ÿþOTL Extras logfile created on: 20/05/2021 21:52:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\flori\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.19041.0) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,93 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 36,33% Memory free 4,62 Gb Paging File | 1,86 Gb Available in Paging File | 40,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,87 Gb Total Space | 352,54 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Drive D: | 457,38 Gb Total Space | 456,45 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Drive F: | 5,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: DESKTOP-PF6A21C | User Name: flori | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (All) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation) .hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) .js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation) .txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation) .vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) .wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- "%1" %* .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation) .cmd [@ = cmdfile] -- "%1" %* .com [@ = comfile] -- "%1" %* .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .exe [@ = exefile] -- "%1" %* .hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation) .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .pif [@ = piffile] -- "%1" %* .reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S .txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) .wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation) cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation) cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation) comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- Reg Error: Key error. inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation) jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation) jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation) regfile [open] -- regedit.exe "%1" (Microsoft Corporation) regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation) scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation) txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation) txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation) vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation) wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation) wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation) Directory [UpdateEncryptionSettings] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}] "GUID" = {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} "DISPLAYNAME" = Avast Antivirus "STATE" = 266240 "PRODUCTEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software) "REPORTINGEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software) [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}] "GUID" = {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} "DISPLAYNAME" = Windows Defender "STATE" = 393472 "PRODUCTEXE" = windowsdefender:// "REPORTINGEXE" = %ProgramFiles%\Windows Defender\MsMpeng.exe -- (Microsoft Corporation) [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{EB19B86E-3998-C706-90EF-92B41EB091AF}] "GUID" = {EB19B86E-3998-C706-90EF-92B41EB091AF} "DISPLAYNAME" = Avast Antivirus "STATE" = 266240 "PRODUCTEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software) "REPORTINGEXE" = C:\Program Files\AVAST Software\Avast\wsc_proxy.exe -- (AVAST Software) [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] "DataMigrated" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 54 F8 66 CF 73 F7 D6 01 [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Feature] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\SecurityApp\WebProtection] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{B6C5767A-9D8A-4AC5-9235-818DF89E7F22}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "{D335A956-849C-4FEB-8589-814F6178575E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft\edge\application\msedge.exe | "{EACBBF81-4BC3-4486-84F9-D954D5C70259}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0044B79E-FC9F-4E4F-9537-4E214BF2D653}" = dir=out | name=@{microsoft.zunevideo_10.21021.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{004B2850-E417-4DCA-9F01-F636F3ECA1A9}" = dir=out | name=xbox game bar plugin | "{02F21FCC-7C2C-4E99-96C2-FBE523EA549D}" = protocol=6 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{0336F55C-23C7-4361-925C-8D654834A615}" = dir=in | name=xbox one smartglass | "{0560AB1E-B3FF-4DCB-867A-EF6B4B951F29}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3_debug.exe | "{0581B0F8-676F-4693-A9ED-89C8F21935FD}" = dir=out | name=@{microsoft.mspaint_6.2105.4017.