cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation

ÿþOTL Extras logfile created on: 20/05/2021 21:52:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\flori\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.19041.0)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,33% Memory free
4,62 Gb Paging File | 1,86 Gb Available in Paging File | 40,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,87 Gb Total Space | 352,54 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 457,38 Gb Total Space | 456,45 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive F: | 5,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DESKTOP-PF6A21C | User Name: flori | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (All) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- Reg Error: Key error.
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- Reg Error: Key error.
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av]
"DataMigrated" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}]
"GUID" = {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
"DISPLAYNAME" = Avast Antivirus
"STATE" = 266240
"PRODUCTEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software)
"REPORTINGEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software)

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}]
"GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
"DISPLAYNAME" = Windows Defender
"STATE" = 393472
"PRODUCTEXE" = windowsdefender://
"REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation)

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{EB19B86E-3998-C706-90EF-92B41EB091AF}]
"GUID" = {EB19B86E-3998-C706-90EF-92B41EB091AF}
"DISPLAYNAME" = Avast Antivirus
"STATE" = 266240
"PRODUCTEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software)
"REPORTINGEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software)

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw]
"DataMigrated" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 54 F8 66 CF 73 F7 D6 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B6C5767A-9D8A-4AC5-9235-818DF89E7F22}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{D335A956-849C-4FEB-8589-814F6178575E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe |
"{EACBBF81-4BC3-4486-84F9-D954D5C70259}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0044B79E-FC9F-4E4F-9537-4E214BF2D653}" = dir=out | name=@{microsoft.zunevideo_10.21021.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{004B2850-E417-4DCA-9F01-F636F3ECA1A9}" = dir=out | name=xbox game bar plugin |
"{02F21FCC-7C2C-4E99-96C2-FBE523EA549D}" = protocol=6 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe |
"{0336F55C-23C7-4361-925C-8D654834A615}" = dir=in | name=xbox one smartglass |
"{0560AB1E-B3FF-4DCB-867A-EF6B4B951F29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3_debug.exe |
"{0581B0F8-676F-4693-A9ED-89C8F21935FD}" = dir=out | name=@{microsoft.mspaint_6.2105.4017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} |
"{05A080B5-5360-4704-AF46-BC9B1AF3191C}" = dir=out | name=@{king.com.bubblewitch3saga_7.4.22.0_x86__kgqvnymyfvs32?ms-resource://king.com.bubblewitch3saga/resources/appname} |
"{09762B9C-B947-4A7E-A8E5-13729D8D3EC5}" = dir=out | name=@{microsoft.zunemusic_10.20122.11121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0BE34E5F-42E7-469B-9FDF-E8B6E67BA044}" = dir=in | name=@{a278ab0d.disneymagickingdoms_5.9.13.0_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} |
"{0C03DB64-F5A9-44E8-B03C-3DE923127D51}" = dir=in | name=cortana |
"{0F50EE1A-9A6C-44EE-B091-EBF942468356}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{11138F7E-74C5-46C4-A6DE-A690FE9264E9}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} |
"{1C70A455-8AE4-440A-BB27-AF99301D6879}" = dir=in | name=@{microsoft.desktopappinstaller_1.4.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{1C8E10B0-2589-4ADC-AD68-7070C02190C6}" = dir=out | name=@{microsoft.lockapp_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{22B8EBB0-0639-41C8-8811-598721330549}" = dir=out | name=@{microsoft.xboxapp_48.76.8001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} |
