6C517570-D640-44C3-8A45-F4CAE0F3E9EB}" = dir=in | name=zinio | "{6DF546D6-13B7-49E3-905D-4085106A6941}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | "{6E7B9102-91AE-4E50-AA1A-7DC184E077CE}" = dir=out | name=mcafee® central for lenovo | "{6F0A2ACA-3160-4061-8716-F577F6441857}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} | "{731CB1ED-9F8D-400A-80AB-FA5ADF8A74CF}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{7397D027-534B-4C53-9FC8-FA9895116B2B}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} | "{787FCFAE-357D-4FC0-BC28-0405BEE2B1D6}" = dir=out | name=@{microsoft.bingsports_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | "{7BFBDB01-A16E-48C6-AB34-C605A65C3518}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{7C34CBDA-BA09-400F-B06A-D4F1DA5A1965}" = dir=out | name=windows_ie_ac_001 | "{7DAC95DC-6D0E-4D06-BDE3-8AD44D6D3C95}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{7DF44FF6-0ADC-4145-9F6C-DB505934676B}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{7FC571F3-C82F-4A91-BC3A-7BA6020270CF}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{80DBDF6C-B643-437D-89DD-899FCB253F10}" = dir=out | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{82A0CFDC-C3E4-4C44-9CE7-35B947354F41}" = dir=in | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{836ACCFD-5257-4111-8FC0-121ED6E370D4}" = dir=in | name=accuweather - weather for life | "{839C9FEA-A08A-4151-8BDC-9501E9BF8B14}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{86BF0ED6-88D4-470E-BC70-A8B944E9A86B}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} | "{8712FB61-9996-42D4-9824-D41E1241FB1C}" = dir=out | name=twitter | "{8AB35F65-65C3-4D49-8080-ED22F5030699}" = dir=out | name=store purchase app | "{8B771757-F817-44A6-9853-F70A8E2329E4}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{8CA78F31-F83A-430E-AF55-21D92EE34BC2}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{8E1C18C1-1226-4354-8236-58741D0F5E85}" = dir=out | name=microsoft solitaire collection | "{903D4C13-9E72-4AE8-8B49-660417F6F68A}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{9C0030E2-DC24-4616-9B96-FC13A124D3B5}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{9D20D20D-2FE5-496B-B8FC-0E31A9FB50DF}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A2056E77-A1DA-4F04-AB89-2E90CBBC9D9C}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{A269953B-88E2-4968-9B2E-C9B4DA28D2B7}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} | "{A2C10133-7803-4D53-AEEE-FDDBA0032F3E}" = dir=out | name=ebay | "{A30E1DA9-746D-4EF3-B3D3-08822B45A90E}" = dir=out | name=@{microsoft.getstarted_5.10.1441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{A3655A38-AFFD-474B-9FBA-F881ED7B9F6C}" = dir=out | name=windows_ie_ac_001 | "{A4EAA87E-BCE2-4138-B35C-CAD3763A897E}" = dir=in | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{A619CB59-0A8B-420D-AD1F-B5A7DD7B6491}" = dir=out | name=powerdvd for lenovo idea | "{A9EAB1DA-D5B6-4A27-A931-812190B58818}" = dir=out | name=@{microsoft.3dbuilder_14.1.1302.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | "{AA9CCC5E-A74D-4824-BA6C-5B697E3861DB}" = dir=in | app=c:\program files (x86)\brick-force\bflauncher.exe | "{AB3CDF85-815A-49F9-88CB-886D37D3A6D3}" = dir=in | app=c:\program files (x86)\brick-force\brickforce.exe | "{ADA68BB6-F67C-49A2-84BB-B4104C0FB980}" = dir=out | name=@{microsoft.bingfinance_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} | "{AF06762C-F994-4C09-AF3F-55605640F795}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.21234_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{B00E9BB8-FF03-4F5D-8406-384E30B6F314}" = dir=in | name=onenote | "{B0E8FE55-C72E-481B-A9D7-0E18D5849579}" = dir=out | name=sway | "{B25A2A1F-83E0-44DC-BB50-B6F16ADA7B36}" = dir=out | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{B2B4D01A-4A11-44BC-ABA4-E6EFE9361013}" = dir=out | name=xbox | "{B5234454-C68B-473B-9213-C335921EA2BE}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{B8E0DBED-B67B-48FA-9B6A-EF831417E300}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} | "{BAD1CA67-8366-48FC-95EE-17BC96F3832C}" = dir=out | name=@{e046963f.lenovocompanion_3.79.0.0_x86__k1h2ywk1493x8?ms-resource://e046963f.lenovocompanion/resources/appname} | "{BB62E432-450E-4924-AEEF-877155DE4D28}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{BCCF6C52-0240-4558-A13C-F3688D72ECBF}" = dir=in | name=@{microsoft.bingsports_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} | "{C009F4DD-E6DE-4FAC-9FAB-D3A6B8B5DCBB}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{C03C986F-2694-476F-B8BD-8E3349A7BA2B}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{C11F23A4-E612-4A92-B0CB-EF189E94F9BE}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{C45A573F-6474-4A0F-AAA1-68A85CB43B6E}" = dir=in | name=@{microsoft.zunevideo_10.17054.14711.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{CA59B0EC-EC48-4EDF-BDF2-FD493E96E9A0}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.1358_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{CADA2BAA-E9FA-4421-94A1-03D1B70DD293}" = dir=in | name=best player | "{CD1181C4-4460-4AF0-963D-9B6D0680D5A0}" = dir=out | name=@{microsoft.windows.photos_2017.18062.12990.