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mspaint/resources/appname} | "{05A080B5-5360-4704-AF46-BC9B1AF3191C}" = dir=out | name=@{king.com.bubblewitch3saga_7.4.22.0_x86__kgqvnymyfvs32?ms-resource://king.com.bubblewitch3saga/resources/appname} | "{09762B9C-B947-4A7E-A8E5-13729D8D3EC5}" = dir=out | name=@{microsoft.zunemusic_10.20122.11121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{0BE34E5F-42E7-469B-9FDF-E8B6E67BA044}" = dir=in | name=@{a278ab0d.disneymagickingdoms_5.9.13.0_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} | "{0C03DB64-F5A9-44E8-B03C-3DE923127D51}" = dir=in | name=cortana | "{0F50EE1A-9A6C-44EE-B091-EBF942468356}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe | "{11138F7E-74C5-46C4-A6DE-A690FE9264E9}" = dir=out | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{1C70A455-8AE4-440A-BB27-AF99301D6879}" = dir=in | name=@{microsoft.desktopappinstaller_1.4.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{1C8E10B0-2589-4ADC-AD68-7070C02190C6}" = dir=out | name=@{microsoft.lockapp_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{22B8EBB0-0639-41C8-8811-598721330549}" = dir=out | name=@{microsoft.xboxapp_48.76.8001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{22BE9A12-815E-49EA-B366-E2B3AA8CF7AE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{23A6D5AA-C55D-44AC-B3BD-F06D3C0AD591}" = dir=out | name=@{microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscalculator/resources/appstorename} | "{23EE7AAF-1C36-42E0-B7BF-987AFC87800B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pro rugby manager 2015\rugby.exe | "{24D48F10-2ECD-4EA7-B044-ADC08817E5A6}" = dir=out | name=windows_ie_ac_001 | "{263708D6-DC2D-48B7-8BF2-3F390E687DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | "{28929A4C-F912-45DE-A342-08E20EE0C6C2}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe | "{2A898567-7CB4-46E8-AC24-DBF3D9037AB4}" = dir=in | name=@{microsoft.zunevideo_10.21021.10311.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{2C0B0CB5-129B-45C8-985A-C58CF3B80927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe | "{2C99F655-D94D-467B-9A44-B0645D14808A}" = dir=out | name=@{microsoft.windows.sechealthui_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.sechealthui/resources/packagedisplayname} | "{3013D2B7-F0BD-4BCB-98BB-161B44C22C56}" = dir=out | name=@{microsoft.microsoft3dviewer_7.2105.4012.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoft3dviewer/common.view.uwp/resources/storeappname} | "{318E866F-FC34-41D8-AA33-114DEC2E243F}" = dir=out | name=@{microsoft.getstarted_10.1.40561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{324445C8-D66F-408B-BABD-3A2B228C5990}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe | "{3341AAD3-7DA1-4581-AB9B-AF468E0871AE}" = dir=out | name=@{a278ab0d.marchofempires_5.5.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} | "{334E186A-1943-40B7-A367-35D80B9CA17E}" = dir=in | name=@{microsoft.xboxapp_48.76.8001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxapp/xboxapp.resource/resources/app_title} | "{33574784-A06E-4C84-806E-A168D63AA184}" = dir=out | name=@{microsoft.people_10.1909.12456.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{336BA5C3-FD93-4BE2-8DBF-EFBEFC09213B}" = dir=out | name=@{microsoft.desktopappinstaller_1.4.3161.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.desktopappinstaller/resources/appdisplayname} | "{3BE8C916-E439-465D-A2D9-B359D182C1D5}" = dir=out | name=microsoft edge | "{3DB01A02-9570-4806-AA0D-DD7DEC7DD708}" = dir=in | name=dolby access | "{3E2674E9-293F-4421-B138-5A1A1C33E998}" = dir=out | name=xbox game bar | "{41328CCA-120F-42F7-B5E6-B0A17D15E906}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe | "{419B54E4-995B-4840-81CD-19C774278D39}" = dir=out | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{47D4BA7B-796D-4FA8-AEF0-B11AB89FC605}" = protocol=17 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{49F1E503-FB74-44BA-BE47-5CDA05002B96}" = dir=in | name=@{microsoft.yourphone_1.21042.95.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{4AC4C453-31BD-4721-9003-29A2469AA15F}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{4ADCA692-2EC2-49B0-AD7A-B51BA2D1C97F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | "{4C6BA7CE-2C8F-4F99-BEF6-411DF725957F}" = dir=out | name=@{microsoft.mixedreality.portal_2000.21041.1051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.mixedreality.portal/resources/pkgdisplayname} | "{4CECDE43-FEBC-4988-969F-3CB5E68BF917}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{5095B345-59FE-4381-B687-81025D669687}" = dir=in | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{50A9DC73-34B3-494E-9266-9FC1D119E673}" = dir=out | name=@{microsoft.windowscamera_2021.105.