"{22BE9A12-815E-49EA-B366-E2B3AA8CF7AE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{23A6D5AA-C55D-44AC-B3BD-F06D3C0AD591}" = dir=out | name=@{microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} |
"{23EE7AAF-1C36-42E0-B7BF-987AFC87800B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pro rugby manager 2015\rugby.exe |
"{24D48F10-2ECD-4EA7-B044-ADC08817E5A6}" = dir=out | name=windows_ie_ac_001 |
"{263708D6-DC2D-48B7-8BF2-3F390E687DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{28929A4C-F912-45DE-A342-08E20EE0C6C2}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe |
"{2A898567-7CB4-46E8-AC24-DBF3D9037AB4}" = dir=in | name=@{microsoft.zunevideo_10.21021.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2C0B0CB5-129B-45C8-985A-C58CF3B80927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe |
"{2C99F655-D94D-467B-9A44-B0645D14808A}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} |
"{3013D2B7-F0BD-4BCB-98BB-161B44C22C56}" = dir=out | name=@{microsoft.microsoft3dviewer_7.2105.4012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} |
"{318E866F-FC34-41D8-AA33-114DEC2E243F}" = dir=out | name=@{microsoft.getstarted_10.1.40561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{324445C8-D66F-408B-BABD-3A2B228C5990}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe |
"{3341AAD3-7DA1-4581-AB9B-AF468E0871AE}" = dir=out | name=@{a278ab0d.marchofempires_5.5.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} |
"{334E186A-1943-40B7-A367-35D80B9CA17E}" = dir=in | name=@{microsoft.xboxapp_48.76.8001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} |
"{33574784-A06E-4C84-806E-A168D63AA184}" = dir=out | name=@{microsoft.people_10.1909.12456.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{336BA5C3-FD93-4BE2-8DBF-EFBEFC09213B}" = dir=out | name=@{microsoft.desktopappinstaller_1.4.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} |
"{3BE8C916-E439-465D-A2D9-B359D182C1D5}" = dir=out | name=microsoft edge |
"{3DB01A02-9570-4806-AA0D-DD7DEC7DD708}" = dir=in | name=dolby access |
"{3E2674E9-293F-4421-B138-5A1A1C33E998}" = dir=out | name=xbox game bar |
"{41328CCA-120F-42F7-B5E6-B0A17D15E906}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe |
"{419B54E4-995B-4840-81CD-19C774278D39}" = dir=out | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{47D4BA7B-796D-4FA8-AEF0-B11AB89FC605}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe |
"{49F1E503-FB74-44BA-BE47-5CDA05002B96}" = dir=in | name=@{microsoft.yourphone_1.21042.95.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{4AC4C453-31BD-4721-9003-29A2469AA15F}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{4ADCA692-2EC2-49B0-AD7A-B51BA2D1C97F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{4C6BA7CE-2C8F-4F99-BEF6-411DF725957F}" = dir=out | name=@{microsoft.mixedreality.portal_2000.21041.1051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} |
"{4CECDE43-FEBC-4988-969F-3CB5E68BF917}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{5095B345-59FE-4381-B687-81025D669687}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{50A9DC73-34B3-494E-9266-9FC1D119E673}" = dir=out | name=@{microsoft.windowscamera_2021.105.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} |
"{51392208-9530-466F-81DE-8381BAEB8F56}" = dir=in | name=print 3d |
"{525890A5-9BA2-4395-803E-098FE28F7876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe |
"{5401C6C4-40E7-45C1-A41D-C11A618A8FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{54E6A165-E0E3-493C-AA1E-8A6A95278D6D}" = dir=out | name=@{microsoft.storepurchaseapp_12103.1001.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} |
"{5514D19B-C5D4-4AA4-A37B-279239163454}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{57C85AB0-1A63-4BA5-8505-6650B74BA8C6}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{594292D1-C98E-4EFE-B9BD-58010F6284F4}" = dir=out | name=@{microsoft.microsoftstickynotes_3.8.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} |
"{5968D68D-3EED-4D41-AB5E-E2CC01AD8608}" = dir=out | name=microsoft solitaire collection |
"{5986E4CB-108A-476F-A31B-94536E157E12}" = dir=in | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{59C0017A-DB4C-4391-99EF-0BFCC1CC5369}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{638E9156-48F7-4282-9C97-FE9C0BD280DB}" = dir=in | name=onenote for windows 10 |