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{CE657162-53A8-4655-A749-BA7CB72E43A2}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D7FECD0A-4D76-4B29-AC12-C99036FD0767}" = dir=in | name=@{microsoft.bingnews_4.21.1434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{D848AC5F-2E69-4174-9B7E-8E5A5035D31C}" = dir=out | name=accuweather - weather for life | "{D85E6251-870C-4DC6-8CB4-1AAE30D3A16B}" = dir=in | name=sway | "{D8BE1351-722D-446D-B30B-18041C5855BA}" = dir=out | name=windows_ie_ac_001 | "{D8EBF598-CA45-431F-BFC7-1DA2734EFC0B}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{D9E7DEFE-0180-43C3-9D44-552C57F3CF30}" = dir=out | name=@{gameloftsa.asphalt8airborne_3.1.1.0_x86__0pp20fcewvvtj?ms-resource://gameloftsa.asphalt8airborne/resources/appname} | "{DAD2BC23-A637-444C-8612-3AC515BF241B}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1704.1603.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{DB1064A4-2825-4B1C-B215-7E08C38DC2F6}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DD42B476-E606-4D97-BED6-1D2F7C3AD43D}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{DF4D4FE4-17BF-4574-91FD-80DCA5E4E1EF}" = dir=out | name=candy crush soda saga | "{E4B416A5-6A53-4307-BAC3-B247216A367D}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{E547062D-FDB2-41F5-A99F-6019DAAF558F}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} | "{E54838CC-FEC2-4C5A-AC33-231184A8CEFA}" = dir=out | name=mytf1 | "{E736D2DA-88A9-4A20-815A-7412C72E634C}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{E750CCAC-6146-4D54-BCCA-0E162E42B966}" = dir=in | name=@{microsoft.windows.featureondemand.insiderhub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.featureondemand.insiderhub/resources/appstorename} | "{E9B59297-119A-4EC6-9C88-61C02A6EE8AD}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{ED34EFCD-C19A-4D21-B7FB-DAAA4836D52A}" = dir=out | name=zinio | "{F10A4BD5-1CBD-4669-AC24-ED1BB35C95C2}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{F44C6481-B91E-4509-8529-A6918B615747}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} | "{F5D98D11-8523-4A73-B166-37759584A105}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F7B1393C-B447-44B5-A67E-DC087DF19BDE}" = dir=out | name=@{microsoft.skypeapp_11.18.614.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{F91C823B-E043-43C3-9210-EEF7247C27A7}" = dir=out | name=yousendit for lenovo | "{FE955815-29EA-40A9-95FF-ABED28934F7A}" = dir=in | name=@{microsoft.skypeapp_11.18.614.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "TCP Query User{0A13D65E-8570-457E-BA12-95D4AE893288}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (1).exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (1).exe | "TCP Query User{0D3F96C7-CDA8-4443-A0BA-3B931A2A8F90}C:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=6 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe | "TCP Query User{0FC40B0C-17DD-4EE6-A7E1-91388275E327}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "TCP Query User{169D0723-23B1-4F9F-B88D-297998F7A016}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr.exe | "TCP Query User{1D63D707-4BB2-4D84-9301-623AD3DAD7AE}C:\users\elamine\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\elamine\appdata\roaming\cacaoweb\cacaoweb.exe | "TCP Query User{257E375A-7721-4914-BE7B-19F347B64876}C:\users\elamine\desktop\mdpskype=codelyoko\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\mdpskype=codelyoko\warcraft iii\war3.exe | "TCP Query User{3901B095-F3D5-4286-A57C-DE5865E34C37}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe | "TCP Query User{3CC35269-BBC1-4B60-9E08-0919BC764C5F}C:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=6 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe | "TCP Query User{4605CD86-1788-4F00-963F-6776CBCBFC20}C:\cyberstep\getamped2_fr\ga2.exe" = protocol=6 | dir=in | app=c:\cyberstep\getamped2_fr\ga2.exe | "TCP Query User{4BA93AE2-3B68-4303-8F1A-414693743AAD}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (2).exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (2).exe | "TCP Query User{5CDFAA70-AEBD-4CAD-9188-CE88BB92E931}C:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr.exe" = protocol=6 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr.exe | "TCP Query User{61103339-96B0-4BED-A213-A72AFF7D946D}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe | "TCP Query User{62834D03-40BA-4459-A8ED-FE88AE31F2E0}C:\users\elamine\desktop\mot de pass oublier et fichier mincraft - copie\mot de pass oublier et fichier mincraft\cube world (1)\cube world\server.