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscamera/lenssdk/resources/appstorename} | "{51392208-9530-466F-81DE-8381BAEB8F56}" = dir=in | name=print 3d | "{525890A5-9BA2-4395-803E-098FE28F7876}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe | "{5401C6C4-40E7-45C1-A41D-C11A618A8FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{54E6A165-E0E3-493C-AA1E-8A6A95278D6D}" = dir=out | name=@{microsoft.storepurchaseapp_12103.1001.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.storepurchaseapp/resources/displaytitle} | "{5514D19B-C5D4-4AA4-A37B-279239163454}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{57C85AB0-1A63-4BA5-8505-6650B74BA8C6}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{594292D1-C98E-4EFE-B9BD-58010F6284F4}" = dir=out | name=@{microsoft.microsoftstickynotes_3.8.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{5968D68D-3EED-4D41-AB5E-E2CC01AD8608}" = dir=out | name=microsoft solitaire collection | "{5986E4CB-108A-476F-A31B-94536E157E12}" = dir=in | name=@{microsoft.microsoftedge_44.19041.423.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{59C0017A-DB4C-4391-99EF-0BFCC1CC5369}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{638E9156-48F7-4282-9C97-FE9C0BD280DB}" = dir=in | name=onenote for windows 10 | "{655EE6A8-09CC-4EE1-BE3D-1EE67256D229}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe | "{660219F7-3EB5-4DC6-88D7-F0C0A8D813B3}" = dir=out | name=windows feature experience pack | "{66ACBB93-1A0F-4A66-8743-90580A2DA81B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3launcher.exe | "{67A57DAE-D2CE-462A-AC10-163F878F3148}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe | "{67AC90C4-F17C-46DA-AB40-B9112BE5FB4C}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.2009.10055.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{6AD3DBB1-5BC4-4D8F-94B3-DC8A8F1E774B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{6FE6CC01-6109-4A98-A624-2EA612C7E8C3}" = dir=out | name=autodesk sketchbook | "{73479E7D-DA5B-4831-9105-E892E69F4ACB}" = dir=out | name=candy crush soda saga | "{74E94935-A175-48EF-B56F-6EE34BF5C4EE}" = dir=out | name=@{microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{760C3556-C010-4B2A-9763-D7A430EF64F1}" = dir=out | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{78BFE28B-33AF-4BF6-95FC-69AAB875D4F0}" = dir=out | name=@{a278ab0d.disneymagickingdoms_5.9.13.0_x86__h6adky7gbf63m?ms-resource://a278ab0d.disneymagickingdoms/resources/applicationname} | "{78E91E8B-1148-4B7F-AF55-8061CF8545B4}" = dir=out | name=@{microsoft.accountscontrol_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{7FD88606-12C3-49E8-A82C-B5CAF69F758B}" = protocol=6 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe | "{81B866D3-B7FF-499A-AD2D-48F242C15081}" = dir=in | name=@{a278ab0d.marchofempires_5.5.1.1_x86__h6adky7gbf63m?ms-resource://a278ab0d.marchofempires/resources/marchofempires} | "{82034129-1595-43B9-813E-5BE73548F08E}" = dir=in | name=@{microsoft.zunemusic_10.20122.11121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{837B424E-25EC-4CE7-A083-A940FC0344A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3.exe | "{83B85B94-F81F-436D-A900-B5E3216C0DC0}" = dir=out | name=ncsiuwpapp | "{84BA575A-8716-40FC-9A35-0692578105CB}" = dir=out | name=@{microsoft.bingweather_4.46.31121.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{891C37F0-658D-4B25-919F-152C1CCBCD67}" = dir=out | name=office | "{8C74AE5F-83C5-4ADD-8495-E9E496F56983}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pro rugby manager 2015\rugby.exe | "{8C90A605-69DE-44CE-A6DC-53A0C8BC1932}" = dir=out | name=xbox one smartglass | "{9628A62F-1619-41C6-BB89-A4E84BAFEAB4}" = dir=in | name=@{microsoft.microsoftstickynotes_3.8.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftstickynotes/resources/stickynotesstoreappname} | "{9A764E8F-2BC3-4862-AA6A-922DBC066668}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{9AD2EC5E-97D6-496D-B8C4-CB72606D0FDA}" = protocol=6 | dir=in | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{9AF25A20-F72B-4E79-9332-F8F30D0E43A2}" = dir=out | name=@{microsoft.gethelp_10.2102.40951.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.gethelp/resources/appdisplayname} | "{9BFFDB1A-259E-4E3A-A5B3-C11B422CA49E}" = dir=out | name=@{microsoft.bingnews_4.54.22741.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithtagline} | "{9D1A6AA2-2F85-42EB-9DF3-7B72E7B56B2A}" = dir=in | name=@{microsoft.windows.photos_2020.20120.4004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{9EABBA2A-CF8C-405A-AB26-6A4D57C4170F}" = dir=out | name=@{microsoft.yourphone_1.21042.95.