"{655EE6A8-09CC-4EE1-BE3D-1EE67256D229}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe |
"{660219F7-3EB5-4DC6-88D7-F0C0A8D813B3}" = dir=out | name=windows feature experience pack |
"{66ACBB93-1A0F-4A66-8743-90580A2DA81B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3launcher.exe |
"{67A57DAE-D2CE-462A-AC10-163F878F3148}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe |
"{67AC90C4-F17C-46DA-AB40-B9112BE5FB4C}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.2009.10055.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{6AD3DBB1-5BC4-4D8F-94B3-DC8A8F1E774B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{6FE6CC01-6109-4A98-A624-2EA612C7E8C3}" = dir=out | name=autodesk sketchbook |
"{73479E7D-DA5B-4831-9105-E892E69F4ACB}" = dir=out | name=candy crush soda saga |
"{74E94935-A175-48EF-B56F-6EE34BF5C4EE}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{760C3556-C010-4B2A-9763-D7A430EF64F1}" = dir=out | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} |
"{78BFE28B-33AF-4BF6-95FC-69AAB875D4F0}" = dir=out | name=@{a278ab0d.disneymagickingdoms_5.9.13.0_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} |
"{78E91E8B-1148-4B7F-AF55-8061CF8545B4}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{7FD88606-12C3-49E8-A82C-B5CAF69F758B}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe |
"{81B866D3-B7FF-499A-AD2D-48F242C15081}" = dir=in | name=@{a278ab0d.marchofempires_5.5.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} |
"{82034129-1595-43B9-813E-5BE73548F08E}" = dir=in | name=@{microsoft.zunemusic_10.20122.11121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{837B424E-25EC-4CE7-A083-A940FC0344A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3.exe |
"{83B85B94-F81F-436D-A900-B5E3216C0DC0}" = dir=out | name=ncsiuwpapp |
"{84BA575A-8716-40FC-9A35-0692578105CB}" = dir=out | name=@{microsoft.bingweather_4.46.31121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{891C37F0-658D-4B25-919F-152C1CCBCD67}" = dir=out | name=office |
"{8C74AE5F-83C5-4ADD-8495-E9E496F56983}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pro rugby manager 2015\rugby.exe |
"{8C90A605-69DE-44CE-A6DC-53A0C8BC1932}" = dir=out | name=xbox one smartglass |
"{9628A62F-1619-41C6-BB89-A4E84BAFEAB4}" = dir=in | name=@{microsoft.microsoftstickynotes_3.8.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} |
"{9A764E8F-2BC3-4862-AA6A-922DBC066668}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{9AD2EC5E-97D6-496D-B8C4-CB72606D0FDA}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe |
"{9AF25A20-F72B-4E79-9332-F8F30D0E43A2}" = dir=out | name=@{microsoft.gethelp_10.2102.40951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} |
"{9BFFDB1A-259E-4E3A-A5B3-C11B422CA49E}" = dir=out | name=@{microsoft.bingnews_4.54.22741.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithtagline} |
"{9D1A6AA2-2F85-42EB-9DF3-7B72E7B56B2A}" = dir=in | name=@{microsoft.windows.photos_2020.20120.4004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{9EABBA2A-CF8C-405A-AB26-6A4D57C4170F}" = dir=out | name=@{microsoft.yourphone_1.21042.95.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} |
"{A135197F-E58D-4802-8E51-C592834E3415}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} |
"{A2E77454-0A9E-465E-A0D3-FF86419B0AF5}" = dir=in | name=skype |
"{A4839A76-745E-436C-A600-433C55658696}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} |
"{A9C78B98-AD0A-43A1-8F75-418C48ED4D81}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe |
"{AAC38AF2-A7D3-467E-9ED4-0F35F142C495}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} |
"{AAC8405B-28DD-4727-ACBB-F8DF7DE2CC22}" = dir=out | name=microsoft pay |
"{ACC5DF91-0C69-44FD-90B9-3FF83BAA722F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3_debug.exe |
"{ADB12495-FB31-4FA9-A17B-FB6524FB32FB}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{ADBF007F-7B49-4AC7-A94F-BA8094A7DE9E}" = dir=out | name=@{microsoft.xboxidentityprovider_12.67.21001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{ADD212F6-F942-4615-94CB-05413CD99F34}" = dir=out | name=@{microsoft.windows.photos_2020.20120.4004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{B2A9C6A3-45F8-4639-86EB-60431FC5D3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{B734F063-30A6-4B83-ABF2-E1365079353D}" = dir=out | name=@{microsoft.windowsmaps_10.2101.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{BA782867-7B34-4984-AC63-11F42B868442}" = dir=out | name=onenote for windows 10 |