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\mot de pass oublier et fichier mincraft - copie\mot de pass oublier et fichier mincraft\cube world (1)\cube world\server.exe | "TCP Query User{68D5BC25-576A-440B-AC4F-5C568133EE5D}C:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr (1).exe" = protocol=6 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr (1).exe | "TCP Query User{7F0F8ACC-CF4D-4556-8888-B56B86DA3347}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "TCP Query User{7F18CCB7-D4AD-43DA-A2E6-3C5FE97AAB72}C:\cyberstep\getamped2_fr\ga2.exe" = protocol=6 | dir=in | app=c:\cyberstep\getamped2_fr\ga2.exe | "TCP Query User{967B4164-EEB8-4FD2-A9C6-05391E060879}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr.exe | "TCP Query User{D7F1F46B-B2AC-4EA2-A7FA-0BEAAD3D5AEC}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe | "TCP Query User{D8049BA5-2C72-4E6B-9AC6-5FEB449AF65B}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (2).exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (2).exe | "TCP Query User{E384F3F4-A576-4D71-9127-118633F9FEF8}C:\users\elamine\desktop\warcraft con\warcraft iii\warcraft iii.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\warcraft con\warcraft iii\warcraft iii.exe | "TCP Query User{E792656F-12DA-4C9C-8068-5A8A52B007CB}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (3).exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (3).exe | "TCP Query User{EDA549FE-835A-4CCB-B6EF-D2B2951A4763}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (1).exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (1).exe | "TCP Query User{EF61BBA0-ABD9-482A-A3E3-6882DDEA667C}C:\users\elamine\desktop\warcraft con\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\elamine\desktop\warcraft con\warcraft iii\war3.exe | "UDP Query User{09673A0D-7DF9-42E4-967B-2CE211BA0795}C:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe | "UDP Query User{0F5BD49C-A717-4B49-930C-FC0AF33F148B}C:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=17 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe | "UDP Query User{19B3400E-72EF-4B03-A122-B24CEE3F649B}C:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr (1).exe" = protocol=17 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr (1).exe | "UDP Query User{23E7CDF3-82D2-445A-A7A5-E3E1BE9FED51}C:\users\elamine\desktop\warcraft con\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\warcraft con\warcraft iii\war3.exe | "UDP Query User{2EF7CF6F-9948-463B-841E-6700F88B6506}C:\cyberstep\getamped2_fr\ga2.exe" = protocol=17 | dir=in | app=c:\cyberstep\getamped2_fr\ga2.exe | "UDP Query User{34CEB122-D851-47D4-886C-0D2A2F56BEE0}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (3).exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (3).exe | "UDP Query User{40844428-6742-465A-871D-93326896834D}C:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr.exe" = protocol=17 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_reign_of_chaos_frfr.exe | "UDP Query User{5DF86B3F-B0C9-49C9-B155-C62018FD5AA2}C:\cyberstep\getamped2_fr\ga2.exe" = protocol=17 | dir=in | app=c:\cyberstep\getamped2_fr\ga2.exe | "UDP Query User{6AF55D21-4E0C-4D04-959F-0F1979A0184F}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (1).exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (1).exe | "UDP Query User{719D3B6B-D60F-4E05-A44C-8E71EDDCBE61}C:\users\elamine\desktop\mot de pass oublier et fichier mincraft - copie\mot de pass oublier et fichier mincraft\cube world (1)\cube world\server.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\mot de pass oublier et fichier mincraft - copie\mot de pass oublier et fichier mincraft\cube world (1)\cube world\server.exe | "UDP Query User{739C4662-4B17-4ADD-8434-876FFC27B3B5}C:\users\elamine\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\elamine\appdata\roaming\cacaoweb\cacaoweb.exe | "UDP Query User{7C88C8D8-EAE9-4756-AEFA-B8A56E4AC3F8}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | "UDP Query User{A844B65D-2D60-4239-9A42-12DDDA6BDCB2}C:\users\elamine\desktop\warcraft con\warcraft iii\warcraft iii.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\warcraft con\warcraft iii\warcraft iii.exe | "UDP Query User{AEE1EE76-51A4-421F-B0A7-038C9B6BF5FD}C:\users\elamine\desktop\mdpskype=codelyoko\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\mdpskype=codelyoko\warcraft iii\war3.exe | "UDP Query User{B12EE574-937E-4893-A5DA-E0E43ADCF32A}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (2).exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (2).exe | "UDP Query User{B3A89024-C80B-4211-9830-C0DB57795D27}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (2).exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr (2).exe | "UDP Query User{B928898C-B636-4865-BC16-4C44AFD879C6}C:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_the_frozen_throne_frfr.exe | "UDP Query User{C1813996-C656-4E01-B49D-AE6143ACAB84}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr.exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr.exe | "UDP Query User{C672B50F-FAF8-4A4C-A3BA-3F88B9D9E013}C:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (1).exe" = protocol=17 | dir=in | app=c:\users\elamine\desktop\downloader_warcraft3_reign_of_chaos_frfr (1).exe | "UDP Query User{C9C37C16-2A00-4800-80B6-00E3EA0456A3}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe | "UDP Query User{D1D6174E-8911-4B62-B6DE-13914BD645B1}C:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe" = protocol=17 | dir=in | app=c:\users\elamine\downloads\downloader_warcraft3_the_frozen_throne_frfr.exe | "UDP Query User{F8BA6310-004A-49FA-ABEB-A38EFA18FFAE}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe | "UDP Query User{F9BC17FB-F9EC-40F0-A322-20EE7806E38F}C:\program files (x86)\hearthstone\hearthstone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12B07FF1-29CB-45AC-B493-1DB88BE717BD}" = . . "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F895C18-6A2F-4A9E-BBE9-246783070F37}" = paint.net "{4DFCD818-036A-4229-A67D-CF17DC461D92}" = Windows 10 Update and Privacy Settings "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client "{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506 "{B0B194F8-E0CE-33FE-AA11-636428A4B73D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506 "{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}" = Lenovo Bluetooth with Enhanced Data Rate Software "CCleaner" = CCleaner "Defraggler" = Defraggler "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F32180101F0}" = Java 8 Update 101 "{26A24AE4-039D-4CA4-87B4-2F32180111F0}" = Java 8 Update 111 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66DC436D-02B4-48F5-AF30-01EDED35168F}" = Alcor Micro USB Card Reader "{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{954190cd-c66c-4650-bd15-f3dd85f2ae15}" = Intel® Driver Update Utility "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{BBEC10F9-AC15-41EE-A271-0B1077F53740}" = Adobe AIR "{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 "{C01175B6-6575-4526-A55B-2BC2F10BA083}" = . . . "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "Adobe AIR" = Adobe AIR "Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI "AmUStor" = Alcor Micro USB Card Reader "Avast Antivirus" = Avast Antivirus Gratuit "Battle.net" = Battle.net "Google Chrome" = Google Chrome "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "Razer Cortex_is1" = Razer Cortex "SafeZone 3.55.2393.609" = SafeZone Stable 3.55.2393.609 "Warcraft III" = Warcraft III [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-362140641-1626997870-2480964398-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1BAAB49F-60E7-79AC-E5E9-44123DB4ABB0}" = Update for PriceFountain "Discord" = Discord "OneDriveSetup.exe" = Microsoft OneDrive "TeamSpeak 3 Client" = TeamSpeak 3 Client [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 14/06/2017 13:04:01 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:13:36 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:17:19 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:27:19 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:27:53 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:29:51 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:29:52 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:41:14 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 13:50:01 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 14:10:04 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 14/06/2017 14:10:09 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI avec l’erreur : -2147024629 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 16/06/2017 04:30:23 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 16/06/2017 07:57:55 | Computer Name = Lenovo-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Échec de l’activation de l’application Microsoft.WindowsStore_8wekyb3d8bbwe!App avec l’erreur : -2144927141 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. [ ESRV_SVC_QUEENCREEK Events ] Error - 28/06/2017 13:08:50 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 28/06/2017 13:08:50 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 03/07/2017 18:02:28 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 03/07/2017 18:02:28 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 06/07/2017 06:00:47 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 06/07/2017 06:00:47 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 07/07/2017 04:37:19 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 07/07/2017 04:37:19 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 07/07/2017 07:13:58 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = Error - 07/07/2017 07:13:58 | Computer Name = Lenovo-PC | Source = ESRV_SVC_QUEENCREEK | ID = 2 Description = [ System Events ] Error - 07/05/2017 08:14:13 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 07/05/2017 09:09:19 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 07/05/2017 15:20:27 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 08/05/2017 06:07:25 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 08/05/2017 06:17:50 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 08/05/2017 07:12:37 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 08/05/2017 09:47:38 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 09/05/2017 11:05:17 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 10/05/2017 02:30:11 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = Error - 10/05/2017 03:51:48 | Computer Name = Lenovo-PC | Source = DCOM | ID = 10016 Description = < End of report >