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.yourphone/resources/appname} | "{A135197F-E58D-4802-8E51-C592834E3415}" = dir=in | name=@{microsoft.windows.startmenuexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.startmenuexperiencehost/startmenuexperiencehost/pkgdisplayname} | "{A2E77454-0A9E-465E-A0D3-FF86419B0AF5}" = dir=in | name=skype | "{A4839A76-745E-436C-A600-433C55658696}" = dir=out | name=@{microsoft.windows.peopleexperiencehost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.peopleexperiencehost/resources/pkgdisplayname} | "{A9C78B98-AD0A-43A1-8F75-418C48ED4D81}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\itunes.exe | "{AAC38AF2-A7D3-467E-9ED4-0F35F142C495}" = dir=out | name=@{microsoft.win32webviewhost_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.win32webviewhost/resources/displayname} | "{AAC8405B-28DD-4727-ACBB-F8DF7DE2CC22}" = dir=out | name=microsoft pay | "{ACC5DF91-0C69-44FD-90B9-3FF83BAA722F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3_debug.exe | "{ADB12495-FB31-4FA9-A17B-FB6524FB32FB}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{ADBF007F-7B49-4AC7-A94F-BA8094A7DE9E}" = dir=out | name=@{microsoft.xboxidentityprovider_12.67.21001.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{ADD212F6-F942-4615-94CB-05413CD99F34}" = dir=out | name=@{microsoft.windows.photos_2020.20120.4004.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{B2A9C6A3-45F8-4639-86EB-60431FC5D3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe | "{B734F063-30A6-4B83-ABF2-E1365079353D}" = dir=out | name=@{microsoft.windowsmaps_10.2101.9.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{BA782867-7B34-4984-AC63-11F42B868442}" = dir=out | name=onenote for windows 10 | "{BC22F521-458C-46CF-BB3C-9CF395EF54D1}" = dir=in | name=autodesk sketchbook | "{C03A4E05-03DF-45C7-B800-5DC940E821FA}" = protocol=17 | dir=out | app=c:\program files\windowsapps\microsoft.skypeapp_15.68.96.0_x86__kzf8qxf38zg5c\skype\skype.exe | "{C0B31AAA-8CDA-4B32-80A5-4F7D420B7998}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe | "{C1DB96DD-6EC2-410B-BD1A-65FC3E6F9DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3.exe | "{C66ABCBE-B87C-4EB5-B799-1B38ECD6B375}" = dir=out | name=print 3d | "{C742DD67-BB4A-458C-B263-EC779CA465F2}" = dir=out | name=@{microsoft.windows.oobenetworkcaptiveportal_10.0.19041.423_neutral__cw5n1h2txyewy?ms-resource://microsoft.windows.oobenetworkcaptiveportal/resources/appdisplayname} | "{CA7E9BC2-E624-45F0-8493-B4B6EDEFEFEE}" = dir=in | name=@{microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{CB0EF4F5-DF03-4130-B39F-C6FD80D947BB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe | "{CC29D226-A7E0-4152-979F-5B3D62D7C850}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{CCAE44C5-E103-49A4-8145-4578284E5679}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.19041.423.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{CD0FB304-7872-4F17-B894-8D9C270C28F7}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{CD93B194-F85F-4489-8725-F4F5DBB0F725}" = dir=out | name=xbox tcui | "{CE42CD86-A279-448E-B818-2BC57F7FA61B}" = dir=out | name=@{microsoft.windowsstore_12104.1001.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{CF234113-D28C-4479-B099-3657BB5C7B26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7x64\steamwebhelper.exe | "{D2171876-5E31-4A8D-913C-AD788E1518B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{D6BFA4B6-1FFA-47A1-B599-6812DBD47C1B}" = dir=out | name=skype | "{D83A2EAC-8A87-4E8F-9F53-00D44B1C5E5E}" = dir=in | name=@{microsoft.windows.search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.search/resources/packagedisplayname} | "{D96561DD-2634-4C6D-9F26-C4C9CB15D5B0}" = dir=in | name=candy crush soda saga | "{DCAA9E57-0AA2-4C38-BF04-EAB2135790B2}" = dir=in | name=microsoft edge | "{DF27FCBA-3C13-4A1A-9715-9C7FF69EEAFF}" = protocol=17 | dir=in | app=c:\program files\windowsapps\appleinc.itunes_12113.17.53090.0_x64__nzyj5cx40ttqa\amds64\applemobiledeviceprocess.exe | "{E3E6B09A-0F2B-4A53-BA00-CCF57A251BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launchpad\launchpad.exe | "{E56AC0AE-23E5-4BD5-888E-70BCD3E5D866}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aow3\aow3launcher.exe | "{E8216669-42EE-4F54-A224-E761FBB1DBD1}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{EF28D0B8-3AF8-4F51-901D-614F168AF725}" = dir=in | name=xbox game bar | "{F07F96F9-85F7-400D-A724-410CA1E7A8A3}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{F1ABC8CC-449B-479C-B55E-C99D42D8FCAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{F1C23BF6-53FC-4139-8CB7-3A45C69412B4}" = dir=out | name=cortana | "{F6F01246-4DC7-4846-8FAE-03047EB34E27}" = dir=in | name=microsoft solitaire collection | "{F8CCC089-00B6-40E8-A9B7-8338428DC872}" = dir=out | name=dolby access | "{FD008F96-3CE9-4846-A296-957CE8BF99A4}" = dir=out | name=@{microsoft.windows.narratorquickstart_10.0.19041.423_neutral_neutral_8wekyb3d8bbwe?ms-resource://microsoft.windows.narratorquickstart/resources/appdisplayname} | "{FFBEE5FD-C71A-4417-A783-8BE665252F6A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "TCP Query User{A275C5D0-B90A-43A2-996F-40B8F566A8C0}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe | "UDP Query User{56729873-CBAA-4860-8F8F-21C24D8ADA58}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component "{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}" = Microsoft Update Health Tools "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 376.