"{BC22F521-458C-46CF-BB3C-9CF395EF54D1}" = dir=in | name=autodesk sketchbook |
"{C03A4E05-03DF-45C7-B800-5DC940E821FA}" = protocol=17 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe |
"{C0B31AAA-8CDA-4B32-80A5-4F7D420B7998}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe |
"{C1DB96DD-6EC2-410B-BD1A-65FC3E6F9DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3.exe |
"{C66ABCBE-B87C-4EB5-B799-1B38ECD6B375}" = dir=out | name=print 3d |
"{C742DD67-BB4A-458C-B263-EC779CA465F2}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} |
"{CA7E9BC2-E624-45F0-8493-B4B6EDEFEFEE}" = dir=in | name=@{microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{CB0EF4F5-DF03-4130-B39F-C6FD80D947BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{CC29D226-A7E0-4152-979F-5B3D62D7C850}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{CCAE44C5-E103-49A4-8145-4578284E5679}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{CD0FB304-7872-4F17-B894-8D9C270C28F7}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{CD93B194-F85F-4489-8725-F4F5DBB0F725}" = dir=out | name=xbox tcui |
"{CE42CD86-A279-448E-B818-2BC57F7FA61B}" = dir=out | name=@{microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{CF234113-D28C-4479-B099-3657BB5C7B26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe |
"{D2171876-5E31-4A8D-913C-AD788E1518B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D6BFA4B6-1FFA-47A1-B599-6812DBD47C1B}" = dir=out | name=skype |
"{D83A2EAC-8A87-4E8F-9F53-00D44B1C5E5E}" = dir=in | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} |
"{D96561DD-2634-4C6D-9F26-C4C9CB15D5B0}" = dir=in | name=candy crush soda saga |
"{DCAA9E57-0AA2-4C38-BF04-EAB2135790B2}" = dir=in | name=microsoft edge |
"{DF27FCBA-3C13-4A1A-9715-9C7FF69EEAFF}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe |
"{E3E6B09A-0F2B-4A53-BA00-CCF57A251BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe |
"{E56AC0AE-23E5-4BD5-888E-70BCD3E5D866}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3launcher.exe |
"{E8216669-42EE-4F54-A224-E761FBB1DBD1}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{EF28D0B8-3AF8-4F51-901D-614F168AF725}" = dir=in | name=xbox game bar |
"{F07F96F9-85F7-400D-A724-410CA1E7A8A3}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{F1ABC8CC-449B-479C-B55E-C99D42D8FCAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F1C23BF6-53FC-4139-8CB7-3A45C69412B4}" = dir=out | name=cortana |
"{F6F01246-4DC7-4846-8FAE-03047EB34E27}" = dir=in | name=microsoft solitaire collection |
"{F8CCC089-00B6-40E8-A9B7-8338428DC872}" = dir=out | name=dolby access |
"{FD008F96-3CE9-4846-A296-957CE8BF99A4}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.423_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} |
"{FFBEE5FD-C71A-4417-A783-8BE665252F6A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"TCP Query User{A275C5D0-B90A-43A2-996F-40B8F566A8C0}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"UDP Query User{56729873-CBAA-4860-8F8F-21C24D8ADA58}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}" = Microsoft Update Health Tools
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 376.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.34.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215
"CCleaner" = CCleaner
"ProfessionalRetail - fr-fr" = Microsoft Office Professionnel 2016 - fr-fr
"Steam App 214950" = Total War: ROME II - Emperor Edition
"Steam App 226840" = Age of Wonders III
"Steam App 273030" = Pro Rugby Manager 2015
"Steam App 8930" = Sid Meier's Civilization V
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-040C-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{d992c12e-cab2-426f-bde3-fb8c53950b0d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Avast Antivirus" = Avast Antivirus Gratuit
"Google Chrome" = Google Chrome
"Microsoft Edge" = Microsoft Edge
"Microsoft Edge Update" = Microsoft Edge Update
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam" = Steam
"steam app 8930" = Sid Meier's Civilization V
"Warcraft III" = Warcraft III