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 376.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 376.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.34.17 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 "CCleaner" = CCleaner "ProfessionalRetail - fr-fr" = Microsoft Office Professionnel 2016 - fr-fr "Steam App 214950" = Total War: ROME II - Emperor Edition "Steam App 226840" = Age of Wonders III "Steam App 273030" = Pro Rugby Manager 2015 "Steam App 8930" = Sid Meier's Civilization V "VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component "{90160000-008C-040C-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{d992c12e-cab2-426f-bde3-fb8c53950b0d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 "{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Avast Antivirus" = Avast Antivirus Gratuit "Google Chrome" = Google Chrome "Microsoft Edge" = Microsoft Edge "Microsoft Edge Update" = Microsoft Edge Update "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Steam" = Steam "steam app 8930" = Sid Meier's Civilization V "Warcraft III" = Warcraft III [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-2177330348-3112930602-530061638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Molotov" = Molotov "OneDriveSetup.exe" = Microsoft OneDrive [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 20/04/2021 17:24:17 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455 Description = taskhostw (1388,R,98) WebCacheLocal: L erreur -1032 (0xfffffbf8) s est produite lors de l ouverture d un fichier journal C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error - 30/04/2021 12:24:35 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264 Description = Error - 30/04/2021 12:24:36 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264 Description = Error - 30/04/2021 20:15:49 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 490 Description = DllHost (8864,R,98) WebCacheLocal: Une tentative d ouverture du fichier « C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log » pour accès en lecture/écriture a échoué en indiquant l erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L opération d ouverture de fichier échouera en indiquant l erreur -1032 (0xfffffbf8). Error - 30/04/2021 20:15:50 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455 Description = DllHost (8864,R,98) WebCacheLocal: L erreur -1032 (0xfffffbf8) s est produite lors de l ouverture d un fichier journal C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error - 08/05/2021 14:17:40 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264 Description = Error - 08/05/2021 14:17:41 | Computer Name = DESKTOP-PF6A21C | Source = Microsoft-Windows-Defrag | ID = 264 Description = Error - 20/05/2021 15:15:17 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 489 Description = taskhostw (2712,G,0) ?Une tentative d ouverture du fichier « C:\Users\flori\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat » a échoué en indiquant l erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L opération d ouverture de fichier échouera en indiquant l erreur -1032 (0xfffffbf8). Error - 20/05/2021 15:24:39 | Computer Name = DESKTOP-PF6A21C | Source = ESENT | ID = 455 Description = wuaueng.dll (1628,R,98) SUS20ClientDataStore: L erreur -1811 (0xfffff8ed) s est produite lors de l ouverture d un fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb0009C.log. Error - 20/05/2021 15:55:15 | Computer Name = DESKTOP-PF6A21C | Source = VSS | ID = 8193 Description = [ Parameters Events ] OTL encountered an error while reading this event log. It may be corrupt. [ State Events ] OTL encountered an error while reading this event log. It may be corrupt. Error - 13/05/2021 16:52:18 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 13/05/2021 16:54:18 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 13/05/2021 17:49:54 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 16/05/2021 17:11:56 | Computer Name = DESKTOP-PF6A21C | Source = Service Control Manager | ID = 7009 Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de l attente de la connexion du service Windows Search. Error - 16/05/2021 17:11:56 | Computer Name = DESKTOP-PF6A21C | Source = Service Control Manager | ID = 7000 Description = Le service Windows Search n a pas pu démarrer en raison de l erreur : %%1053 Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 16/05/2021 17:57:57 | Computer Name = DESKTOP-PF6A21C | Source = DCOM | ID = 10010 Description = Error - 20/05/2021 15:20:14 | Computer Name = DESKTOP-PF6A21C | Source = EventLog | ID = 6008 Description = L arrêt système précédant à 23:55:45 le ?16/?05/?2021 n était pas prévu. < End of report >