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2177330348-3112930602-530061638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Molotov" = Molotov
"OneDriveSetup.exe" = Microsoft OneDrive

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 20/04/2021 17:24:17 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455
Description = taskhostw (1388,R,98) WebCacheLocal: L erreur -1032 (0xfffffbf8) s est
produite lors de l ouverture d un fichier journal C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error - 30/04/2021 12:24:35 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264
Description =

Error - 30/04/2021 12:24:36 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264
Description =

Error - 30/04/2021 20:15:49 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 490
Description = DllHost (8864,R,98) WebCacheLocal: Une tentative d ouverture du fichier
« C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log » pour accès
en lecture/écriture a échoué en indiquant l erreur système 32 (0x00000020) : « Le
processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre
processus.  ». L opération d ouverture de fichier échouera en indiquant l erreur
-1032 (0xfffffbf8).

Error - 30/04/2021 20:15:50 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455
Description = DllHost (8864,R,98) WebCacheLocal: L erreur -1032 (0xfffffbf8) s est
produite lors de l ouverture d un fichier journal C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error - 08/05/2021 14:17:40 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264
Description =

Error - 08/05/2021 14:17:41 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264
Description =

Error - 20/05/2021 15:15:17 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 489
Description = taskhostw (2712,G,0) ?Une tentative d ouverture du fichier « C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat »
a échoué en indiquant l erreur système 32 (0x00000020) : « Le processus ne peut
pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L opération
d ouverture de fichier échouera en indiquant l erreur -1032 (0xfffffbf8).

Error - 20/05/2021 15:24:39 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455
Description = wuaueng.dll (1628,R,98) SUS20ClientDataStore: L erreur -1811 (0xfffff8ed)
s est produite lors de l ouverture d un fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0009C.log.

Error - 20/05/2021 15:55:15 | Computer Name = DESKTOP-PF6A21C | Source = VSS | ID = 8193
Description =

[ Parameters Events ]
OTL encountered an error while reading this event log. It may be corrupt.
[ State Events ]
OTL encountered an error while reading this event log. It may be corrupt.
Error - 13/05/2021 16:52:18 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 13/05/2021 16:54:18 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 13/05/2021 17:49:54 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 16/05/2021 17:11:56 | Computer Name = DESKTOP-PF6A21C | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l attente de la connexion du service Windows Search.

Error - 16/05/2021 17:11:56 | Computer Name = DESKTOP-PF6A21C | Source = Service Control Manager | ID = 7000
Description = Le service Windows Search n a pas pu démarrer en raison de l erreur :
%%1053

Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010
Description =

Error - 20/05/2021 15:20:14 | Computer Name = DESKTOP-PF6A21C | Source = EventLog | ID = 6008
Description = L arrêt système précédant à 23:55:45 le ?16/?05/?2021 n était pas
prévu.


< End of report >

Publicité

Signaler le contenu de ce document

Publicité